Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Internetverbindung wird ständig selbstständig unterbrochen (https://www.trojaner-board.de/90238-internetverbindung-staendig-selbststaendig-unterbrochen.html)

Rainer2 30.08.2010 21:15
Internetverbindung wird ständig selbstständig unterbrochen
 
Hallo,

ich habe mir vor ein paar Tagen etwas eingefangen. Seitdem wird ständig die Internetverbindung unterbrochen. Das kann manchmal nach einer Stunde geschehen, manchmal aber auch alle paar Minuten. Fast immer, wenn ich Outlook-Express starte, fliege ich erstmal raus. Aber auch beim Firefox gibt es damit Probleme.

Unten das Logfile von HijackThis und Malwarebytes.

Danke und viele Grüße,

Rainer
HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:01:51, on 30.08.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programme\Norman\Npm\Bin\Elogsvc.exe
C:\Programme\Norman\Ngs\Bin\Nnf.exe
C:\Programme\Norman\Ngs\Bin\Nprosec.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Norman\Npm\Bin\Zanda.exe
C:\Programme\Norman\npm\bin\nvoy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programme\Norman\Npm\Bin\ZLH.EXE
C:\Programme\T-DSL SpeedManager\SpeedMgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
C:\Programme\Corel\Corel MediaOne\CorelIOMonitor.exe
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Norman\Npm\Bin\scheduler.exe
C:\Programme\Norman\Npm\Bin\Njeeves.exe
C:\Programme\Norman\nse\bin\NSESVC.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Norman\Nvc\Bin\nvcoas.exe
C:\Programme\Norman\Nvc\Bin\Nip.exe
C:\Programme\T-DSL SpeedManager\tsmsvc.exe
C:\Programme\Norman\Nvc\Bin\cclaw.exe
C:\Programme\Outlook Express\msimn.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\CToolbar.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll
R3 - URLSearchHook: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll
R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: SparweltGutscheinAlarm.Sparwelt_Gutschein_Tool - {10945114-b19f-4614-8450-b25e444a1020} - mscoree.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programme\Crawler\ctbr.dll
O2 - BHO: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll
O2 - BHO: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll
O2 - BHO: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll
O3 - Toolbar: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programme\Crawler\ctbr.dll
O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programme\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Programme\Corel\Corel MediaOne\Corel PhotoDownloader.exe" -startup
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Programme\Corel\Corel MediaOne\CorelIOMonitor.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Icmblt] C:\Dokumente und Einstellungen\User\Anwendungsdaten\Adobe\Update\widvid.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Öffnen mit PDF Genie 3 - {722FE9B2-6895-42D9-9984-F4CB26616023} - C:\Programme\DATA BECKER\PDF Genie 3.0\pdfshell.dll
O9 - Extra 'Tools' menuitem: Öffnen mit PDF Genie 3 - {722FE9B2-6895-42D9-9984-F4CB26616023} - C:\Programme\DATA BECKER\PDF Genie 3.0\pdfshell.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A6AC65B-5C4A-42F4-BE0B-667259779C59}: NameServer = 217.0.43.177 217.0.43.161
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programme\Crawler\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programme\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Norman Network Filtering service (NNFSVC) - Norman ASA - C:\Programme\Norman\Ngs\Bin\Nnf.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Programme\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Programme\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Programme\Norman\Ngs\Bin\Nprosec.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Programme\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programme\Norman\Nvc\Bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Programme\Norman\Npm\Bin\Nvcsched.exe (file missing)
O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Programme\Norman\npm\bin\nvoy.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Programme\Norman\Npm\Bin\scheduler.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe
O23 - Service: WPEServ - soft Xpansion - C:\Programme\Gemeinsame Dateien\WPE\wpeserv.exe
 
--
End of file - 9854 bytes
--- --- ---


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4509

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

30.08.2010 21:18:14
mbam-log-2010-08-30 (21-18-14).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 380373
Laufzeit: 2 Stunde(n), 11 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\helper (Trojan.Agent) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\User\Anwendungsdaten\Adobe\Update\flacor.dat (Trojan.Agent) -> No action taken.
C:\Dokumente und Einstellungen\User\Anwendungsdaten\Helper\bin\liveu.exe (Trojan.Agent) -> No action taken.

Hallo,

habe noch etwas vergessen, was gerade wieder aufgetreten ist. Etwa einmal am Tag bekomme ich ein kleines Warnfenster, wo drinnen steht, das System muss heruntergefahren werden, speichern sie bitte alles ab. Dann läuft eine Uhr rückwärts, von 30 Sekunden bis Null. Bei Null fährt das System runter, ohne das ich es verhindern kann.

Viele Grüße,

Rainer

cosinus 31.08.2010 08:38
Hallo und :hallo:

Zitat:
Fast immer, wenn ich Outlook-Express starte
Ich würd ja einen vernünftigen Mailclient nehmen. Sowas wie Mozilla Thunderbird...


Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Rainer2 31.08.2010 17:26
Hallo Arne,

danke für die Hilfe!

Ich bin leider das Outlook-Express gewöhnt. Bei einem anderen müsste ich mich erst einarbeiten.

Unten also die zwei gewünschten Logfiles.

Viele Grüße,

RainerOTL Logfile:
Code:
OTL Extras logfile created on: 31.08.2010 18:03:55 - Run 5
OTL by OldTimer - Version 3.2.11.0    Folder = C:\Dokumente und Einstellungen\User\Eigene Dateien
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,04 Gb Total Space | 0,95 Gb Free Space | 0,64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NAME-9CF4F91750
Current User Name: User
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Betrachten mit XnView] -- "C:\Programme\XnView\xnview.exe" "%1" (XnView, XnView Software - Free graphic and photo viewer, converter, organizer)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Bayern 3D\Bayern3D.exe" = C:\Programme\Bayern 3D\Bayern3D.exe:*:Enabled:Bayern3D -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3
"{00020407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Standard
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FFBEF6F-98F3-4EEA-8103-7A85C1017D20}" = Geogrid®-Viewer
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{3C569633-C8DE-46E2-BB8F-F65198681C2F}" = Corel MediaOne
"{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACBBFC6-3F39-48DE-8D85-182736B2749B}" = Garmin MapSource
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5943B7F7-678B-477E-9AEE-6E4C6962322B}" = Sparwelt.de Gutschein Alarm
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5C161FB3-7E16-4771-9314-06FB37F3BBA7}" = Top50 V5 Viewer
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{641FE800-650B-4E99-A304-9D50E7235BAF}" = Topo Deutschland v2
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79546A5F-AE7C-4693-8670-A3401B43ABD2}" = HP Deskjet 5900 series
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{8234A27D-C5A4-4F84-8718-3BF34BCFC89F}" = JourneySoftwarePromo
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5222E5A-13CB-4C98-9F5C-21CF6896A25C}" = HPDeskjet5900Series
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AF600F7B-67A7-48D9-BA3B-0FF97F35F970}" = ABBYY FineReader 6.0 Professional
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BA9C8A3B-7A17-4A52-9F11-A6E823EE4305}" = Google SketchUp 7
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C2D129C0-7508-11DF-9F1B-005056806466}" = Google Earth
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C3896A21-47E5-4B40-9E90-529C1D6EDDF5}" = PDF Genie 3.0
"{C7C82ED1-E5AD-48CF-8B92-38DD9B49610C}" = Garmin TOPO Deutschland 2010
"{C8B34404-2E52-4C1F-A2B7-D26E46E5974D}" = Norman Security Suite
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5484836-E51C-4423-A663-12B9DDD50DE6}" = Garmin BaseCamp
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Photo Commander 7_is1" = Ashampoo Photo Commander 7.60
"Bayern 3D" = Bayern 3D
"CCleaner" = CCleaner
"CToolbar_UNINSTALL" = Crawler Toolbar with Web Security Guard
"Defraggler" = Defraggler
"Dr. Hardware 2009_is1" = Dr. Hardware 2009 9.9.5d
"Exif-Viewer" = Exif-Viewer 2.50
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Helicon Filter_is1" = Helicon Filter 4.93.2
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Photo & Imaging" = HP Image Zone 5.0
"HP PrecisionScan LTX" = HP PrecisionScan LTX
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"HPExtendedCapabilities" = HP Extended Capabilities 5.0
"Hugin_is1" = Hugin 0.7.0 (SVN 3465)
"Hugin_release_is1" = Hugin 2009.4.0
"ie8" = Windows Internet Explorer 8
"Image Analyzer" = Image Analyzer
"ImageConverter Plus_is1" = ImageConverter Plus 8.0
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maniac Mansion Deluxe" = Maniac Mansion Deluxe
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyAshampoo Toolbar" = MyAshampoo Toolbar
"PC Wizard 2009_is1" = PC Wizard 2009.1.88
"PhotoME_is1" = PhotoME
"Picasa 3" = Picasa 3
"ShiftN_is1" = ShiftN 3.5
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Speccy" = Speccy
"Tank Blaster II" = Tank Blaster II
"TDSLSM" = T-DSL SpeedManager
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.8
"Winload Toolbar" = Winload Toolbar
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XnView_is1" = XnView 1.97.6
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Gnumeric" = Gnumeric Spreadsheet 1.9.1-win32-20080505
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 02.05.2010 15:54:15 | Computer Name = NAME-9CF4F91750 | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/05/02 21:54:14]  --------------------------------------------------------
Application:
 NVC On-access Scanner  Node address: 217.228.96.11  --------------------------------------------------------

Warning
 message:  Virus missing:  Virus name: 'Smalltroj.YLOT'  File infected: C:/Alte Daten/Drive(F)/System
 Volume Information/_restore{4EA7DCED-C474-4611-AD9D-054543A1C373}/RP992/A0478724.dll
File
 quarantined: C:/Alte Daten/Drive(F)/System Volume Information/_restore{4EA7DCED-C474-4611-AD9D-054543A1C373}/RP992/A0478724.dll
Login
 information: User 'SYSTEM' on host 'NAME-9CF4F91750'.
 
Error - 02.05.2010 15:54:15 | Computer Name = NAME-9CF4F91750 | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/05/02 21:54:14]  --------------------------------------------------------
Application:
 NVC On-access Scanner  Node address: 217.228.96.11  --------------------------------------------------------

Warning
 message:  Virus missing:  Virus name: 'Smalltroj.YLOT'  File infected: C:/Alte Daten/Drive(F)/System
 Volume Information/_restore{4EA7DCED-C474-4611-AD9D-054543A1C373}/RP992/A0478734.dll
File
 quarantined: C:/Alte Daten/Drive(F)/System Volume Information/_restore{4EA7DCED-C474-4611-AD9D-054543A1C373}/RP992/A0478734.dll
Login
 information: User 'SYSTEM' on host 'NAME-9CF4F91750'.
 
Error - 02.05.2010 16:04:05 | Computer Name = NAME-9CF4F91750 | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/05/02 22:04:05]  --------------------------------------------------------
Application:
 NVC On-access Scanner  Node address: 217.228.96.11  --------------------------------------------------------

Warning
 message:  Virus missing:  Virus name: 'Smalltroj.YLOT'  File infected: C:/Alte Daten/Drive(F)/Windows/ie8updates/KB969897-IE8/wininet.dll
File
 quarantined: C:/Alte Daten/Drive(F)/Windows/ie8updates/KB969897-IE8/wininet.dll
Login
 information: User 'SYSTEM' on host 'NAME-9CF4F91750'.
 
Error - 02.05.2010 16:28:05 | Computer Name = NAME-9CF4F91750 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3743, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 02.05.2010 16:28:05 | Computer Name = NAME-9CF4F91750 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3743, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 02.05.2010 16:51:41 | Computer Name = NAME-9CF4F91750 | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/05/02 22:51:41]  --------------------------------------------------------
Application:
 NVC On-access Scanner  Node address: 217.228.96.11  --------------------------------------------------------

Warning
 message:  Virus missing:  Virus name: 'Smalltroj.YLOT'  File infected: C:/System Volume
 Information/_restore{3DBDB387-7509-4FD8-9380-E70EF9D34BF9}/RP260/A0052456.dll  File
 quarantined: C:/System Volume Information/_restore{3DBDB387-7509-4FD8-9380-E70EF9D34BF9}/RP260/A0052456.dll
Login
 information: User 'SYSTEM' on host 'NAME-9CF4F91750'.
 
Error - 02.05.2010 16:51:41 | Computer Name = NAME-9CF4F91750 | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/05/02 22:51:41]  --------------------------------------------------------
Application:
 NVC On-access Scanner  Node address: 217.228.96.11  --------------------------------------------------------

Warning
 message:  Virus missing:  Virus name: 'Smalltroj.YLOT'  File infected: C:/System Volume
 Information/_restore{3DBDB387-7509-4FD8-9380-E70EF9D34BF9}/RP260/A0052458.dll  File
 quarantined: C:/System Volume Information/_restore{3DBDB387-7509-4FD8-9380-E70EF9D34BF9}/RP260/A0052458.dll
Login
 information: User 'SYSTEM' on host 'NAME-9CF4F91750'.
 
Error - 02.05.2010 16:51:41 | Computer Name = NAME-9CF4F91750 | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/05/02 22:51:41]  --------------------------------------------------------
Application:
 NVC On-access Scanner  Node address: 217.228.96.11  --------------------------------------------------------

Warning
 message:  Virus missing:  Virus name: 'Smalltroj.YLOT'  File infected: C:/System Volume
 Information/_restore{3DBDB387-7509-4FD8-9380-E70EF9D34BF9}/RP260/A0052459.dll  File
 quarantined: C:/System Volume Information/_restore{3DBDB387-7509-4FD8-9380-E70EF9D34BF9}/RP260/A0052459.dll
Login
 information: User 'SYSTEM' on host 'NAME-9CF4F91750'.
 
Error - 02.05.2010 16:51:41 | Computer Name = NAME-9CF4F91750 | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/05/02 22:51:41]  --------------------------------------------------------
Application:
 NVC On-access Scanner  Node address: 217.228.96.11  --------------------------------------------------------

Warning
 message:  Virus missing:  Virus name: 'Smalltroj.YLOT'  File infected: C:/System Volume
 Information/_restore{3DBDB387-7509-4FD8-9380-E70EF9D34BF9}/RP260/A0052457.dll  File
 quarantined: C:/System Volume Information/_restore{3DBDB387-7509-4FD8-9380-E70EF9D34BF9}/RP260/A0052457.dll
Login
 information: User 'SYSTEM' on host 'NAME-9CF4F91750'.
 
Error - 02.05.2010 17:05:03 | Computer Name = NAME-9CF4F91750 | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/05/02 23:05:03]  --------------------------------------------------------
Application:
 NVC On-access Scanner  Node address: 217.228.96.11  --------------------------------------------------------

Warning
 message:  Virus missing:  Virus name: 'Smalltroj.YLOT'  File infected: C:/WINDOWS/ie8updates/KB972260-IE8/wininet.dll
File
 quarantined: C:/WINDOWS/ie8updates/KB972260-IE8/wininet.dll  Login information: User
 'SYSTEM' on host 'NAME-9CF4F91750'.
 
[ OSession Events ]
Error - 28.12.2009 04:02:15 | Computer Name = NAME-9CF4F91750 | Source = Microsoft Office 12 Sessions | ID = 7001
Description =
 
Error - 28.12.2009 04:03:15 | Computer Name = NAME-9CF4F91750 | Source = Microsoft Office 12 Sessions | ID = 7001
Description =
 
Error - 28.12.2009 04:03:31 | Computer Name = NAME-9CF4F91750 | Source = Microsoft Office 12 Sessions | ID = 7001
Description =
 
[ System Events ]
Error - 21.08.2010 09:30:48 | Computer Name = NAME-9CF4F91750 | Source = Print | ID = 6161
Description = Das Dokument Microsoft Word - Dokument2, im Besitz von User, konnte
 nicht auf dem Drucker PDF Genie 3 gedruckt werden. Datentyp: NT EMF 1.008. Größe
 der Warteschlangendatei in Bytes: 1507328. Anzahl der gedruckten Bytes: 1507328.
 Gesamtanzahl der Seiten des Dokuments: 1. Anzahl der gedruckten Seiten: 0. Clientcomputer:
 \\NAME-9CF4F91750. Vom Druckprozessor zurückgelieferter Win32-Fehlercode: 0 (0x0).
 
 
Error - 21.08.2010 09:31:12 | Computer Name = NAME-9CF4F91750 | Source = Print | ID = 6161
Description = Das Dokument Microsoft Word - Bäume.doc, im Besitz von User, konnte
 nicht auf dem Drucker PDF Genie 3 gedruckt werden. Datentyp: NT EMF 1.008. Größe
 der Warteschlangendatei in Bytes: 1507328. Anzahl der gedruckten Bytes: 1507328.
 Gesamtanzahl der Seiten des Dokuments: 1. Anzahl der gedruckten Seiten: 0. Clientcomputer:
 \\NAME-9CF4F91750. Vom Druckprozessor zurückgelieferter Win32-Fehlercode: 0 (0x0).
 
 
Error - 26.08.2010 14:08:26 | Computer Name = NAME-9CF4F91750 | Source = Print | ID = 6161
Description = Das Dokument Microsoft Word - Bäume.doc, im Besitz von User, konnte
 nicht auf dem Drucker PDF Genie 3 gedruckt werden. Datentyp: NT EMF 1.008. Größe
 der Warteschlangendatei in Bytes: 11599872. Anzahl der gedruckten Bytes: 11599872.
 Gesamtanzahl der Seiten des Dokuments: 8. Anzahl der gedruckten Seiten: 0. Clientcomputer:
 \\NAME-9CF4F91750. Vom Druckprozessor zurückgelieferter Win32-Fehlercode: 0 (0x0).
 
 
Error - 28.08.2010 16:05:19 | Computer Name = NAME-9CF4F91750 | Source = Print | ID = 6161
Description = Das Dokument Microsoft Word - Bäume1.doc, im Besitz von User, konnte
 nicht auf dem Drucker PDF Genie 3 gedruckt werden. Datentyp: NT EMF 1.008. Größe
 der Warteschlangendatei in Bytes: 4390912. Anzahl der gedruckten Bytes: 4390912.
 Gesamtanzahl der Seiten des Dokuments: 1. Anzahl der gedruckten Seiten: 0. Clientcomputer:
 \\NAME-9CF4F91750. Vom Druckprozessor zurückgelieferter Win32-Fehlercode: 0 (0x0).
 
 
Error - 29.08.2010 03:21:35 | Computer Name = NAME-9CF4F91750 | Source = Print | ID = 6161
Description = Das Dokument Microsoft Word - Bäume1.doc, im Besitz von User, konnte
 nicht auf dem Drucker PDF Genie 3 gedruckt werden. Datentyp: NT EMF 1.008. Größe
 der Warteschlangendatei in Bytes: 8716288. Anzahl der gedruckten Bytes: 8716288.
 Gesamtanzahl der Seiten des Dokuments: 2. Anzahl der gedruckten Seiten: 0. Clientcomputer:
 \\NAME-9CF4F91750. Vom Druckprozessor zurückgelieferter Win32-Fehlercode: 0 (0x0).
 
 
 
< End of report >
--- --- ---
OTL Logfile:
Code:
OTL logfile created on: 31.08.2010 18:03:55 - Run 5
OTL by OldTimer - Version 3.2.11.0    Folder = C:\Dokumente und Einstellungen\User\Eigene Dateien
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,04 Gb Total Space | 0,95 Gb Free Space | 0,64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NAME-9CF4F91750
Current User Name: User
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\User\Eigene Dateien\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Norman\nvc\bin\Nvcoas.exe (Norman ASA)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Norman\ngs\bin\nnf.exe (Norman ASA)
PRC - C:\Programme\Norman\Nse\Bin\Nsesvc.exe (Norman ASA)
PRC - C:\Programme\Crawler\CToolbar.exe (Crawler.com)
PRC - C:\Programme\Norman\Npm\Bin\Zanda.exe (Norman ASA)
PRC - C:\Programme\Norman\ngs\bin\nprosec.exe (Norman ASA)
PRC - C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Programme\Norman\Npm\Bin\nvoy.exe (Norman ASA)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Norman\Npm\Bin\Zlh.exe (Norman ASA)
PRC - C:\Programme\Norman\nvc\bin\Nip.exe (Norman ASA)
PRC - C:\Programme\Norman\Npm\Bin\scheduler.exe (Norman ASA)
PRC - C:\Programme\Norman\Npm\Bin\elogsvc.exe (Norman ASA)
PRC - C:\Programme\Norman\nvc\bin\CClaw.exe (Norman ASA)
PRC - C:\Programme\Norman\Npm\Bin\Njeeves.exe (Norman ASA)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Outlook Express\msimn.exe (Microsoft Corporation)
PRC - C:\Programme\Corel\Corel MediaOne\CorelIOMonitor.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
PRC - C:\WINDOWS\system32\PSIService.exe ()
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Programme\T-DSL SpeedManager\SpeedMgr.exe (T-Systems Nova, Berkom)
PRC - C:\Programme\T-DSL SpeedManager\TSMSvc.exe (T-Systems Nova, Berkom)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\User\Eigene Dateien\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Norman\nvc\bin\Niphk.dll (Norman ASA)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\shfolder.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (NVCScheduler) -- C:\Programme\Norman\Npm\Bin\Nvcsched.exe File not found
SRV - (nvcoas) -- C:\Programme\Norman\Nvc\Bin\nvcoas.exe (Norman ASA)
SRV - (NNFSVC) -- C:\Programme\Norman\Ngs\Bin\Nnf.exe (Norman ASA)
SRV - (nsesvc) -- C:\Programme\Norman\nse\bin\NSESVC.EXE (Norman ASA)
SRV - (Norman ZANDA) -- C:\Programme\Norman\Npm\Bin\Zanda.exe (Norman ASA)
SRV - (NPROSECSVC) -- C:\Programme\Norman\Ngs\Bin\Nprosec.exe (Norman ASA)
SRV - (NVOY) -- C:\Programme\Norman\npm\bin\nvoy.exe (Norman ASA)
SRV - (Scheduler) -- C:\Programme\Norman\Npm\Bin\scheduler.exe (Norman ASA)
SRV - (eLoggerSvc6) -- C:\Programme\Norman\Npm\Bin\Elogsvc.exe (Norman ASA)
SRV - (Norman NJeeves) -- C:\Programme\Norman\Npm\Bin\Njeeves.exe (Norman ASA)
SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()
SRV - (WPEServ) -- C:\Programme\Gemeinsame Dateien\WPE\wpeserv.exe (soft Xpansion)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (TSMService) -- C:\Programme\T-DSL SpeedManager\tsmsvc.exe (T-Systems Nova, Berkom)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (cpuz131) -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\cpuz131\cpuz_x32.sys File not found
DRV - (catchme) -- C:\DOKUME~1\User\LOKALE~1\Temp\catchme.sys File not found
DRV - (nregsec) -- C:\Programme\Norman\ngs\bin\nregsec.sys (Norman ASA)
DRV - (NPROSEC) -- C:\Programme\Norman\ngs\bin\nprosec.sys (Norman ASA)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Programme\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (NGS) -- c:\Programme\Norman\ngs\bin\ngs.sys (Norman ASA)
DRV - (ACEDRV08) -- C:\WINDOWS\system32\drivers\ACEDRV08.sys (Protect Software GmbH)
DRV - (Ndiskio) -- C:\Programme\Norman\Nse\Bin\Ndiskio.sys (Norman ASA)
DRV - (NvcMFlt) -- C:\WINDOWS\system32\drivers\nvcw32mf.sys (Norman ASA)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                          )
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (drhard) -- C:\WINDOWS\System32\drivers\drhard.sys (Licensed for Gebhard Software)
DRV - (TNPacket) -- C:\Programme\T-DSL SpeedManager\TNPACKET.SYS (T-Systems Nova GmbH)
DRV - (PCANDIS5) -- C:\Programme\T-DSL SpeedManager\PCANDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.wikipedia.org/wiki/Benutzer:Rainer_Lippert"
FF - prefs.js..extensions.enabledItems: sparweltgutscheinewl@sparwelt.de:1.0
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.5.8.6
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..extensions.enabledItems: {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:2.5.6.0
FF - prefs.js..keyword.URL: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="
 
 
FF - HKLM\software\mozilla\Firefox\extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Programme\Crawler\firefox\ [2010.06.04 18:14:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.15 16:29:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.28 22:14:34 | 000,000,000 | ---D | M]
 
[2009.08.27 14:04:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Extensions
[2010.08.30 18:51:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\extensions
[2010.07.02 19:20:27 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010.04.03 22:39:17 | 000,000,000 | ---D | M] (Winload Toolbar) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2010.05.04 19:23:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.08.21 18:16:00 | 000,000,000 | ---D | M] (MyAshampoo Toolbar) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2010.03.27 20:55:22 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010.03.28 18:13:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\extensions\sparweltgutscheinewl@sparwelt.de
[2009.11.23 21:11:46 | 000,002,172 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\searchplugins\bing.xml
[2010.01.20 12:19:10 | 000,000,923 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\searchplugins\conduit.xml
[2010.03.07 00:11:13 | 000,001,250 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\searchplugins\winamp-search.xml
[2010.08.30 18:51:24 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.05.18 21:47:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.08.02 08:10:59 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.09.21 11:24:16 | 000,001,329 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\crawlersrch.bak
[2007.07.26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\crawlersrch.xml
[2010.08.02 08:10:59 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.02 08:10:59 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.02 08:10:59 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.02 08:10:59 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.04.29 18:08:08 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programme\Crawler\ctbr.dll (Crawler.com)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programme\Crawler\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programme\Crawler\ctbr.dll (Crawler.com)
O3 - HKCU\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Programme\Corel\Corel MediaOne\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Programme\Corel\Corel MediaOne\Corel PhotoDownloader.exe File not found
O4 - HKLM..\Run: [Norman ZANDA] C:\Programme\Norman\Npm\Bin\ZLH.EXE (Norman ASA)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [T-DSL SpeedMgr] C:\Programme\T-DSL SpeedManager\SpeedMgr.exe (T-Systems Nova, Berkom)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKCU..\Run: [Getdo]  File not found
O4 - HKCU..\Run: [Icmblt] C:\Dokumente und Einstellungen\User\Anwendungsdaten\Adobe\Update\widvid.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108847
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108847
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Öffnen mit PDF Genie 3 - {722FE9B2-6895-42D9-9984-F4CB26616023} - C:\Programme\DATA BECKER\PDF Genie 3.0\pdfshell.dll (TODO: <Company name>)
O9 - Extra 'Tools' menuitem : Öffnen mit PDF Genie 3 - {722FE9B2-6895-42D9-9984-F4CB26616023} - C:\Programme\DATA BECKER\PDF Genie 3.0\pdfshell.dll (TODO: <Company name>)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programme\Crawler\ctbr.dll (Crawler.com)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.dll - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.05 11:00:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = secfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.31 18:02:32 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Eigene Dateien\OTL.exe
[2010.08.28 15:38:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Helper
[2010.08.21 22:28:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\jpg-Illuminator
[2010.08.21 19:11:50 | 012,387,832 | ---- | C] (Google Inc.) -- C:\Dokumente und Einstellungen\User\Eigene Dateien\picasa36-setup(2).exe
[2010.08.21 18:55:48 | 010,831,352 | ---- | C] (Google Inc.) -- C:\Dokumente und Einstellungen\User\Eigene Dateien\picasa38_11545-setup.exe
[2010.08.21 18:16:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\MyAshampoo
[2010.08.21 18:16:07 | 000,000,000 | ---D | C] -- C:\Programme\MyAshampoo
[2010.08.21 17:21:23 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\User\Recent
[2010.08.21 17:17:41 | 003,420,304 | ---- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\User\Eigene Dateien\ccsetup234.exe
[2010.08.17 22:45:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Winload
[2010.08.17 22:45:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\softonic-de3
[2010.08.17 22:44:41 | 000,376,136 | ---- | C] (Norman ASA) -- C:\WINDOWS\System32\drivers\tdi_nf.sys
[2010.08.17 22:44:41 | 000,067,664 | ---- | C] (Norman ASA) -- C:\WINDOWS\System32\drivers\ale_nf64.sys
[2010.08.17 22:44:41 | 000,060,960 | ---- | C] (Norman ASA) -- C:\WINDOWS\System32\drivers\ale_nf.sys
[2010.08.17 22:44:40 | 000,048,272 | ---- | C] (Norman ASA) -- C:\WINDOWS\System32\drivers\nnetsec.sys
[2010.08.17 22:44:40 | 000,034,192 | ---- | C] (Norman ASA) -- C:\WINDOWS\System32\drivers\nnetsecl64.sys
[2010.08.17 22:44:40 | 000,030,584 | ---- | C] (Norman ASA) -- C:\WINDOWS\System32\drivers\nnetsecl.sys
[2010.08.15 19:00:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\XnView
[2010.08.15 19:00:17 | 000,000,000 | ---D | C] -- C:\Programme\XnView
[2010.08.15 18:58:45 | 003,060,520 | ---- | C] (Gougelet Pierre-e                                          ) -- C:\Dokumente und Einstellungen\User\Eigene Dateien\XnView-win-de.exe
[2010.08.14 15:55:58 | 000,000,000 | ---D | C] -- C:\Programme\Paint.NET
[2010.08.14 15:55:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Paint.NET
[2010.08.02 20:01:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\.fontconfig
[4 C:\Dokumente und Einstellungen\User\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\User\Eigene Dateien\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.31 18:02:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Eigene Dateien\OTL.exe
[2010.08.31 17:42:51 | 000,000,870 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.31 17:42:49 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.08.31 17:42:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.08.31 17:42:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.08.31 09:08:20 | 005,242,880 | ---- | M] () -- C:\Dokumente und Einstellungen\User\ntuser.dat
[2010.08.31 09:08:20 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\User\ntuser.ini
[2010.08.31 08:37:05 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.31 08:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\HPpromotions journeysoftware.job
[2010.08.29 22:53:26 | 000,075,701 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\booksa.htm
[2010.08.29 22:51:34 | 010,905,983 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\lernort_geologie_modul_i.pdf
[2010.08.29 21:40:55 | 000,120,167 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\032.JPG
[2010.08.29 09:21:42 | 000,004,096 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\00000315.LCS
[2010.08.29 09:21:27 | 006,834,688 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Bäume1.doc
[2010.08.28 22:14:35 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.08.28 15:39:03 | 000,002,181 | ---- | M] () -- C:\WINDOWS\Helicon Debug Window.ini
[2010.08.27 19:41:48 | 008,523,264 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Bäume.doc
[2010.08.24 19:15:04 | 000,001,616 | -H-- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\.picasa.ini
[2010.08.24 19:14:01 | 001,698,562 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Schellenberger Eishöhle1.jpg
[2010.08.24 19:08:40 | 000,598,723 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Schellenberger Eishöhle.jpg
[2010.08.24 19:06:31 | 000,000,680 | ---- | M] () -- C:\WINDOWS\AUTOLNCH.REG
[2010.08.23 18:57:24 | 000,000,848 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010.08.23 18:54:40 | 005,779,885 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\JPG-Illuminator_v42(3).zip
[2010.08.22 20:22:27 | 005,779,885 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\JPG-Illuminator_v42(2).zip
[2010.08.22 10:27:04 | 005,413,962 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\JPG-Illuminator_v39.zip
[2010.08.22 08:21:43 | 000,004,397 | ---- | M] () -- C:\Dokumente und Einstellungen\User\.recently-used.xbel
[2010.08.21 22:26:08 | 005,779,885 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\JPG-Illuminator_v42.zip
[2010.08.21 19:18:41 | 000,000,731 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Picasa 3.lnk
[2010.08.21 19:16:17 | 012,387,832 | ---- | M] (Google Inc.) -- C:\Dokumente und Einstellungen\User\Eigene Dateien\picasa36-setup(2).exe
[2010.08.21 19:03:14 | 010,831,352 | ---- | M] (Google Inc.) -- C:\Dokumente und Einstellungen\User\Eigene Dateien\picasa38_11545-setup.exe
[2010.08.21 17:19:40 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\CCleaner.lnk
[2010.08.21 17:18:51 | 003,420,304 | ---- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\User\Eigene Dateien\ccsetup234.exe
[2010.08.21 16:52:12 | 000,030,720 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.17 22:45:58 | 000,008,224 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2010.08.16 22:52:25 | 000,674,816 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\hoehle_index.xls
[2010.08.16 07:26:15 | 000,329,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.15 19:00:53 | 000,000,586 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\XnView.lnk
[2010.08.15 18:59:47 | 003,060,520 | ---- | M] (Gougelet Pierre-e                                          ) -- C:\Dokumente und Einstellungen\User\Eigene Dateien\XnView-win-de.exe
[2010.08.14 21:08:03 | 000,039,936 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Die Schellenberger Eishöhle ist die einzige Schauhöhle in den Berchtesgadener Alpen.doc
[2010.08.14 15:56:17 | 000,000,840 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Paint.NET.lnk
[2010.08.12 08:23:03 | 001,025,000 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.08.12 08:23:03 | 000,459,152 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.08.12 08:23:03 | 000,441,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.08.12 08:23:03 | 000,084,524 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.08.12 08:23:03 | 000,071,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.08.11 22:18:34 | 000,033,280 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Fröhlich.doc
[2010.08.08 21:53:53 | 000,176,128 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Baumberechnung.xls
[2010.08.07 22:26:48 | 000,025,997 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Urlaub 2010 783-Urlaub 2010 789 -B.pto.mk
[2010.08.07 22:26:48 | 000,025,283 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Urlaub 2010 783-Urlaub 2010 789.pto.mk
[2010.08.07 22:26:48 | 000,016,567 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Urlaub 2010 783-Urlaub 2010 789 -B.pto
[2010.08.07 22:26:48 | 000,016,566 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Urlaub 2010 783-Urlaub 2010 789.pto
[2010.08.04 20:45:08 | 000,001,099 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\ShiftN.ini
[4 C:\Dokumente und Einstellungen\User\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\User\Eigene Dateien\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.29 22:53:26 | 000,075,701 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\booksa.htm
[2010.08.29 22:51:19 | 010,905,983 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\lernort_geologie_modul_i.pdf
[2010.08.28 19:53:51 | 006,834,688 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Bäume1.doc
[2010.08.28 19:42:08 | 000,120,167 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\032.JPG
[2010.08.24 19:13:37 | 001,698,562 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Schellenberger Eishöhle1.jpg
[2010.08.24 19:08:18 | 000,598,723 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Schellenberger Eishöhle.jpg
[2010.08.23 18:52:39 | 005,779,885 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\JPG-Illuminator_v42(3).zip
[2010.08.22 20:22:23 | 005,779,885 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\JPG-Illuminator_v42(2).zip
[2010.08.22 10:25:23 | 005,413,962 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\JPG-Illuminator_v39.zip
[2010.08.22 08:21:43 | 000,004,397 | ---- | C] () -- C:\Dokumente und Einstellungen\User\.recently-used.xbel
[2010.08.21 22:24:06 | 005,779,885 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\JPG-Illuminator_v42.zip
[2010.08.21 19:04:07 | 000,000,731 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Picasa 3.lnk
[2010.08.21 15:31:03 | 008,523,264 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Bäume.doc
[2010.08.16 22:52:13 | 000,674,816 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\hoehle_index.xls
[2010.08.15 19:00:20 | 000,000,586 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\XnView.lnk
[2010.08.14 21:08:02 | 000,039,936 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Die Schellenberger Eishöhle ist die einzige Schauhöhle in den Berchtesgadener Alpen.doc
[2010.08.14 15:56:17 | 000,000,840 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Paint.NET.lnk
[2010.08.09 22:38:28 | 000,033,280 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Fröhlich.doc
[2010.08.08 21:53:53 | 000,176,128 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Baumberechnung.xls
[2010.08.07 22:26:48 | 000,025,997 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Urlaub 2010 783-Urlaub 2010 789 -B.pto.mk
[2010.08.07 22:26:48 | 000,025,283 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Urlaub 2010 783-Urlaub 2010 789.pto.mk
[2010.08.07 22:26:48 | 000,016,567 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Urlaub 2010 783-Urlaub 2010 789 -B.pto
[2010.08.07 22:26:48 | 000,016,566 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Urlaub 2010 783-Urlaub 2010 789.pto
[2010.06.17 17:36:33 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010.04.25 20:58:32 | 000,014,806 | -HS- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\W1V4gTA17lv6V
[2009.11.19 12:08:19 | 000,002,181 | ---- | C] () -- C:\WINDOWS\Helicon Debug Window.ini
[2009.11.12 16:17:27 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009.11.09 20:39:54 | 000,016,070 | ---- | C] () -- C:\WINDOWS\German2.ini
[2009.10.20 16:06:18 | 000,030,720 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.04 18:20:27 | 000,001,099 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\ShiftN.ini
[2009.08.29 16:43:24 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2009.08.29 16:43:23 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2009.08.27 16:26:42 | 000,000,879 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log
[2009.08.27 16:26:23 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009.08.27 08:37:38 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.08.21 18:13:22 | 000,000,090 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009.08.21 18:07:25 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009.06.05 11:51:16 | 000,002,480 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009.06.05 11:48:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009.06.05 11:23:11 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009.06.05 11:07:54 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 400 bytes -> C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\desktop.ini:bf5af20ce7a419b1178ece347eddc338
@Alternate Data Stream - 137 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A5B56640
< End of report >
--- --- ---

cosinus 31.08.2010 20:20
Zitat:
Bei einem anderen müsste ich mich erst einarbeiten.
mach das mal. Outlook Express ist nicht mehr zeitgemäß und gibt es auch so ab Windows Vista schon nicht mehr. Mit Mozilla Thunderbird machst Du nichts falsch und die Umgewöhnung hält sich stark in Grenzen.


Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O4 - HKCU..\Run: [Getdo]  File not found
O4 - HKCU..\Run: [Icmblt] C:\Dokumente und Einstellungen\User\Anwendungsdaten\Adobe\Update\widvid.exe ()
[2010.04.25 20:58:32 | 000,014,806 | -HS- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\W1V4gTA17lv6V
@Alternate Data Stream - 400 bytes -> C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\desktop.ini:bf5af20ce7a419b1178ece347eddc338
@Alternate Data Stream - 137 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A5B56640
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Rainer2 31.08.2010 20:55
Hallo,

mein Hauptproplem ist dort wohl erstmal die, dass ich Überhaupt E-Mails abrufen und verschicken kann. Das muss ja alles erstmal eingerichtet werden? Denke ich zumindest.

Hier nun das gewünschte Logfile:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Getdo deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Icmblt deleted successfully.
C:\Dokumente und Einstellungen\User\Anwendungsdaten\Adobe\Update\widvid.exe moved successfully.
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\W1V4gTA17lv6V moved successfully.
ADS C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\desktop.ini:bf5af20ce7a419b1178ece347eddc338 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A5B56640 deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 52570384 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: User
->Temp folder emptied: 198692537 bytes
->Temporary Internet Files folder emptied: 28532042 bytes
->Java cache emptied: 967586 bytes
->FireFox cache emptied: 98981008 bytes
->Flash cache emptied: 4824 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 36720931 bytes
RecycleBin emptied: 1008963 bytes

Total Files Cleaned = 398,00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 08312010_214943

Files\Folders moved on Reboot...
File move failed. C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temp\nvcbin.def.9c09ba42.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Viele Grüße,

Rainer

cosinus 31.08.2010 21:01
Zitat:
mein Hauptproplem ist dort wohl erstmal die, dass ich Überhaupt E-Mails abrufen und verschicken kann. Das muss ja alles erstmal eingerichtet werden? Denke ich zumindest.
Das richtet Thunderbird 3.1.x automatisch ein. Du kannst auch alle Mails von OjE in Thunderbird importieren und natürlich beides parallel installiert haben.


Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Rainer2 31.08.2010 21:37
Hallo,

ich habe jetzt Thunderbird installiert. Er hat wohl auch alle Einstellungen übernommen. Jetzt fragt er mich aber nach dem Passwort zu meiner E-Mail Adresse. Die kenne ich aber nicht.

Beim ausführen von ComboFix bekam ich die Meldung, dass der Virenschutz aktiviert ist. Aber wie kann ich den abschalten? Ich habe im Virenprogramm gesucht. Wenn ich da ein Häckchen rausnehme, bekomme ich gleich den Warnhinweis, ob ich es deinstallieren will. Kann ich das alles einfach so deinstallieren? Wie wird das danach wieder aktiviert?

Viele Grüße,

Rainer

Rainer2 31.08.2010 21:53
Hallo,

der Scan wurde jetzt, obwohl ich nicht bestätigt habe, dennoch durchgeführt. trotz laufenden Virenscanner. Hier das Logfile.

Viele Grüße,

Rainer

ComboFix 10-08-31.01 - User 31.08.2010 22:43:30.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2037.1210 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\User\Eigene Dateien\A\cofi.exe
AV: Norman Security Suite *On-access scanning enabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
* Im Speicher befindliches AV aktiv.

.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\AUTOLNCH.REG

.
((((((((((((((((((((((( Dateien erstellt von 2010-07-28 bis 2010-08-31 ))))))))))))))))))))))))))))))
.

2010-08-31 20:05 . 2010-08-31 20:05 -------- d-----w- c:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Thunderbird
2010-08-31 20:05 . 2010-08-31 20:05 -------- d-----w- c:\dokumente und einstellungen\User\Anwendungsdaten\Thunderbird
2010-08-31 20:05 . 2010-08-31 20:05 -------- d-----w- c:\programme\Mozilla Thunderbird
2010-08-28 13:38 . 2010-08-28 13:38 -------- d-----w- c:\dokumente und einstellungen\User\Anwendungsdaten\Helper
2010-08-21 20:28 . 2010-08-21 20:28 -------- d-----w- c:\dokumente und einstellungen\User\Anwendungsdaten\jpg-Illuminator
2010-08-21 16:16 . 2010-08-29 19:47 -------- d-----w- c:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\MyAshampoo
2010-08-21 16:16 . 2010-08-21 16:16 -------- d-----w- c:\programme\MyAshampoo
2010-08-21 16:16 . 2010-01-20 10:19 52224 ----a-w- c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\FFExternalAlert.dll
2010-08-21 16:16 . 2010-01-20 10:19 101376 ----a-w- c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\RadioWMPCore.dll
2010-08-17 20:45 . 2010-08-17 20:45 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Winload
2010-08-17 20:45 . 2010-08-17 20:45 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\softonic-de3
2010-08-17 20:45 . 2010-08-17 20:45 -------- d-----r- c:\dokumente und einstellungen\NetworkService\Favoriten
2010-08-17 20:44 . 2010-05-19 07:37 67664 ----a-w- c:\windows\system32\drivers\ale_nf64.sys
2010-08-17 20:44 . 2010-05-19 07:36 60960 ----a-w- c:\windows\system32\drivers\ale_nf.sys
2010-08-17 20:44 . 2010-05-10 08:13 376136 ----a-w- c:\windows\system32\drivers\tdi_nf.sys
2010-08-17 20:44 . 2010-06-21 12:54 48272 ----a-w- c:\windows\system32\drivers\nnetsec.sys
2010-08-17 20:44 . 2010-05-28 10:40 30584 ----a-w- c:\windows\system32\drivers\nnetsecl.sys
2010-08-17 20:44 . 2010-05-25 12:28 34192 ----a-w- c:\windows\system32\drivers\nnetsecl64.sys
2010-08-15 17:00 . 2010-08-21 16:43 -------- d-----w- c:\dokumente und einstellungen\User\Anwendungsdaten\XnView
2010-08-15 17:00 . 2010-08-15 17:00 -------- d-----w- c:\programme\XnView
2010-08-14 13:55 . 2010-08-14 13:56 -------- d-----w- c:\programme\Paint.NET
2010-08-14 13:55 . 2010-08-26 17:33 -------- d-----w- c:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Paint.NET
2010-08-05 21:16 . 2010-08-05 21:16 503808 ----a-w- c:\dokumente und einstellungen\User\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1946db42-n\msvcp71.dll
2010-08-05 21:16 . 2010-08-05 21:16 499712 ----a-w- c:\dokumente und einstellungen\User\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1946db42-n\jmc.dll
2010-08-05 21:16 . 2010-08-05 21:16 348160 ----a-w- c:\dokumente und einstellungen\User\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1946db42-n\msvcr71.dll
2010-08-05 21:16 . 2010-08-05 21:16 61440 ----a-w- c:\dokumente und einstellungen\User\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-167f9a64-n\decora-sse.dll
2010-08-05 21:16 . 2010-08-05 21:16 12800 ----a-w- c:\dokumente und einstellungen\User\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-167f9a64-n\decora-d3d.dll
2010-08-02 18:01 . 2010-08-02 18:01 -------- d-----w- c:\dokumente und einstellungen\User\.fontconfig

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-31 20:17 . 2010-05-05 19:36 -------- d-----w- c:\programme\Crawler
2010-08-29 19:42 . 2010-06-17 15:36 -------- d-----w- c:\dokumente und einstellungen\User\Anwendungsdaten\Corel
2010-08-26 21:10 . 2009-10-01 19:36 117760 ----a-w- c:\dokumente und einstellungen\User\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-23 16:57 . 2010-06-17 15:36 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-08-22 06:21 . 2009-10-09 14:29 -------- d-----w- c:\dokumente und einstellungen\User\Anwendungsdaten\gtk-2.0
2010-08-21 16:35 . 2010-06-30 20:20 -------- d---a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2010-08-21 15:20 . 2009-11-12 14:16 -------- d-----w- c:\programme\Gemeinsame Dateien\Panasonic
2010-08-21 15:20 . 2009-11-12 14:13 -------- d-----w- c:\programme\Panasonic
2010-08-21 15:20 . 2009-06-05 09:22 -------- d--h--w- c:\programme\InstallShield Installation Information
2010-08-21 15:19 . 2009-09-18 21:15 -------- d-----w- c:\programme\CCleaner
2010-08-17 20:45 . 2009-08-21 16:07 8224 ----a-w- c:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-08-17 20:45 . 2009-08-27 08:13 -------- d-----w- c:\programme\Norman
2010-08-12 06:23 . 2009-06-05 09:51 84524 ----a-w- c:\windows\system32\perfc007.dat
2010-08-12 06:23 . 2009-06-05 09:51 459152 ----a-w- c:\windows\system32\perfh007.dat
2010-08-03 05:15 . 2009-08-26 12:18 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\NOS
2010-06-30 12:28 . 2009-06-05 09:51 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2009-06-05 09:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2009-06-05 09:51 1852032 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2009-06-05 09:51 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2009-06-05 09:51 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-06-05 08:59 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2009-06-05 09:51 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
.

((((((((((((((((((((((((((((( SnapShot@2010-04-29_20.21.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
- 2007-11-07 01:19 . 2007-11-07 01:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2007-11-07 00:19 . 2007-11-07 00:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
- 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
- 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2009-07-11 18:54 . 2009-07-11 18:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2010-04-25 14:54 . 2010-04-25 14:54 56656 c:\windows\WinSxS\amd64_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_22d6ba8a\vcomp90.dll
+ 2009-07-11 20:14 . 2009-07-11 20:14 67072 c:\windows\WinSxS\amd64_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d7860533\mfcm90u.dll
+ 2009-07-11 20:14 . 2009-07-11 20:14 67072 c:\windows\WinSxS\amd64_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d7860533\mfcm90.dll
+ 2010-08-31 19:52 . 2010-08-31 19:52 16384 c:\windows\Temp\Perflib_Perfdata_ff0.dat
+ 2010-08-31 19:51 . 2010-08-31 19:51 16384 c:\windows\Temp\Perflib_Perfdata_6a8.dat
+ 2009-06-05 09:51 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
- 2009-06-05 09:51 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
+ 2010-03-30 22:16 . 2010-03-30 22:16 99176 c:\windows\system32\PresentationHostProxy.dll
- 2009-06-05 09:51 . 2010-03-30 20:44 71196 c:\windows\system32\perfc009.dat
+ 2009-06-05 09:51 . 2010-08-12 06:23 71196 c:\windows\system32\perfc009.dat
+ 2009-11-06 23:07 . 2009-11-06 23:07 49488 c:\windows\system32\netfxperf.dll
+ 2009-11-05 20:17 . 2009-11-05 20:17 11600 c:\windows\system32\mui\0409\mscorees.dll
- 2009-03-08 02:31 . 2010-02-25 06:15 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 02:31 . 2010-06-24 12:21 55296 c:\windows\system32\msfeedsbs.dll
- 2009-06-05 09:51 . 2010-02-25 06:15 25600 c:\windows\system32\jsproxy.dll
+ 2009-06-05 09:51 . 2010-06-24 12:21 25600 c:\windows\system32\jsproxy.dll
+ 2010-07-02 16:37 . 2009-04-17 13:48 18304 c:\windows\system32\DRVSTORE\grmnusb_8E661E05CC789A6D1B8ABAA087CF60EDD72AC35D\I386\grmngen.sys
- 2009-08-27 08:14 . 2009-10-08 10:59 21832 c:\windows\system32\drivers\nvcw32mf.sys
+ 2009-08-27 08:14 . 2009-10-09 09:22 21832 c:\windows\system32\drivers\nvcw32mf.sys
- 2009-09-30 06:30 . 2010-03-29 22:46 38224 c:\windows\system32\drivers\mbamswissarmy.sys
+ 2009-09-30 06:30 . 2010-04-29 13:39 38224 c:\windows\system32\drivers\mbamswissarmy.sys
+ 2009-09-30 06:30 . 2010-04-29 13:39 20952 c:\windows\system32\drivers\mbam.sys
+ 2009-08-28 17:53 . 2009-04-17 18:48 18304 c:\windows\system32\drivers\grmngen.sys
+ 2009-08-26 12:27 . 2010-06-24 12:22 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-08-26 12:27 . 2010-02-25 06:15 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-08-26 12:27 . 2010-02-25 06:15 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-08-26 12:27 . 2010-06-24 12:21 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-06-05 09:51 . 2010-06-24 12:21 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-06-05 09:51 . 2010-02-25 06:15 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-06-05 09:51 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2009-06-05 09:51 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll
- 2008-07-29 17:16 . 2008-07-29 17:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2010-04-07 21:48 . 2010-04-07 21:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2010-03-23 03:31 . 2010-03-23 03:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-04-01 09:42 . 2010-04-01 09:42 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2008-05-27 22:49 . 2008-05-27 22:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2010-03-31 12:51 . 2010-03-31 12:51 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2008-05-27 22:49 . 2008-05-27 22:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-03-31 12:51 . 2010-03-31 12:51 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-03-31 12:51 . 2010-03-31 12:51 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2008-05-27 22:49 . 2008-05-27 22:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2008-05-27 23:30 . 2008-05-27 23:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-03-31 13:32 . 2010-03-31 13:32 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2003-02-20 17:19 . 2003-02-20 17:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2010-03-31 13:32 . 2010-03-31 13:32 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2010-06-20 10:32 . 2010-06-20 10:32 22528 c:\windows\Installer\116939f.msi
+ 2010-08-14 13:56 . 2010-08-14 13:56 77610 c:\windows\Installer\{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}\_853F67D554F05449430E7E.exe
+ 2010-06-20 10:46 . 2010-06-20 10:46 25214 c:\windows\Installer\{C2D129C0-7508-11DF-9F1B-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-06-20 10:46 . 2010-06-20 10:46 25214 c:\windows\Installer\{C2D129C0-7508-11DF-9F1B-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-06-20 10:46 . 2010-06-20 10:46 25214 c:\windows\Installer\{C2D129C0-7508-11DF-9F1B-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-06-20 10:46 . 2010-06-20 10:46 25214 c:\windows\Installer\{C2D129C0-7508-11DF-9F1B-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-06-20 10:46 . 2010-06-20 10:46 25214 c:\windows\Installer\{C2D129C0-7508-11DF-9F1B-005056806466}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-06-20 10:46 . 2010-06-20 10:46 25214 c:\windows\Installer\{C2D129C0-7508-11DF-9F1B-005056806466}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-06-20 10:46 . 2010-06-20 10:46 25214 c:\windows\Installer\{C2D129C0-7508-11DF-9F1B-005056806466}\ARPPRODUCTICON.exe
+ 2010-06-17 15:30 . 2010-06-17 16:16 22486 c:\windows\Installer\{3C569633-C8DE-46E2-BB8F-F65198681C2F}\SnapfireIcon_Corel.exe
+ 2010-06-17 15:30 . 2010-06-17 16:16 22486 c:\windows\Installer\{3C569633-C8DE-46E2-BB8F-F65198681C2F}\NewShortcut1.73D5A293_D496_4B44_B535_AA8F98088895.exe
+ 2010-06-17 15:30 . 2010-06-17 16:16 22486 c:\windows\Installer\{3C569633-C8DE-46E2-BB8F-F65198681C2F}\ARPPRODUCTICON.exe
+ 2010-06-17 15:31 . 2010-06-17 15:31 61440 c:\windows\Installer\{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}\NewShortcut2.exe_B0CC61734F2E4C55A2D9A01743709D0D_1.exe
+ 2010-06-17 15:31 . 2010-06-17 15:31 61440 c:\windows\Installer\{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}\NewShortcut1_B0CC61734F2E4C55A2D9A01743709D0D_1.exe
+ 2010-06-17 15:31 . 2010-06-17 15:31 61440 c:\windows\Installer\{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}\ARPPRODUCTICON.exe
+ 2007-08-21 09:50 . 2007-08-21 09:50 73032 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\photoupload.exe
+ 2007-08-21 09:50 . 2007-08-21 09:50 75624 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\iglzw15d.dll
+ 2007-08-21 09:50 . 2007-08-21 09:50 28488 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\email.exe
+ 2007-08-21 09:50 . 2007-08-21 09:50 27464 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\coresingletonmgr.dll
+ 2007-08-21 09:50 . 2007-08-21 09:50 66376 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\corememory.dll
+ 2007-08-21 09:50 . 2007-08-21 09:50 42824 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\corelanguage.dll
+ 2007-08-21 09:50 . 2007-08-21 09:50 29512 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\coreerrorcodes.dll
+ 2007-08-21 09:50 . 2007-08-21 09:50 83272 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\camwia.dll
+ 2007-08-21 09:50 . 2007-08-21 09:50 77824 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\am.dll
+ 2010-06-10 06:17 . 2010-02-25 06:15 12800 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2010-06-10 06:17 . 2010-02-25 06:15 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2010-06-10 06:17 . 2010-02-25 06:15 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2010-08-12 06:20 . 2010-05-06 10:31 12800 c:\windows\ie8updates\KB2183461-IE8\xpshims.dll
+ 2010-08-12 06:20 . 2010-05-06 10:31 55296 c:\windows\ie8updates\KB2183461-IE8\msfeedsbs.dll
+ 2010-08-12 06:20 . 2010-05-06 10:31 25600 c:\windows\ie8updates\KB2183461-IE8\jsproxy.dll
+ 2010-06-10 21:15 . 2010-06-10 21:15 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_4de44b61\System.Drawing.Design.dll
+ 2010-06-10 21:14 . 2010-06-10 21:14 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_64756d22\CustomMarshalers.dll
+ 2010-08-14 13:56 . 2010-08-14 13:56 24576 c:\windows\assembly\NativeImages_v2.0.50727_32\WiaProxy32\b4fc4692486f393c43bd0e904337006c\WiaProxy32.ni.exe
+ 2010-08-12 16:06 . 2010-08-12 16:06 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5ec9dec678303ebff0ef018edb5ec595\UIAutomationProvider.ni.dll
+ 2010-08-12 16:14 . 2010-08-12 16:14 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll
+ 2010-08-12 16:14 . 2010-08-12 16:14 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\aada360296a42e0413579a19c771ec2d\System.Web.DynamicData.Design.ni.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2b5ff2c6358c483eb1439b99badb54fd\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\6125ff5a4fcd93d70a246cbff3005d42\System.AddIn.Contract.ni.dll
+ 2010-08-12 16:07 . 2010-08-12 16:07 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\de26af01222270c121788161496fcfe7\PresentationFontCache.ni.exe
+ 2010-08-12 06:24 . 2010-08-12 06:24 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3c5adeedb70e6e052a6556c6ab9b6918\PresentationCFFRasterizer.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 55808 c:\windows\assembly\NativeImages_v2.0.50727_32\PHOTOfunSTUDIO\3de4448bee2d27bfca983e86005df7bd\PHOTOfunSTUDIO.ni.exe
+ 2010-08-12 16:12 . 2010-08-12 16:12 19456 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Framework#\32bc8f9c41c3a5f28363abf6a387efdd\Panasonic.Framework.Extension.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.Spec#\e25b8802ae26c7b0b7014d6e2377922f\Panasonic.Core.Spec.Plugin.StillPicture.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 97792 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.Spec#\86d6f7c13679ba7e24d9bff1615e27b4\Panasonic.Core.Spec.Plugin.Utility.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 31232 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.Spec#\6faad71c7322dcfb61cd61224cac7285\Panasonic.Core.Spec.PluginFactory.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 78336 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.Help#\e8faafc0a52b902e89da2a75ee498061\Panasonic.Core.Helper.UAC.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 72704 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.Help#\18917f2d47713228f344c966d4117d45\Panasonic.Core.Helper.AutoPlay.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 20992 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.Core#\700c47344a915ee92cf58a2d0d10c0dc\Panasonic.Core.CoreException.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll
+ 2010-08-12 16:06 . 2010-08-12 16:06 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\272d51526813ea113970b8e890c92ee2\Microsoft.VisualC.ni.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 36352 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7f61cf4c3892b0ff2ac1b3ea9d39144d\Microsoft.PowerShell.ConsoleHost.resources.ni.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 18944 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\757619ca9b5548f90bc6a9aadd7ba7ec\Microsoft.PowerShell.Commands.Management.resource s.ni.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 16896 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\546bc5d4ed9d8c41e0c53321177afd8b\Microsoft.PowerShell.Security.resources.ni.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 31232 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\26ad092d5c50f4390fb38334dca6e45a\Microsoft.PowerShell.Commands.Utility.resources.n i.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e1d4e0b1f112000ab33bbaf88bd9ed99\Microsoft.Build.Framework.ni.dll
+ 2010-08-12 06:24 . 2010-08-12 06:24 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4200cf5b7f247ec1b997808c6d1ba7d1\Microsoft.Build.Framework.ni.dll
+ 2010-08-14 13:56 . 2010-08-14 13:56 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.WIA\9635ebb159cfd1fdeada9e92dbb06347\Interop.WIA.ni.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\50b7fc7f36c76313cbb434b10923e4e9\dfsvc.ni.exe
+ 2010-08-12 16:11 . 2010-08-12 16:11 86528 c:\windows\assembly\NativeImages_v2.0.50727_32\CResourceReader\bff29a46e48b95291750b06ca610a1d6\CResourceReader.ni.dll
+ 2010-08-12 16:11 . 2010-08-12 16:11 85504 c:\windows\assembly\NativeImages_v2.0.50727_32\CRegistryAccess\799b05c45ba93d0ebd916a7133318157\CRegistryAccess.ni.dll
+ 2010-08-12 16:11 . 2010-08-12 16:11 97792 c:\windows\assembly\NativeImages_v2.0.50727_32\CLicenseAgreementDlg\10a758234bb2edf0fd22da0a2a6f8a4e\CLicenseAgreementDlg.ni.dll
+ 2010-08-12 16:07 . 2010-08-12 16:07 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5ffa548547613dbc5a92f2c5b7cad196\Accessibility.ni.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-08-26 12:34 . 2009-08-26 12:34 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-06-10 21:13 . 2010-06-10 21:13 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-06-10 21:14 . 2010-06-10 21:14 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-05-26 06:08 . 2010-01-23 08:11 46080 c:\windows\$NtUninstallKB981793$\tzchange.exe
+ 2010-05-26 06:08 . 2010-04-22 22:21 16896 c:\windows\$NtUninstallKB981793$\spuninst\tzchange.dll
+ 2010-06-10 06:15 . 2008-04-14 12:00 65024 c:\windows\$NtUninstallKB979482$\asycfilt.dll
+ 2010-06-10 06:17 . 2008-07-08 13:00 26488 c:\windows\$hf_mig$\KB982381-IE8\update\spcustom.dll
+ 2010-06-10 06:17 . 2008-07-08 13:00 18808 c:\windows\$hf_mig$\KB982381-IE8\spmsg.dll
+ 2010-06-10 06:10 . 2010-05-06 10:26 12800 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\xpshims.dll
+ 2010-06-10 06:10 . 2010-05-06 10:26 55296 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\msfeedsbs.dll
+ 2010-06-10 06:10 . 2010-05-06 10:26 25600 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\jsproxy.dll
+ 2010-06-10 21:17 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB980218\update\spcustom.dll
+ 2010-06-10 21:17 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB980218\spmsg.dll
+ 2010-06-10 06:18 . 2008-07-08 13:00 26488 c:\windows\$hf_mig$\KB980195\update\spcustom.dll
+ 2010-06-10 06:18 . 2008-07-08 13:00 18808 c:\windows\$hf_mig$\KB980195\spmsg.dll
+ 2010-06-10 06:17 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB979559\update\spcustom.dll
+ 2010-06-10 06:17 . 2009-05-26 09:01 18808 c:\windows\$hf_mig$\KB979559\spmsg.dll
+ 2010-06-10 06:15 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB979482\update\spcustom.dll
+ 2010-06-10 06:15 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB979482\spmsg.dll
+ 2010-03-05 14:50 . 2010-03-05 14:50 65536 c:\windows\$hf_mig$\KB979482\SP3QFE\asycfilt.dll
+ 2010-05-12 06:13 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978542\update\spcustom.dll
+ 2010-05-12 06:13 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB978542\spmsg.dll
+ 2010-06-10 06:15 . 2008-07-08 13:00 26488 c:\windows\$hf_mig$\KB975562\update\spcustom.dll
+ 2010-06-10 06:15 . 2008-07-08 13:00 18808 c:\windows\$hf_mig$\KB975562\spmsg.dll
+ 2010-07-16 11:20 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2229593\update\spcustom.dll
+ 2010-07-16 11:20 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB2229593\spmsg.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-05-01 19:46 . 2001-08-18 02:54 5632 c:\windows\system32\ptpusb.dll
+ 2010-07-02 16:37 . 2009-04-17 13:48 9344 c:\windows\system32\DRVSTORE\grmnusb_8E661E05CC789A6D1B8ABAA087CF60EDD72AC35D\I386\grmnusb.sys
+ 2009-08-28 17:53 . 2009-04-17 18:48 9344 c:\windows\system32\drivers\grmnusb.sys
+ 2010-06-17 15:30 . 2010-06-17 16:16 8854 c:\windows\Installer\{3C569633-C8DE-46E2-BB8F-F65198681C2F}\ShortcutUninstall.exe
- 2009-10-15 07:10 . 2009-10-15 07:10 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 01:54 . 2008-07-29 01:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
- 2008-07-29 02:54 . 2008-07-29 02:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2009-07-11 20:11 . 2009-07-11 20:11 624448 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcr90.dll
+ 2009-07-11 20:11 . 2009-07-11 20:11 853312 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcp90.dll
+ 2009-07-11 20:14 . 2009-07-11 20:14 245760 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcm90.dll
+ 2010-04-25 14:54 . 2010-04-25 14:54 176456 c:\windows\WinSxS\amd64_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_673f7fa2\atl90.dll
+ 2010-04-25 14:53 . 2010-04-25 14:53 323624 c:\windows\system32\wiaaut.dll
+ 2009-09-28 20:05 . 2010-05-03 17:40 149752 c:\windows\system32\Restore\rstrlog.dat
+ 2007-04-04 15:08 . 2007-04-04 15:08 158456 c:\windows\system32\pxwma.dll
+ 2010-05-01 19:46 . 2008-04-14 05:52 159232 c:\windows\system32\ptpusd.dll
+ 2007-06-05 11:20 . 2007-06-05 11:20 177704 c:\windows\system32\PSIService.exe
+ 2010-03-30 22:10 . 2010-03-30 22:10 295264 c:\windows\system32\PresentationHost.exe
- 2009-06-05 09:51 . 2010-03-30 20:44 441260 c:\windows\system32\perfh009.dat
+ 2009-06-05 09:51 . 2010-08-12 06:23 441260 c:\windows\system32\perfh009.dat
- 2009-06-05 09:51 . 2010-02-25 06:15 206848 c:\windows\system32\occache.dll
+ 2009-06-05 09:51 . 2010-06-24 12:22 206848 c:\windows\system32\occache.dll
- 2009-08-27 08:14 . 2009-10-07 12:07 214344 c:\windows\system32\nscrnsav.scr
+ 2009-08-27 08:14 . 2009-10-11 13:06 214344 c:\windows\system32\nscrnsav.scr
+ 2009-06-05 09:51 . 2010-06-24 12:22 611840 c:\windows\system32\mstime.dll
- 2009-06-05 09:51 . 2010-02-25 06:15 611840 c:\windows\system32\mstime.dll
+ 2009-03-08 02:32 . 2010-06-24 12:21 599040 c:\windows\system32\msfeeds.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 297808 c:\windows\system32\mscoree.dll
+ 2010-08-08 05:57 . 2010-08-08 05:57 231888 c:\windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe
- 2010-03-30 20:44 . 2010-03-09 02:28 153376 c:\windows\system32\javaws.exe
+ 2010-03-30 20:44 . 2010-04-12 15:29 153376 c:\windows\system32\javaws.exe
- 2010-03-30 20:44 . 2010-03-09 02:28 145184 c:\windows\system32\javaw.exe
+ 2010-03-30 20:44 . 2010-04-12 15:29 145184 c:\windows\system32\javaw.exe
+ 2010-03-30 20:44 . 2010-04-12 15:29 145184 c:\windows\system32\java.exe
- 2010-03-30 20:44 . 2010-03-09 02:28 145184 c:\windows\system32\java.exe
- 2009-06-05 08:59 . 2008-04-11 19:04 691712 c:\windows\system32\inetcomm.dll
+ 2009-06-05 08:59 . 2010-01-29 14:59 691712 c:\windows\system32\inetcomm.dll
- 2009-06-05 09:51 . 2010-02-25 06:14 184320 c:\windows\system32\iepeers.dll
+ 2009-06-05 09:51 . 2010-06-24 12:21 184320 c:\windows\system32\iepeers.dll
+ 2009-06-05 09:51 . 2010-06-24 12:21 387584 c:\windows\system32\iedkcs32.dll
- 2009-06-05 09:51 . 2010-02-25 06:14 387584 c:\windows\system32\iedkcs32.dll
- 2009-06-05 09:51 . 2010-02-24 09:53 173056 c:\windows\system32\ie4uinit.exe
+ 2009-06-05 09:51 . 2010-06-23 12:08 173056 c:\windows\system32\ie4uinit.exe
+ 2009-06-05 09:55 . 2010-08-16 05:26 329888 c:\windows\system32\FNTCACHE.DAT
- 2009-06-05 09:51 . 2010-02-25 06:15 916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-06-05 09:51 . 2010-06-24 12:22 916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-06-05 09:51 . 2010-06-21 15:27 354304 c:\windows\system32\dllcache\srv.sys
+ 2009-06-05 09:51 . 2010-06-30 12:28 149504 c:\windows\system32\dllcache\schannel.dll
+ 2009-06-05 09:51 . 2010-06-24 12:22 206848 c:\windows\system32\dllcache\occache.dll
- 2009-06-05 09:51 . 2010-02-25 06:15 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-06-05 09:51 . 2010-06-24 12:22 611840 c:\windows\system32\dllcache\mstime.dll
- 2009-06-05 09:51 . 2010-02-25 06:15 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-08-26 12:27 . 2010-06-24 12:21 599040 c:\windows\system32\dllcache\msfeeds.dll
- 2009-06-05 08:59 . 2008-04-11 19:04 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-06-05 08:59 . 2010-01-29 14:59 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-08-26 12:27 . 2010-06-24 12:21 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-08-26 12:27 . 2010-02-25 06:14 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-06-05 09:51 . 2010-06-24 12:21 184320 c:\windows\system32\dllcache\iepeers.dll
- 2009-06-05 09:51 . 2010-02-25 06:14 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-10 06:10 . 2010-06-24 12:21 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2009-06-05 09:51 . 2010-06-24 12:21 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-06-05 09:51 . 2010-02-25 06:14 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-06-05 09:51 . 2010-02-24 09:53 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-06-05 09:51 . 2010-06-23 12:08 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-06-05 08:59 . 2010-06-14 14:31 744448 c:\windows\system32\dllcache\helpsvc.exe
- 2009-06-05 08:59 . 2008-04-14 12:00 744448 c:\windows\system32\dllcache\helpsvc.exe
- 2009-06-05 09:51 . 2008-04-14 12:00 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2009-06-05 09:51 . 2010-04-20 05:29 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2010-05-18 19:47 . 2010-04-12 15:29 411368 c:\windows\system32\deployJava1.dll
- 2009-06-05 09:51 . 2008-04-14 12:00 285696 c:\windows\system32\atmfd.dll
+ 2009-06-05 09:51 . 2010-04-20 05:29 285696 c:\windows\system32\atmfd.dll
+ 2010-03-30 22:16 . 2010-03-30 22:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2010-04-07 21:48 . 2010-04-07 21:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
- 2008-07-29 17:16 . 2008-07-29 17:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-04-07 21:48 . 2010-04-07 21:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-03-23 03:31 . 2010-03-23 03:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2010-02-09 10:22 . 2010-02-09 10:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2008-07-25 09:17 . 2008-07-25 09:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-05-11 04:40 . 2010-05-11 04:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2009-08-07 21:51 . 2009-08-07 21:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-05-11 04:40 . 2010-05-11 04:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2008-05-27 22:49 . 2008-05-27 22:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2010-03-31 12:51 . 2010-03-31 12:51 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2010-03-31 12:49 . 2010-03-31 12:49 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2008-05-27 22:48 . 2008-05-27 22:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-03-31 13:32 . 2010-03-31 13:32 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2008-05-27 23:30 . 2008-05-27 23:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-06-19 09:45 . 2010-06-19 09:45 219648 c:\windows\Installer\eb3bd7.msi
+ 2010-06-19 09:45 . 2010-06-19 09:45 424960 c:\windows\Installer\eb3bd1.msi
+ 2010-08-14 13:56 . 2010-08-14 13:56 490496 c:\windows\Installer\d8f0b6.msi
+ 2010-02-24 22:14 . 2010-02-24 22:14 543232 c:\windows\Installer\29d562.msp
+ 2010-06-17 15:29 . 2010-06-17 15:29 335872 c:\windows\Installer\{15803703-25FA-4C01-A062-3F4A59937E87}\ARPPRODUCTICON.exe
+ 2007-08-21 09:50 . 2007-08-21 09:50 427848 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\tooltext.dll
+ 2007-08-21 09:50 . 2007-08-21 09:50 348160 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\msvcr71.dll
+ 2007-08-21 09:50 . 2007-08-21 09:50 499712 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\msvcp71.dll
+ 2007-08-21 09:50 . 2007-08-21 09:50 574792 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\mediacataloger.exe
+ 2007-08-21 09:50 . 2007-08-21 09:50 542568 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\kdu_v52r.dll
+ 2007-08-21 09:50 . 2007-08-21 09:50 632680 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\igjpeg2k15d.dll
+ 2007-08-21 09:50 . 2007-08-21 09:50 570696 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\coreslideshow.dll
+ 2007-08-21 09:50 . 2007-08-21 09:50 517448 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\coreprojects.dll
+ 2007-08-21 09:50 . 2007-08-21 09:50 126280 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\corepreferences.dll
+ 2007-08-21 09:50 . 2007-08-21 09:50 230728 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\coremultimedia.dll
+ 2007-08-21 09:50 . 2007-08-21 09:50 759624 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\corefileutil.dll
+ 2007-08-21 09:50 . 2007-08-21 09:50 296264 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\corefileformats.dll
+ 2007-08-21 09:50 . 2007-08-21 09:50 255816 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\coreenums.dll
+ 2007-08-21 09:50 . 2007-08-21 09:50 150856 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\corecolormgr.dll
+ 2007-08-21 09:50 . 2007-08-21 09:50 300360 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\cmdslideshow.dll
+ 2007-08-21 09:50 . 2007-08-21 09:50 223048 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\cmdprojects.dll
+ 2007-08-21 09:50 . 2007-08-21 09:50 122696 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\cmdphotosharing.dll
+ 2007-08-21 09:50 . 2007-08-21 09:50 186696 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\cmdorganizer.dll
+ 2007-08-21 09:50 . 2007-08-21 09:50 130888 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\cmdjgl.dll
+ 2007-08-21 09:50 . 2007-08-21 09:50 137032 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\cmdemail.dll
+ 2010-06-10 06:17 . 2010-02-25 06:15 916480 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2010-06-10 06:17 . 2010-02-22 14:22 388984 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2010-06-10 06:17 . 2008-07-08 13:00 234872 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2010-06-10 06:17 . 2010-02-25 06:15 206848 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2010-06-10 06:17 . 2010-02-25 06:15 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2010-06-10 06:17 . 2010-02-25 06:15 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2010-06-10 06:17 . 2010-02-25 06:14 247808 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2010-06-10 06:17 . 2010-02-25 06:14 184320 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2010-06-10 06:17 . 2009-03-08 02:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2010-06-10 06:17 . 2010-02-25 06:14 387584 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2010-06-10 06:17 . 2010-02-24 09:53 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2010-05-02 21:22 . 2009-03-08 02:34 914944 c:\windows\ie8updates\KB972260-IE8\wininet.dll
- 2009-08-26 12:36 . 2009-03-08 02:34 914944 c:\windows\ie8updates\KB972260-IE8\wininet.dll
+ 2010-08-12 06:20 . 2010-05-06 10:31 916480 c:\windows\ie8updates\KB2183461-IE8\wininet.dll
+ 2010-08-12 06:20 . 2010-02-22 14:22 388984 c:\windows\ie8updates\KB2183461-IE8\spuninst\updspapi.dll
+ 2010-08-12 06:20 . 2009-05-26 09:01 234872 c:\windows\ie8updates\KB2183461-IE8\spuninst\spuninst.exe
+ 2010-08-12 06:20 . 2010-05-06 10:31 206848 c:\windows\ie8updates\KB2183461-IE8\occache.dll
+ 2010-08-12 06:20 . 2010-05-06 10:31 611840 c:\windows\ie8updates\KB2183461-IE8\mstime.dll
+ 2010-08-12 06:20 . 2010-05-06 10:31 599040 c:\windows\ie8updates\KB2183461-IE8\msfeeds.dll
+ 2010-08-12 06:20 . 2010-05-06 10:31 247808 c:\windows\ie8updates\KB2183461-IE8\ieproxy.dll
+ 2010-08-12 06:20 . 2010-05-06 10:31 184320 c:\windows\ie8updates\KB2183461-IE8\iepeers.dll
+ 2010-08-12 06:20 . 2010-05-06 10:31 743424 c:\windows\ie8updates\KB2183461-IE8\iedvtool.dll
+ 2010-08-12 06:20 . 2010-05-06 10:31 387584 c:\windows\ie8updates\KB2183461-IE8\iedkcs32.dll
+ 2010-08-12 06:20 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2183461-IE8\ie4uinit.exe
+ 2010-06-10 21:15 . 2010-06-10 21:15 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_f4d8fa9e\System.Drawing.dll
+ 2010-06-10 21:15 . 2010-06-10 21:15 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_edf4fe04\System.Drawing.Design.dll
+ 2010-06-10 21:15 . 2010-06-10 21:15 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_59b10ce7\CustomMarshalers.dll
+ 2010-08-12 16:11 . 2010-08-12 16:11 159232 c:\windows\assembly\NativeImages_v2.0.50727_32\YouTubeUploaderMain\c66b216f0f80b9204322d4fd271a87e8\YouTubeUploaderMain.ni.exe
+ 2010-08-12 16:13 . 2010-08-12 16:13 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\a16b8bcca59515281688ec856c034698\WsatConfig.ni.exe
+ 2010-08-12 16:09 . 2010-08-12 16:09 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\672c4d8e3c33e309c1ed90fa4cb85aba\WindowsFormsIntegration.ni.dll
+ 2010-08-12 16:06 . 2010-08-12 16:06 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\cd91a32f4e36ccb2981c72c0d333e928\UIAutomationTypes.ni.dll
+ 2010-08-12 16:09 . 2010-08-12 16:09 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\9df760fdf8071c7b0de78f39de365e6a\UIAutomationClient.ni.dll
+ 2010-08-12 16:14 . 2010-08-12 16:14 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\ff53d5b5249a2841ee196294429f51cf\System.Xml.Linq.ni.dll
+ 2010-08-12 16:14 . 2010-08-12 16:14 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\5e16c279496a553c988c6199f0cee8aa\System.Web.Routing.ni.dll
+ 2010-08-12 16:09 . 2010-08-12 16:09 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\d0ae809162b55e2fa958739177476af8\System.Web.RegularExpressions.ni.dll
+ 2010-08-12 16:14 . 2010-08-12 16:14 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\720b28d81e987b889180b291ea19b821\System.Web.Extensions.Design.ni.dll
+ 2010-08-12 16:14 . 2010-08-12 16:14 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\da36fd678161cd3444ef547c894e3f35\System.Web.Entity.ni.dll
+ 2010-08-12 16:14 . 2010-08-12 16:14 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\49ae7c73fac8827123d5db1714c22599\System.Web.Entity.Design.ni.dll
+ 2010-08-12 16:14 . 2010-08-12 16:14 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ce3aa27d3c4c052845ac5abb1374defa\System.Web.DynamicData.ni.dll
+ 2010-08-12 16:14 . 2010-08-12 16:14 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\95fab896ef2af14876e3e1524379773b\System.Web.Abstractions.ni.dll
+ 2010-08-12 16:08 . 2010-08-12 16:08 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\26d5bf1f7e700c2c19aa9b1da5519b24\System.Transactions.ni.dll
+ 2010-08-12 16:09 . 2010-08-12 16:09 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll
+ 2010-08-12 06:24 . 2010-08-12 06:24 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\75e331a5d731d8e207be07adc06dec23\System.Security.ni.dll
+ 2010-08-12 16:07 . 2010-08-12 16:07 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dd7497aa089340600c8c5af8ab421ff7\System.Runtime.Serialization.Formatters.Soap.ni.d ll
+ 2010-08-12 16:08 . 2010-08-12 16:08 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3de39eb60b9d32af46f32f6c7a88fc7f\System.Runtime.Remoting.ni.dll
+ 2010-08-12 16:14 . 2010-08-12 16:14 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll
+ 2010-08-12 16:14 . 2010-08-12 16:14 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\97bd2a5d946aa3a824e4cfe5b6ef95aa\System.Messaging.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll
+ 2010-08-12 16:14 . 2010-08-12 16:14 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll
+ 2010-08-12 16:14 . 2010-08-12 16:14 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\1c23e58c4871c6b2c133333be2b6a5ee\System.Management.Automation.resources.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\4490976887e2e5a3b594041edbdf5064\System.IO.Log.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\77b9f6f6671aaaeb84c6907d467e792c\System.IdentityModel.Selectors.ni.dll
+ 2010-08-12 16:08 . 2010-08-12 16:08 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.Wrapper.dll
+ 2010-08-12 16:08 . 2010-08-12 16:08 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.ni.dll
+ 2010-08-12 16:09 . 2010-08-12 16:09 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\90199b4aa63b1b9c8ed0c3de16eec824\System.Drawing.Design.ni.dll
+ 2010-08-12 16:14 . 2010-08-12 16:14 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-08-12 16:09 . 2010-08-12 16:09 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7a823a4f61cf8c86aad02559f8fed07b\System.DirectoryServices.Protocols.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 689664 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\34416ae70ef799fae3a42fa3bd93afa8\System.Data.SqlServerCe.ni.dll
+ 2010-08-12 16:14 . 2010-08-12 16:14 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll
+ 2010-08-12 16:14 . 2010-08-12 16:14 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll
+ 2010-08-12 16:14 . 2010-08-12 16:14 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\488c4017d45e861644a34fae557aa80f\System.Data.Entity.Design.ni.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\41345e34f26854fc1878eae3e4d5d4a5\System.Data.DataSetExtensions.ni.dll
+ 2010-08-12 06:23 . 2010-08-12 06:23 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll
+ 2010-08-12 16:09 . 2010-08-12 16:09 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\b48677ab9aa7a6830785f67b8478b4da\System.Configuration.Install.ni.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\93a0958d5557e2b380647af0171ad354\System.AddIn.ni.dll
+ 2010-08-12 16:09 . 2010-08-12 16:09 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\a055d54c458b7557d957c714551873c3\sysglobl.ni.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d0758f84e927e3f0a15a6cde1b96d835\SMSvcHost.ni.exe
+ 2010-08-12 16:13 . 2010-08-12 16:13 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8043a108e3bb2d3dcc84b547b8085e99\SMDiagnostics.ni.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5aeb40ff7128df2881fb03c01d070b20\ServiceModelReg.ni.exe
+ 2010-08-12 16:09 . 2010-08-12 16:09 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e7e7321956e6822b1bf3691c35c842f6\PresentationFramework.Aero.ni.dll
+ 2010-08-12 16:09 . 2010-08-12 16:09 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a14488afff027f0f2985e659449097f5\PresentationFramework.Royale.ni.dll
+ 2010-08-12 16:09 . 2010-08-12 16:09 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\787e60c5dd562cb45887080095d2a3b7\PresentationFramework.Classic.ni.dll
+ 2010-08-12 16:09 . 2010-08-12 16:09 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2313ccc125dcb6a9800048ec1c51ec12\PresentationFramework.Luna.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 137728 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Framework#\93299cfa3188496d42177f77308667d5\Panasonic.Framework.View.Util.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 456704 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Framework#\312b0fd35f5e366d40d850e85222e55a\Panasonic.Framework.Model.Command.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 314880 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.Upda#\21c0926f6999ab126343f91b109ed104\Panasonic.Core.Updater.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 246784 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.Spec#\cbd47b1794f98760d27f7aaffbc69286\Panasonic.Core.Spec.Plugin.DCF.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.Spec#\cb6638d0a44bde3e0b1f6462a51e2da6\Panasonic.Core.Spec.Plugin.Base.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 917504 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.Spec#\848dc5613d77481d088a3b5f9bea2187\Panasonic.Core.Spec.ContentInformation.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 430592 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.Medi#\2d912e09eb59cb68805e70be31023f95\Panasonic.Core.MediaOrchestra.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 123904 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.Help#\fd8e6b3dc1b4d31de501bcd2d7c01bba\Panasonic.Core.Helper.FileSystem.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 167936 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.Help#\5b95a9d400ce67cb226a7c99a427ca59\Panasonic.Core.Helper.IISHilightHelper.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 403968 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.Help#\5860a5cd161557ffa76ea6a205b8d6db\Panasonic.Core.Helper.MakerPrivate.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 294400 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.Help#\2e392da442548495b1ade83a69697a8c\Panasonic.Core.Helper.MakerPrivateCli.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 239104 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.Face#\bda523a7c596c0e0c65f461fec4d0d28\Panasonic.Core.FaceIdentifierCli.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 150528 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.Even#\19c372d34c9ea9013b65def9c3050ac3\Panasonic.Core.EventLog.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 344576 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.Driv#\e886e337c574a5f5572ef90edba6adb6\Panasonic.Core.DriveControl.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 202752 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.Devi#\67e66c8ea084469df85613466ed5b567\Panasonic.Core.DeviceControl.ni.dll
+ 2010-08-14 13:56 . 2010-08-14 13:56 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.SystemL#\c221461aeb4f27731d265142888b2425\PaintDotNet.SystemLayer.Native.x86.ni.dll
+ 2010-08-14 13:56 . 2010-08-14 13:56 871424 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.SystemL#\41d822643fdbb14b442202e6274034a2\PaintDotNet.SystemLayer.ni.dll
+ 2010-08-14 13:56 . 2010-08-14 13:56 388608 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Resourc#\e2579c7d21458574741ffc33c4db5aad\PaintDotNet.Resources.ni.dll
+ 2010-08-14 13:56 . 2010-08-14 13:56 796160 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Effects\855563bfeaff8d5dcca27832a2fbbe8b\PaintDotNet.Effects.ni.dll
+ 2010-08-14 13:56 . 2010-08-14 13:56 568832 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Data\1c042250a44efc313e31c6355dfb74c6\PaintDotNet.Data.ni.dll
+ 2010-08-14 13:56 . 2010-08-14 13:56 775168 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Base\faa1f5f56cf4eb3bdc833ac429736e8b\PaintDotNet.Base.ni.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5db9c32d9f352162e6da220ca463db0d\MSBuild.ni.exe
+ 2010-08-12 16:13 . 2010-08-12 16:13 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fcf975f74bd134d8e0fa8f37c5bc6a8c\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 968192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\ddf0b43a5467013f826232fb4d059880\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 433664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\c314791ced733fca0b01d97f87c1671b\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 148480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\95283aeaf043cf6550f525f7c2533344\Microsoft.PowerShell.Security.ni.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 492032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\29b677e9d1a41f78bd85463edc26891e\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 472064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\e489793fb494ff9d467cb8620ce9e2b7\Microsoft.MapPoint.Rendering3D.Utility.ni.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 840192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\deba555b5d848944c70d4c8ae297956e\Microsoft.MapPoint.Geometry.ni.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 411648 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\cc134b6f9a83b4fb2346869ffd99f613\Microsoft.MapPoint.Network.ni.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 766976 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\bfbb5a8378b21da0caf990708b6fc735\Microsoft.MapPoint.Data.VirtualEarthTileDataSourc e.ni.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 340992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\9d666637bf64e132f3393db423707208\Microsoft.MapPoint.UtilityPartialTrust.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 438272 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\73c82b0697aff6093ecb5a90713b8b36\Microsoft.MapPoint.MapControl3D.ni.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 344064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\5813d9c981877fe41945bf3df4ae1b34\Microsoft.MapPoint.Utility.ni.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 434176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\09579af13e9e1c226fba0a4e1291d59a\Microsoft.MapPoint.Data.CompactMapFile.ni.dll
+ 2010-08-12 06:24 . 2010-08-12 06:24 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d6b9038136600fbfbbbd7460dc19da19\Microsoft.Build.Utilities.ni.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\585cc7218599e7806521d0e737ba5ffb\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3057ec53731286e69e389d103c32fa41\Microsoft.Build.Engine.ni.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\914e338ac6e92714f3e32ae5d89bf03b\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-08-14 13:56 . 2010-08-14 13:56 518656 c:\windows\assembly\NativeImages_v2.0.50727_32\ICSharpCode.SharpZi#\9dd371dcb7c5042221f1947d73feccef\ICSharpCode.SharpZipLib.ni.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\12ae6f3635448471fc9f7d8bfe39c67d\CustomMarshalers.ni.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\daca3c9ad6d867d3fec70d14b4f20cf3\ComSvcConfig.ni.exe
+ 2010-08-12 16:11 . 2010-08-12 16:11 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\56aec0938ef1bbdeca65b07a5fe8cd39\AspNetMMCExt.ni.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-10 21:13 . 2010-06-10 21:13 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-06-10 21:13 . 2010-06-10 21:13 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-06-10 21:13 . 2010-06-10 21:13 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-08-26 12:34 . 2009-08-26 12:34 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-05-26 06:08 . 2009-05-26 09:01 388984 c:\windows\$NtUninstallKB981793$\spuninst\updspapi.dll
+ 2010-05-26 06:08 . 2009-05-26 09:01 234872 c:\windows\$NtUninstallKB981793$\spuninst\spuninst.exe
+ 2010-06-10 21:17 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB980218$\spuninst\updspapi.dll
+ 2010-06-10 21:17 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB980218$\spuninst\spuninst.exe
+ 2010-06-10 21:17 . 2008-04-14 12:00 285696 c:\windows\$NtUninstallKB980218$\atmfd.dll
+ 2010-06-10 06:18 . 2008-07-08 13:00 388984 c:\windows\$NtUninstallKB980195$\spuninst\updspapi.dll
+ 2010-06-10 06:18 . 2008-07-08 13:00 234872 c:\windows\$NtUninstallKB980195$\spuninst\spuninst.exe
+ 2010-06-10 06:17 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB979559$\spuninst\updspapi.dll
+ 2010-06-10 06:17 . 2009-05-26 09:01 234872 c:\windows\$NtUninstallKB979559$\spuninst\spuninst.exe
+ 2010-06-10 06:15 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB979482$\spuninst\updspapi.dll
+ 2010-06-10 06:15 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB979482$\spuninst\spuninst.exe
+ 2010-06-10 06:15 . 2007-07-27 21:11 382840 c:\windows\$NtUninstallKB978695_WM9$\spuninst\updspapi.dll
+ 2010-06-10 06:15 . 2007-07-27 18:46 234872 c:\windows\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe
+ 2010-05-12 06:13 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB978542$\spuninst\updspapi.dll
+ 2010-05-12 06:13 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB978542$\spuninst\spuninst.exe
+ 2010-05-12 06:13 . 2008-04-11 19:04 691712 c:\windows\$NtUninstallKB978542$\inetcomm.dll
+ 2010-06-10 06:15 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB975562$\spuninst\updspapi.dll
+ 2010-06-10 06:15 . 2008-07-08 13:00 234872 c:\windows\$NtUninstallKB975562$\spuninst\spuninst.exe
+ 2010-07-16 11:20 . 2010-02-22 17:52 388984 c:\windows\$NtUninstallKB2229593$\spuninst\updspapi.dll
+ 2010-07-16 11:20 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB2229593$\spuninst\spuninst.exe
+ 2010-07-16 11:20 . 2008-04-14 12:00 744448 c:\windows\$NtUninstallKB2229593$\helpsvc.exe
+ 2010-06-10 06:17 . 2010-02-22 14:22 388984 c:\windows\$hf_mig$\KB982381-IE8\update\updspapi.dll
+ 2010-06-10 06:17 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB982381-IE8\update\update.exe
+ 2010-06-10 06:17 . 2008-07-08 13:00 234872 c:\windows\$hf_mig$\KB982381-IE8\spuninst.exe
+ 2010-06-10 06:10 . 2010-05-06 10:26 919040 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
+ 2010-06-10 06:10 . 2010-05-06 10:26 206848 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\occache.dll
+ 2010-06-10 06:10 . 2010-05-06 10:26 611840 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mstime.dll
+ 2010-06-10 06:10 . 2010-05-06 10:26 599040 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\msfeeds.dll
+ 2010-06-10 06:10 . 2010-05-06 10:26 247808 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\ieproxy.dll
+ 2010-06-10 06:10 . 2010-05-06 10:26 184320 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iepeers.dll
+ 2010-06-10 06:10 . 2010-05-06 10:26 743424 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iedvtool.dll
+ 2010-06-10 06:10 . 2010-05-06 10:26 387584 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iedkcs32.dll
+ 2010-06-10 06:10 . 2010-05-05 13:55 173056 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\ie4uinit.exe
+ 2010-06-10 21:17 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB980218\update\updspapi.dll
+ 2010-06-10 21:17 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB980218\update\update.exe
+ 2010-06-10 21:17 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB980218\spuninst.exe
+ 2010-04-20 05:37 . 2010-04-20 05:37 285824 c:\windows\$hf_mig$\KB980218\SP3QFE\atmfd.dll
+ 2010-06-10 06:18 . 2008-07-08 13:00 388984 c:\windows\$hf_mig$\KB980195\update\updspapi.dll
+ 2010-06-10 06:18 . 2008-07-08 13:00 765304 c:\windows\$hf_mig$\KB980195\update\update.exe
+ 2010-06-10 06:18 . 2008-07-08 13:00 234872 c:\windows\$hf_mig$\KB980195\spuninst.exe
+ 2010-06-10 06:17 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB979559\update\updspapi.dll
+ 2010-06-10 06:17 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB979559\update\update.exe
+ 2010-06-10 06:17 . 2009-05-26 09:01 234872 c:\windows\$hf_mig$\KB979559\spuninst.exe
+ 2010-06-10 06:15 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB979482\update\updspapi.dll
+ 2010-06-10 06:15 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB979482\update\update.exe
+ 2010-06-10 06:15 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB979482\spuninst.exe
+ 2010-05-12 06:13 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB978542\update\updspapi.dll
+ 2010-05-12 06:13 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB978542\update\update.exe
+ 2010-05-12 06:13 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB978542\spuninst.exe
+ 2010-01-29 14:53 . 2010-01-29 14:53 691712 c:\windows\$hf_mig$\KB978542\SP3QFE\inetcomm.dll
+ 2010-06-10 06:15 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB975562\update\updspapi.dll
+ 2010-06-10 06:15 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB975562\update\update.exe
+ 2010-06-10 06:15 . 2008-07-08 13:00 234872 c:\windows\$hf_mig$\KB975562\spuninst.exe
+ 2010-07-16 11:20 . 2010-02-22 17:52 388984 c:\windows\$hf_mig$\KB2229593\update\updspapi.dll
+ 2010-07-16 11:20 . 2010-02-22 14:21 765304 c:\windows\$hf_mig$\KB2229593\update\update.exe
+ 2010-07-16 11:20 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB2229593\spuninst.exe
+ 2010-07-16 10:20 . 2010-06-14 14:38 744448 c:\windows\$hf_mig$\KB2229593\SP3QFE\helpsvc.exe
+ 2009-07-11 22:02 . 2009-07-11 22:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
- 2008-07-29 07:05 . 2008-07-29 07:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2009-07-11 20:11 . 2009-07-11 20:11 5102400 c:\windows\WinSxS\amd64_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d7860533\mfc90u.dll
+ 2009-07-11 20:11 . 2009-07-11 20:11 5083448 c:\windows\WinSxS\amd64_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d7860533\mfc90.dll
+ 2009-06-05 09:51 . 2010-04-06 02:52 2462720 c:\windows\system32\WMVCore.dll
+ 2009-06-05 09:51 . 2010-06-24 12:22 1210368 c:\windows\system32\urlmon.dll
+ 2009-06-05 09:51 . 2010-07-27 06:29 8503296 c:\windows\system32\shell32.dll
- 2009-06-05 09:51 . 2009-11-27 17:11 1297408 c:\windows\system32\quartz.dll
+ 2009-06-05 09:51 . 2010-02-05 18:25 1297408 c:\windows\system32\quartz.dll
+ 2007-06-05 11:20 . 2007-06-05 11:20 1459752 c:\windows\system32\PSIKey.dll
+ 2008-04-14 07:29 . 2010-04-28 05:41 2148864 c:\windows\system32\ntoskrnl.exe
- 2008-04-14 07:29 . 2010-02-16 19:04 2148864 c:\windows\system32\ntoskrnl.exe
+ 2008-04-14 07:30 . 2010-04-28 05:41 2027008 c:\windows\system32\ntkrnlpa.exe
- 2008-04-14 07:30 . 2010-02-16 19:04 2027008 c:\windows\system32\ntkrnlpa.exe
+ 2009-06-05 09:51 . 2010-06-24 12:22 5951488 c:\windows\system32\mshtml.dll
+ 2009-10-28 03:40 . 2010-08-08 05:57 5612496 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-03-08 02:32 . 2010-06-24 12:21 1986560 c:\windows\system32\iertutil.dll
+ 2009-06-05 09:51 . 2010-04-06 02:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2009-06-05 09:51 . 2010-06-24 09:02 1852032 c:\windows\system32\dllcache\win32k.sys
+ 2009-06-05 09:51 . 2010-06-24 12:22 1210368 c:\windows\system32\dllcache\urlmon.dll
+ 2009-06-05 09:51 . 2010-07-27 06:29 8503296 c:\windows\system32\dllcache\shell32.dll
- 2009-06-05 09:51 . 2009-11-27 17:11 1297408 c:\windows\system32\dllcache\quartz.dll
+ 2009-06-05 09:51 . 2010-02-05 18:25 1297408 c:\windows\system32\dllcache\quartz.dll
- 2009-06-05 09:21 . 2010-02-17 12:04 2192256 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-06-05 09:21 . 2010-04-28 18:11 2192256 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-06-05 09:21 . 2010-04-28 05:41 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-06-05 09:21 . 2010-02-16 19:04 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-02-10 17:03 . 2010-02-16 19:04 2069120 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-02-10 17:03 . 2010-04-28 05:41 2069120 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-06-05 09:21 . 2010-02-16 19:04 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-06-05 09:21 . 2010-04-28 05:41 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2009-06-05 09:51 . 2009-07-31 04:32 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2009-06-05 09:51 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll
- 2009-06-05 08:59 . 2009-07-10 13:26 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2009-06-05 08:59 . 2010-01-29 14:59 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2009-06-05 09:51 . 2010-06-24 12:22 5951488 c:\windows\system32\dllcache\mshtml.dll
+ 2009-06-05 08:59 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe
- 2009-06-05 08:59 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2009-08-26 12:27 . 2010-06-24 12:21 1986560 c:\windows\system32\dllcache\iertutil.dll
+ 2009-11-06 23:06 . 2009-11-06 23:06 1130824 c:\windows\system32\dfshim.dll
+ 2010-04-07 21:48 . 2010-04-07 21:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
- 2008-11-25 02:59 . 2008-11-25 02:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 03:32 . 2010-03-23 03:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 03:32 . 2010-03-23 03:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2009-08-07 21:51 . 2009-08-07 21:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 04:40 . 2010-05-11 04:40 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 04:40 . 2010-05-11 04:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2010-04-01 09:42 . 2010-04-01 09:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2008-05-27 23:35 . 2008-05-27 23:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2010-04-01 09:42 . 2010-04-01 09:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2008-05-27 23:35 . 2008-05-27 23:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2010-03-31 12:50 . 2010-03-31 12:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2008-05-27 22:48 . 2008-05-27 22:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-03-31 12:50 . 2010-03-31 12:50 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2010-04-01 09:42 . 2010-04-01 09:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2008-05-27 22:43 . 2008-05-27 22:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-07-02 19:15 . 2010-07-02 19:15 1472000 c:\windows\Installer\c50570.msi
+ 2010-06-20 08:01 . 2010-06-20 08:01 8040960 c:\windows\Installer\8a234b.msp
+ 2010-07-02 16:56 . 2010-07-02 16:56 2286080 c:\windows\Installer\346ee9.msi
+ 2010-07-02 16:37 . 2010-07-02 16:37 1096704 c:\windows\Installer\346ede.msi
+ 2009-11-08 22:25 . 2009-11-08 22:25 1935360 c:\windows\Installer\2add3c.msp
+ 2010-06-17 15:31 . 2010-06-17 15:31 1973248 c:\windows\Installer\1b0714.msi
+ 2010-06-17 15:29 . 2010-06-17 15:29 3467776 c:\windows\Installer\1b0707.msi
+ 2010-04-11 20:17 . 2010-04-11 20:17 2607104 c:\windows\Installer\127b3af.msp
+ 2010-04-11 20:17 . 2010-04-11 20:17 4210688 c:\windows\Installer\127b3ae.msp
+ 2010-06-20 10:46 . 2010-06-20 10:46 1219584 c:\windows\Installer\122c565.msi
+ 2007-08-21 09:50 . 2007-08-21 09:50 1060864 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\mfc71.dll
+ 2007-08-21 09:50 . 2007-08-21 09:50 2180968 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\igcore15d.dll
+ 2007-08-21 09:50 . 2007-08-21 09:50 1873224 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\corepython24.dll
+ 2007-08-21 09:50 . 2007-08-21 09:50 1086792 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\coreorganizer.dll
+ 2007-08-21 09:50 . 2007-08-21 09:50 1354568 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\corel_mediaonerc.dll
+ 2007-08-21 09:50 . 2007-08-21 09:50 2301256 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\corel_mediaone.exe
+ 2007-08-21 09:50 . 2007-08-21 09:50 1882952 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\coreimageformats.dll
+ 2007-08-21 09:50 . 2007-08-21 09:50 1594696 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\coregui.dll
+ 2007-08-21 09:50 . 2007-08-21 09:50 1530696 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\coregdi.dll
+ 2007-08-21 09:50 . 2007-08-21 09:50 1012040 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\corecontrols.dll
+ 2007-08-21 09:50 . 2007-08-21 09:50 2333000 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\corecmd.dll
+ 2007-08-21 09:50 . 2007-08-21 09:50 1705800 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\cmdbase2.dll
+ 2007-08-21 09:50 . 2007-08-21 09:50 1227592 c:\windows\Installer\$PatchCache$\Managed\336965C3ED8C2E64BBF86F158986C1F2\2.0.0\cmdbase1.dll
+ 2010-06-10 06:17 . 2010-02-25 06:15 1209344 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2010-06-10 06:17 . 2010-02-25 06:15 5944832 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2010-06-10 06:17 . 2010-02-25 06:15 1985536 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2010-08-12 06:20 . 2010-05-06 10:31 1209344 c:\windows\ie8updates\KB2183461-IE8\urlmon.dll
+ 2010-08-12 06:20 . 2010-05-06 10:31 5950976 c:\windows\ie8updates\KB2183461-IE8\mshtml.dll
+ 2010-08-12 06:20 . 2010-05-06 10:31 1985536 c:\windows\ie8updates\KB2183461-IE8\iertutil.dll
+ 2009-06-05 09:21 . 2010-04-28 18:11 2192256 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2009-06-05 09:21 . 2010-02-17 12:04 2192256 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2009-06-05 09:21 . 2010-02-16 19:04 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-06-05 09:21 . 2010-04-28 05:41 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-02-10 17:03 . 2010-02-16 19:04 2069120 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-02-10 17:03 . 2010-04-28 05:41 2069120 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-06-05 09:21 . 2010-02-16 19:04 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-06-05 09:21 . 2010-04-28 05:41 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-06-10 21:15 . 2010-06-10 21:15 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_ef768b7a\System.dll
+ 2010-06-10 21:14 . 2010-06-10 21:14 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_2b5be7b9\System.dll
+ 2010-06-10 21:15 . 2010-06-10 21:15 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_78c3623b\System.Xml.dll
+ 2010-06-10 21:15 . 2010-06-10 21:15 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_4f3730fc\System.Xml.dll
+ 2010-06-10 21:15 . 2010-06-10 21:15 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_f2844da4\System.Windows.Forms.dll
+ 2010-06-10 21:15 . 2010-06-10 21:15 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_b097d4ce\System.Windows.Forms.dll
+ 2010-06-10 21:15 . 2010-06-10 21:15 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_16db51d7\System.Drawing.dll
+ 2010-06-10 21:15 . 2010-06-10 21:15 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_b872c61f\System.Design.dll
+ 2010-06-10 21:15 . 2010-06-10 21:15 1466368 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_a146b704\System.Design.dll
+ 2010-06-10 21:15 . 2010-06-10 21:15 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a5a738c4\mscorlib.dll
+ 2010-06-10 21:15 . 2010-06-10 21:15 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_0ab99378\mscorlib.dll
+ 2010-08-12 16:11 . 2010-08-12 16:11 3808768 c:\windows\assembly\NativeImages_v2.0.50727_32\YTUploader\c43809231df824fbcef3809a37a26b00\YTUploader.ni.dll
+ 2010-08-12 06:24 . 2010-08-12 06:24 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cec7ecb8eac09dd630d180ce87d23b80\WindowsBase.ni.dll
+ 2010-08-12 16:09 . 2010-08-12 16:09 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\b7f6e7b265f9aae807ddc4284563e550\UIAutomationClientsideProviders.ni.dll
+ 2010-08-12 06:23 . 2010-08-12 06:23 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
+ 2010-08-12 06:23 . 2010-08-12 06:23 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
+ 2010-08-12 16:14 . 2010-08-12 16:14 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\60b3c9a63b2065a6952d16256545c25d\System.WorkflowServices.ni.dll
+ 2010-08-12 16:14 . 2010-08-12 16:14 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5cc2a23ce8ac371c7a97b5e542ee27ed\System.Workflow.Runtime.ni.dll
+ 2010-08-12 16:14 . 2010-08-12 16:14 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c0aabf67e7ef98dc10c3e174c136731b\System.Workflow.ComponentModel.ni.dll
+ 2010-08-12 16:14 . 2010-08-12 16:14 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\66682c8a064608ba4ffd0463cf09aef9\System.Workflow.Activities.ni.dll
+ 2010-08-12 16:09 . 2010-08-12 16:09 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2d662564b8d9c57a34c588cc2970902b\System.Web.Services.ni.dll
+ 2010-08-12 16:14 . 2010-08-12 16:14 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\9b455702c9b7b02c5708406f87986751\System.Web.Mobile.ni.dll
+ 2010-08-12 16:14 . 2010-08-12 16:14 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\49c7a1c78ed9502ba97c11e6bd993f63\System.Web.Extensions.ni.dll
+ 2010-08-12 16:09 . 2010-08-12 16:09 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5eb08849d17b272ed2a393420cb0305b\System.Speech.ni.dll
+ 2010-08-12 16:14 . 2010-08-12 16:14 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\f5790a1b7b41e7b8d05f01b549c80f39\System.ServiceModel.Web.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8061a0f5c1c2ee0549e19224352f67fa\System.Runtime.Serialization.ni.dll
+ 2010-08-12 16:08 . 2010-08-12 16:08 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\99767d4df92b83fdfb06012512722ec1\System.Printing.ni.dll
+ 2010-08-12 16:14 . 2010-08-12 16:14 4949504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\cf2f92b2b626f7e53e80146b17bd7bed\System.Management.Automation.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\0885f31c21b796465fde6297dba20981\System.IdentityModel.ni.dll
+ 2010-08-12 16:06 . 2010-08-12 16:06 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll
+ 2010-08-12 16:08 . 2010-08-12 16:08 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d20b7e58607ddb1ded9b687627ae8c21\System.DirectoryServices.ni.dll
+ 2010-08-12 16:06 . 2010-08-12 16:06 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\daa33674d4250e38a24b70180d209ac8\System.Deployment.ni.dll
+ 2010-08-12 16:08 . 2010-08-12 16:08 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f04ef00e652a8655a717639e8aeb7b63\System.Data.ni.dll
+ 2010-08-12 06:24 . 2010-08-12 06:24 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f0470c2be4e6bb1dadbeed43e4e8af5c\System.Data.SqlXml.ni.dll
+ 2010-08-12 16:14 . 2010-08-12 16:14 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\23cf0498f2ebe4c8ffa5cc79efca2dc5\System.Data.Services.ni.dll
+ 2010-08-12 16:09 . 2010-08-12 16:09 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\58202ed61096113d08815c0a78313b66\System.Data.OracleClient.ni.dll
+ 2010-08-12 16:09 . 2010-08-12 16:09 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c18c236a09e715138daec2e25be205bb\System.Data.Linq.ni.dll
+ 2010-08-12 16:14 . 2010-08-12 16:14 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6ce886492d9b6a34555be3f328682ec2\System.Data.Entity.ni.dll
+ 2010-08-12 16:09 . 2010-08-12 16:09 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\faeda674832135a080bc73eda51813ff\System.Core.ni.dll
+ 2010-08-12 16:08 . 2010-08-12 16:08 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\3e85c3d63ce3c3f37061aa626feb2a52\ReachFramework.ni.dll
+ 2010-08-12 16:08 . 2010-08-12 16:08 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\bf67db30179ff6e8cb1bdbaa290d122e\PresentationUI.ni.dll
+ 2010-08-12 06:23 . 2010-08-12 06:23 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\835786d8a0caabae09ad440f6e3abfc6\PresentationBuildTasks.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 4789760 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Framework#\eaf69b26b1cc85401a94723770031244\Panasonic.Framework.View.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 2354176 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Framework#\d055c0ae81aefe8cf712878d6198d341\Panasonic.Framework.View.Area.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 4415488 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Framework#\826ea0eb3328f6976602d717b5570e0c\Panasonic.Framework.Model.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 1663488 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Framework#\26350805daa41818b11ee70311c3ab39\Panasonic.Framework.View.Parts.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 3734016 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Framework#\20feb964e4ab4fef4d3d2ba7aaba9c01\Panasonic.Framework.View.Resource.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 1063936 c:\windows\assembly\NativeImages_v2.0.50727_32\Panasonic.Core.MACS\0b1d420f21f324cd52ca94fd1a6b4cc5\Panasonic.Core.MACS.ni.dll
+ 2010-08-14 13:56 . 2010-08-14 13:56 3140608 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet\250df0760d03a235eb14982ca90c30b6\PaintDotNet.ni.exe
+ 2010-08-14 13:56 . 2010-08-14 13:56 1870848 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Core\09c84c7483acbf395f854cf414564992\PaintDotNet.Core.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\9732a7c993055f82040642966db07ccf\Microsoft.VisualBasic.ni.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\773d7bf69a9a0c0556aa41f53e75ab05\Microsoft.Transactions.Bridge.ni.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 2766336 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\fe7296468a17db9cb46bed85ae931b0e\Microsoft.MapPoint.Graphics3D.ni.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 1949184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\ecf4a3607505d76357ddf05f0191bd09\Microsoft.MapPoint.Modeling.ni.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 4094976 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\9db9b5f60b3ab9adbb155e2719fb622f\Microsoft.MapPoint.Rendering3D.ni.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 1217024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\47857e354d635fd46499bd0d9c547b7b\Microsoft.MapPoint.Data.ni.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 1524224 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\1eeb37443afc3f5f60df69faf20b1895\Microsoft.MapPoint.GraphicsAPI.ni.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 1524736 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\14b6f742980ace494855bc8db32417d5\Microsoft.MapPoint.Rendering3D.WorldMemoryDataSou rce.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07efdb9da2a18e27585c604be\Microsoft.JScript.ni.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d0fb91b296616a1a844bf265947018ee\Microsoft.Build.Tasks.ni.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\892e993c8df1c75081113131dc429c15\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-08-12 16:13 . 2010-08-12 16:13 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d0beebd2c9045158cdcd4bd5987b717b\Microsoft.Build.Engine.ni.dll
+ 2010-06-24 06:17 . 2010-06-24 06:17 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-06-10 21:13 . 2010-06-10 21:13 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-24 06:17 . 2010-06-24 06:17 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-10-15 07:10 . 2009-10-15 07:10 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-08-26 12:34 . 2009-08-26 12:34 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-06-24 06:17 . 2010-06-24 06:17 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-08-12 06:22 . 2010-08-12 06:22 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-10-15 07:07 . 2009-10-15 07:07 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-06-10 21:14 . 2010-06-10 21:14 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-06-10 21:14 . 2010-06-10 21:14 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-10-15 07:07 . 2009-10-15 07:07 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-06-10 06:17 . 2009-08-14 15:10 1850752 c:\windows\$NtUninstallKB979559$\win32k.sys
+ 2010-06-10 06:15 . 2009-05-20 02:56 2458112 c:\windows\$NtUninstallKB978695_WM9$\wmvcore.dll
+ 2010-05-12 06:13 . 2009-07-10 13:26 1315328 c:\windows\$NtUninstallKB978542$\msoe.dll
+ 2010-06-10 06:15 . 2009-11-27 17:11 1297408 c:\windows\$NtUninstallKB975562$\quartz.dll
+ 2010-06-10 06:10 . 2010-05-06 10:26 1209856 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\urlmon.dll
+ 2010-06-10 06:10 . 2010-05-06 10:26 5953024 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
+ 2010-06-10 06:10 . 2010-05-06 10:26 1986048 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iertutil.dll
+ 2010-05-02 08:00 . 2010-05-02 08:00 1860480 c:\windows\$hf_mig$\KB979559\SP3QFE\win32k.sys
+ 2010-01-29 14:53 . 2010-01-29 14:53 1315328 c:\windows\$hf_mig$\KB978542\SP3QFE\msoe.dll
+ 2010-02-05 18:28 . 2010-02-05 18:28 1297408 c:\windows\$hf_mig$\KB975562\SP3QFE\quartz.dll
+ 2009-08-26 12:37 . 2010-08-03 18:09 35962312 c:\windows\system32\MRT.exe
+ 2009-03-08 02:39 . 2010-06-24 15:51 11077120 c:\windows\system32\ieframe.dll
+ 2009-07-19 16:41 . 2010-06-24 15:51 11077120 c:\windows\system32\dllcache\ieframe.dll
+ 2010-04-02 17:29 . 2010-04-02 17:29 11413504 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp
+ 2010-08-13 18:09 . 2010-08-13 18:09 12263936 c:\windows\Installer\7f390b.msp
+ 2010-06-17 16:15 . 2010-06-17 16:15 33086464 c:\windows\Installer\47efa5.msp
+ 2010-05-19 11:08 . 2010-05-19 11:08 11408896 c:\windows\Installer\399194.msp
+ 2010-03-30 23:23 . 2010-03-30 23:23 15638528 c:\windows\Installer\2add48.msp
+ 2010-06-17 15:30 . 2010-06-17 15:30 93624320 c:\windows\Installer\1b070e.msi
+ 2010-04-02 10:30 . 2010-04-02 10:30 17456640 c:\windows\Installer\127b3da.msp
+ 2010-04-11 20:17 . 2010-04-11 20:17 14599680 c:\windows\Installer\127b3bd.msp
+ 2010-06-10 06:17 . 2010-02-25 09:45 11070976 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2010-08-12 06:20 . 2010-05-06 10:31 11076096 c:\windows\ie8updates\KB2183461-IE8\ieframe.dll
+ 2010-08-12 16:06 . 2010-08-12 16:06 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll
+ 2010-08-12 16:09 . 2010-08-12 16:09 11798016 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\411a627d6f5cb83509332253406988e5\System.Web.ni.dll
+ 2010-08-12 16:12 . 2010-08-12 16:12 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\f523a69e7c93ee4f245c996eac4b3a57\System.ServiceModel.ni.dll
+ 2010-08-12 16:09 . 2010-08-12 16:09 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\b307acf63075b997d02a97a7492d0d9c\System.Design.ni.dll
+ 2010-08-12 16:08 . 2010-08-12 16:08 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a632f3ef85ffd35341b383eed577cb93\PresentationFramework.ni.dll
+ 2010-08-12 16:05 . 2010-08-12 16:05 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f00db8db51f5707c7fe52c0683dc6136\PresentationCore.ni.dll
+ 2010-08-12 06:23 . 2010-08-12 06:23 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
+ 2010-05-06 13:56 . 2010-05-06 13:56 11078144 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\ieframe.dll
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\programme\softonic-de3\tbsof1.dll" [2010-05-15 2515552]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\programme\Winload\tbWin0.dll" [2010-05-15 2515552]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\programme\MyAshampoo\tbMyAs.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]

[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]

[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2010-05-15 17:33 2515552 ----a-w- c:\programme\Winload\tbWin0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2009-12-31 09:53 2349080 ----a-w- c:\programme\MyAshampoo\tbMyAs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2010-05-15 17:33 2515552 ----a-w- c:\programme\softonic-de3\tbsof1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\programme\softonic-de3\tbsof1.dll" [2010-05-15 2515552]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\programme\Winload\tbWin0.dll" [2010-05-15 2515552]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\programme\MyAshampoo\tbMyAs.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]

[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]

[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{40C3CC16-7269-4B32-9531-17F2950FB06F}"= "c:\programme\Winload\tbWin0.dll" [2010-05-15 2515552]
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"= "c:\programme\softonic-de3\tbsof1.dll" [2010-05-15 2515552]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\programme\MyAshampoo\tbMyAs.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]

[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]

[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-27 2010864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"Norman ZANDA"="c:\programme\Norman\Npm\Bin\ZLH.EXE" [2010-01-29 189824]
"T-DSL SpeedMgr"="c:\programme\T-DSL SpeedManager\SpeedMgr.exe" [2004-07-14 397312]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Ulead AutoDetector v2"="c:\programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe" [2007-08-02 95504]
"Corel File Shell Monitor"="c:\programme\Corel\Corel MediaOne\CorelIOMonitor.exe" [2007-12-01 38400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programme\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Image Zone Schnellstart.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Image Zone Schnellstart.lnk
backup=c:\windows\pss\HP Image Zone Schnellstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Bayern 3D\\Bayern3D.exe"=

R1 NGS;Norman General Security Driver;c:\programme\Norman\ngs\bin\ngs.sys [17.08.2010 22:44 26744]
R1 NPROSEC;Norman Security driver;c:\programme\Norman\ngs\bin\nprosec.sys [17.08.2010 22:44 72392]
R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\SASDIFSV.SYS [15.09.2009 11:42 12872]
R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [15.09.2009 11:42 66632]
R2 ACEDRV08;ACEDRV08;c:\windows\system32\drivers\ACEDRV08.sys [09.11.2009 20:43 108768]
R2 drhard;drhard;c:\windows\system32\drivers\drhard.sys [27.08.2009 21:07 23600]
R2 Ndiskio;Ndiskio;c:\programme\Norman\Nse\Bin\Ndiskio.sys [15.10.2009 20:59 22880]
R2 NNFSVC;Norman Network Filtering service;c:\programme\Norman\ngs\bin\nnf.exe [17.08.2010 22:44 219904]
R2 NPROSECSVC;Norman Security service;c:\programme\Norman\ngs\bin\nprosec.exe [17.08.2010 22:44 103016]
R2 nregsec;Norman Registry Security driver;c:\programme\Norman\ngs\bin\nregsec.sys [17.08.2010 22:44 40384]
R2 NVOY;Norman Resource Provider;c:\programme\Norman\Npm\Bin\nvoy.exe [27.08.2009 10:14 98776]
R3 nsesvc;Norman Scanner Engine Service;c:\programme\Norman\Nse\Bin\Nsesvc.exe [17.06.2010 21:07 282624]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [27.08.2009 10:14 21832]
R3 nvcoas;Norman Virus Control on-access component;c:\programme\Norman\nvc\bin\Nvcoas.exe [27.08.2009 10:14 210248]
R3 SASENUM;SASENUM;c:\programme\SUPERAntiSpyware\SASENUM.SYS [15.09.2009 11:42 12872]
R3 Scheduler;Norman Scheduler Service;c:\programme\Norman\Npm\Bin\scheduler.exe [27.08.2009 10:18 133272]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [29.08.2009 17:15 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [05.06.2009 11:22 1684736]
S3 cpuz131;cpuz131;\??\c:\dokume~1\ADMINI~1\LOKALE~1\Temp\cpuz131\cpuz_x32.sys --> c:\dokume~1\ADMINI~1\LOKALE~1\Temp\cpuz131\cpuz_x32.sys [?]
S3 NVCScheduler;Norman Virus Control Scheduler;"c:\programme\Norman\Npm\Bin\Nvcsched.exe" --> c:\programme\Norman\Npm\Bin\Nvcsched.exe [?]
S3 TNPacket;T-Systems Nova Packet Capture Driver;c:\programme\T-DSL SpeedManager\TNPACKET.SYS [11.03.2004 17:44 9696]
S3 WPEServ;WPEServ;c:\programme\Gemeinsame Dateien\WPE\wpeserv.exe [05.01.2010 18:37 323584]

--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - mchInjDrv
.
Inhalt des "geplante Tasks" Ordners

2010-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-08-29 14:25]

2010-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-08-29 14:25]

2010-08-31 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\programme\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 15:36]
.
.

Rainer2 31.08.2010 21:54
Der Text war zu lang. Hier der Rest.

------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {3A6AC65B-5C4A-42F4-BE0B-667259779C59} = 217.0.43.177 217.0.43.161
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\programme\Crawler\ctbr.dll
FF - ProfilePath - c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - MyAshampoo Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://de.wikipedia.org/wiki/Benutzer:Rainer_Lippert
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\components\FFExternalAlert.dll
FF - component: c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\components\RadioWMPCore.dll
FF - component: c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\FFExternalAlert.dll
FF - component: c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\RadioWMPCore.dll
FF - component: c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\FFExternalAlert.dll
FF - component: c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCore.dll
FF - component: c:\programme\Crawler\firefox\components\xcomm.dll
FF - component: c:\programme\Crawler\firefox\components\xshared.dll
FF - component: c:\programme\Crawler\firefox\components\xsupport.dll
FF - component: c:\programme\Crawler\firefox\components\xwsg.dll
FF - plugin: c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\z8fc5ugq.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: c:\programme\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programme\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programme\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programme\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: yahoo.homepage.dontask - truec:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

AddRemove-_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF} - c:\programme\Corel\Corel Painter Essentials 3\MSILauncher {0C180787-F8C8-42FD-A9D3-689BA44BEAAF}



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-31 22:47
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(580)
c:\programme\SUPERAntiSpyware\SASWINLO.dll
.
Zeit der Fertigstellung: 2010-08-31 22:49:53
ComboFix-quarantined-files.txt 2010-08-31 20:49
ComboFix2.txt 2010-04-29 20:22

Vor Suchlauf: 74.366.976 Bytes frei
Nach Suchlauf: 859.668.480 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - DBA519138DFD79BBF20762829AFF805E

cosinus 01.09.2010 11:52
Zitat:
Jetzt fragt er mich aber nach dem Passwort zu meiner E-Mail Adresse. Die kenne ich aber nicht.
Ich kenn Dein Passwort auch nicht :rofl:
Es gibt da so eine Passwort vergessen Funktion bei Deinem Mailprovider. Aber eigentlich notiert man sich die wichtigsten Passwörter.

Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

Rainer2 01.09.2010 19:11
Hallo,

Passwort habe ich gefunden :crazy:

Nutze inzwischen schon Thunderbird. Danke für den Tipp.

GMER ist mehrmals abgestürtzt. OSAM lässt sich nicht starten, weil eine Datei fehlt. Er sagt, eine Neuinstallation könne helfen. Ich habe es mehrmals gemacht, ohne Erfolg.

Grüße,

Rainer

cosinus 01.09.2010 19:25
Bitte entpack OSAM mit 7-ZIP oder WinRAR
Und McAfee vorher deaktivieren, da es die OSAM.exe als schädlich einstuft, was aber ein Fehlalarm ist!

Rainer2 01.09.2010 20:59
Jetzt hat es geklappt. Hier das Logfile.

Viele Grüße,

Rainer


OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:58:10 on 01.09.2010

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.8

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"HPpromotions journeysoftware.job" - "hp" - C:\Programme\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"PCWizard.cpl" - "CPUID" - C:\WINDOWS\system32\PCWizard.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ACEDRV08" (ACEDRV08) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\ACEDRV08.sys
"catchme" (catchme) - ? - C:\DOKUME~1\User\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"cpuz131" (cpuz131) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\cpuz131\cpuz_x32.sys  (File not found)
"drhard" (drhard) - "Licensed for Gebhard Software" - C:\WINDOWS\system32\drivers\drhard.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"Ndiskio" (Ndiskio) - "Norman ASA" - C:\Programme\Norman\Nse\Bin\NDISKIO.SYS
"Norman General Security Driver" (NGS) - "Norman ASA" - c:\programme\norman\ngs\bin\ngs.sys
"Norman Registry Security driver" (nregsec) - "Norman ASA" - C:\Programme\Norman\Ngs\Bin\nregsec.sys
"Norman Security driver" (NPROSEC) - "Norman ASA" - C:\Programme\Norman\Ngs\Bin\nprosec.sys
"NvcMFlt" (NvcMFlt) - "Norman ASA" - C:\WINDOWS\System32\DRIVERS\nvcw32mf.sys
"PCANDIS5 Protocol Driver" (PCANDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\PROGRA~1\T-DSLS~1\PCANDIS5.SYS
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
"SASENUM" (SASENUM) - " SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASENUM.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.sys
"T-Systems Nova Packet Capture Driver" (TNPacket) - "T-Systems Nova GmbH" - C:\Programme\T-DSL SpeedManager\TNPACKET.SYS
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{4D25FB7A-8902-4291-960E-9ADA051CFBBF} "tbr" - "Crawler.com" - C:\Programme\Crawler\ctbr.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Programme\SUPERAntiSpyware\SASSEH.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682} "IZArc DragDrop Menu" - ? - C:\Programme\IZArc\IZArcCM.dll  (File found, but it contains no detailed information)
{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} "IZArc Shell Context Menu" - ? - C:\Programme\IZArc\IZArcCM.dll  (File found, but it contains no detailed information)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL
{806ED916-BE33-43B7-A0BF-85875E1347FC} "PDF2" - "TODO: <Company name>" - C:\Programme\DATA BECKER\PDF Genie 3.0\pdfshell.dll
{5B8177CA-E44B-4A0A-960B-935A15B21B58} "PDFContextMenuExt Class" - "TODO: <Company name>" - C:\Programme\DATA BECKER\PDF Genie 3.0\pdfshell.dll
{83CE324B-E2BF-4F03-97A8-2EFB84E57BAF} "PDFPropPageExt Class" - "TODO: <Company name>" - C:\Programme\DATA BECKER\PDF Genie 3.0\pdfshell.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{BD88A479-9623-4897-8546-BC62B9628F44} "SPTHandler" - ? -  (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Crawler Toolbar" - "Crawler.com" - C:\Programme\Crawler\ctbr.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "MyAshampoo Toolbar" - "Conduit Ltd." - C:\Programme\MyAshampoo\tbMyAs.dll
<binary data> "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Programme\softonic-de3\tbsof1.dll
<binary data> "Winload Toolbar" - "Conduit Ltd." - C:\Programme\Winload\tbWin0.dll
<binary data> "{4A1C6093-14F9-44D7-860E-5D265CFCA9D9}" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} "MyAshampoo Toolbar" - "Conduit Ltd." - C:\Programme\MyAshampoo\tbMyAs.dll
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Programme\softonic-de3\tbsof1.dll
{40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" - "Conduit Ltd." - C:\Programme\Winload\tbWin0.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{722FE9B2-6895-42D9-9984-F4CB26616023} "Öffnen mit PDF Genie 3" - "TODO: <Company name>" - C:\Programme\DATA BECKER\PDF Genie 3.0\pdfshell.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Crawler Toolbar" - "Crawler.com" - C:\Programme\Crawler\ctbr.dll
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} "MyAshampoo Toolbar" - "Conduit Ltd." - C:\Programme\MyAshampoo\tbMyAs.dll
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Programme\softonic-de3\tbsof1.dll
{40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" - "Conduit Ltd." - C:\Programme\Winload\tbWin0.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} "MyAshampoo Toolbar" - "Conduit Ltd." - C:\Programme\MyAshampoo\tbMyAs.dll
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Programme\softonic-de3\tbsof1.dll
{10945114-b19f-4614-8450-b25e444a1020} "SparweltGutscheinAlarm.Sparwelt_Gutschein_Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{40c3cc16-7269-4b32-9531-17f2950fb06f} "Winload Toolbar" - "Conduit Ltd." - C:\Programme\Winload\tbWin0.dll
{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} "{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}" - "Crawler.com" - C:\Programme\Crawler\ctbr.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office\OSA9.EXE  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\User\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Corel File Shell Monitor" - "Corel, Inc." - C:\Programme\Corel\Corel MediaOne\CorelIOMonitor.exe
"HP Software Update" - "Hewlett-Packard Co." - C:\Programme\HP\HP Software Update\HPWuSchd2.exe
"Norman ZANDA" - "Norman ASA" - "C:\Programme\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
"RemoteControl" - "Cyberlink Corp." - C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"T-DSL SpeedMgr" - "T-Systems Nova, Berkom" - "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe"
"Ulead AutoDetector v2" - "Ulead Systems, Inc." - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Updater Service" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"HID Input Service" (HidServ) - ? -  C:\WINDOWS\System32\hidserv.dll  (File not found)
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
"Norman eLogger service 6" (eLoggerSvc6) - "Norman ASA" - C:\Programme\Norman\Npm\Bin\Elogsvc.exe
"Norman Network Filtering service" (NNFSVC) - "Norman ASA" - C:\Programme\Norman\Ngs\Bin\Nnf.exe
"Norman NJeeves" (Norman NJeeves) - "Norman ASA" - C:\Programme\Norman\Npm\Bin\Njeeves.exe
"Norman Resource Provider" (NVOY) - "Norman ASA" - C:\Programme\Norman\npm\bin\nvoy.exe
"Norman Scanner Engine Service" (nsesvc) - "Norman ASA" - C:\Programme\Norman\nse\bin\NSESVC.EXE
"Norman Scheduler Service" (Scheduler) - "Norman ASA" - C:\Programme\Norman\Npm\Bin\scheduler.exe
"Norman Security service" (NPROSECSVC) - "Norman ASA" - C:\Programme\Norman\Ngs\Bin\Nprosec.exe
"Norman Virus Control on-access component" (nvcoas) - "Norman ASA" - C:\Programme\Norman\Nvc\Bin\nvcoas.exe
"Norman Virus Control Scheduler" (NVCScheduler) - ? - "C:\Programme\Norman\Npm\Bin\Nvcsched.exe"  (File not found)
"Norman ZANDA" (Norman ZANDA) - "Norman ASA" - C:\Programme\Norman\Npm\Bin\Zanda.exe
"Pml Driver HPZ12" (Pml Driver HPZ12) - "HP" - C:\WINDOWS\system32\HPZipm12.exe
"ProtexisLicensing" (ProtexisLicensing) - ? - C:\WINDOWS\system32\PSIService.exe
"TSMService" (TSMService) - "T-Systems Nova, Berkom" - C:\Programme\T-DSL SpeedManager\tsmsvc.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"WPEServ" (WPEServ) - "soft Xpansion" - C:\Programme\Gemeinsame Dateien\WPE\wpeserv.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Rainer2 01.09.2010 21:04
Hier nun alles vom bootkit.

Viele Grüße,

Rainer

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`007d8200
Boot sector MD5 is: 5ddc20efcc4d1dab37c348c7db7289cf

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...

cosinus 02.09.2010 10:09
Einen Gegencheck brauch ich:

Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Rainer2 02.09.2010 20:48
Hallo,

es öffnet sich ein schwarzes Fenster mit Textinhalt. Diesen kann ich aber nicht kopieren. Da steht drinnen, dass ich Windows XP nutze, Servica Pack 3 habe und eine Festplatte von 149 GB.

Grüße,

Rainer

Rainer2 02.09.2010 21:03
Jetzt habe ich die Textdatei gefunden. Die lag unten in der Taskleiste.

Grüße,

Rainer

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 121):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F78000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F67000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F48000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F22000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0A000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EEA000 fltMgr.sys
0xB9ED8000 sr.sys
0xBA0F8000 PxHelp20.sys
0xB9EC1000 KSecDD.sys
0xB9EAE000 WudfPf.sys
0xB9E21000 Ntfs.sys
0xB9DF4000 NDIS.sys
0xB9DDA000 Mup.sys
0xB93DC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB8D6F000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB8D5B000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8D33000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8D10000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xBA3E8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8CEC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3F0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB93CC000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA578000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB8CD8000 \SystemRoot\system32\DRIVERS\parport.sys
0xB93BC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA3F8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB93AC000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB939C000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8CB5000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA712000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB938C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA580000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8C9E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB937C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB936C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA400000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8C8D000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA128000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA408000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA410000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8C5D000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA138000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA418000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5D6000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8BFF000 \SystemRoot\system32\DRIVERS\update.sys
0xBA59C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA168000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA8581000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA855D000 \SystemRoot\system32\drivers\portcls.sys
0xBA188000 \SystemRoot\system32\drivers\drmk.sys
0xBA198000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5E4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA84FC000 \??\C:\Programme\Norman\Ngs\Bin\nprosec.sys
0xBA5E6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7D9000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5E8000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA450000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA458000 \SystemRoot\System32\drivers\vga.sys
0xBA5EA000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5EC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA460000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA468000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA55C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA84C9000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA8470000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA8448000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA8422000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA8400000 \SystemRoot\System32\drivers\afd.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA83DF000 \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.sys
0xBA470000 \??\C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
0xA83B4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xBA478000 \??\c:\programme\norman\ngs\bin\ngs.sys
0xA8344000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA1D8000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA5A0000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xB8BAA000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB8BA6000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA238000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA8304000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5F8000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA852D000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA4A8000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA72F000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF058000 \SystemRoot\System32\igxpdv32.DLL
0xBF2E8000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA8162000 \??\C:\WINDOWS\system32\drivers\ACEDRV08.sys
0xA81F0000 \??\C:\Programme\Norman\Nse\Bin\NDISKIO.SYS
0xA81E8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA7DC5000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA3E0000 \SystemRoot\System32\Drivers\drhard.SYS
0xA7C56000 \SystemRoot\system32\DRIVERS\srv.sys
0xA7E6A000 \??\C:\Programme\Norman\Ngs\Bin\nregsec.sys
0xA7999000 \SystemRoot\system32\drivers\wdmaud.sys
0xA7AF6000 \SystemRoot\system32\drivers\sysaudio.sys
0xBA368000 \??\C:\Programme\SUPERAntiSpyware\SASENUM.SYS
0xA73B8000 \SystemRoot\System32\Drivers\HTTP.sys
0xA7251000 \SystemRoot\system32\DRIVERS\nvcw32mf.sys
0xBA735000 \??\C:\Programme\Norman\Npm\Bin\NmchInjDrv.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 53):
0 System Idle Process
4 System
504 C:\WINDOWS\system32\smss.exe
556 C:\WINDOWS\system32\csrss.exe
580 C:\WINDOWS\system32\winlogon.exe
624 C:\WINDOWS\system32\services.exe
636 C:\WINDOWS\system32\lsass.exe
800 C:\Programme\Norman\Npm\Bin\elogsvc.exe
812 C:\Programme\Norman\ngs\bin\nnf.exe
832 C:\Programme\Norman\ngs\bin\nprosec.exe
884 C:\WINDOWS\system32\svchost.exe
952 C:\WINDOWS\system32\svchost.exe
992 C:\WINDOWS\system32\svchost.exe
1028 C:\WINDOWS\system32\svchost.exe
1088 C:\Programme\Norman\Npm\Bin\Zanda.exe
1196 C:\Programme\Norman\Npm\Bin\nvoy.exe
1360 C:\WINDOWS\explorer.exe
1484 C:\WINDOWS\system32\svchost.exe
1512 C:\WINDOWS\system32\svchost.exe
1592 C:\WINDOWS\system32\spoolsv.exe
1656 C:\WINDOWS\system32\svchost.exe
1748 C:\Programme\Java\jre6\bin\jqs.exe
1796 C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe
1836 C:\WINDOWS\system32\HPZipm12.exe
1868 C:\WINDOWS\system32\PSIService.exe
1916 C:\WINDOWS\system32\svchost.exe
760 C:\WINDOWS\system32\alg.exe
1212 C:\WINDOWS\RTHDCPL.EXE
1232 C:\WINDOWS\system32\igfxtray.exe
1244 C:\WINDOWS\system32\hkcmd.exe
1300 C:\WINDOWS\system32\igfxpers.exe
1316 C:\Programme\Norman\Npm\Bin\Zlh.exe
1336 C:\WINDOWS\system32\igfxsrvc.exe
1704 C:\Programme\T-DSL SpeedManager\SpeedMgr.exe
1744 C:\Programme\HP\HP Software Update\hpwuSchd2.exe
1896 C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
2108 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
2116 C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe
2124 C:\Programme\Corel\Corel MediaOne\CorelIOMonitor.exe
2148 C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
2168 C:\Programme\Messenger\msmsgs.exe
2404 C:\Programme\Norman\Npm\Bin\scheduler.exe
2416 C:\Programme\Norman\Npm\Bin\Njeeves.exe
2488 C:\Programme\Norman\Nse\Bin\Nsesvc.exe
2848 C:\WINDOWS\system32\wbem\wmiapsrv.exe
3080 C:\Programme\Norman\nvc\bin\Nvcoas.exe
3200 C:\Programme\Norman\nvc\bin\Nip.exe
3420 C:\Programme\T-DSL SpeedManager\TSMSvc.exe
3544 C:\Programme\Norman\nvc\bin\CClaw.exe
3612 C:\Programme\Mozilla Thunderbird\thunderbird.exe
2724 C:\Programme\Mozilla Firefox\firefox.exe
152 C:\PROGRA~1\Crawler\CToolbar.exe
3392 C:\Dokumente und Einstellungen\User\Eigene Dateien\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`007d8200 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600AAJS-00L7A0, Rev: 01.03E01

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11


Done!

cosinus 03.09.2010 10:02
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Rainer2 03.09.2010 22:20
Hallo,

SUPERAntiSpyware hat einen Befall gefunden. Leider kann ich dazu kein Logfile finden. Der andere Scan läuft noch.

Viele Grüße,

Rainer

Rainer2 04.09.2010 11:21
Hier nun der andere Scan.

Viele Grüße,

Rainer

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4536

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

04.09.2010 12:06:14
mbam-log-2010-09-04 (12-06-14).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 381569
Laufzeit: 3 Stunde(n), 19 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 04.09.2010 16:02
Was hat SASW gefunden?? Ohne diese Angaben kann ich nichts dazu sagen!

Rainer2 04.09.2010 17:50
Hallo,

also in die Quarantäne hat er folgendes verschoben: Trojan.Agent/Gen-Nullo[Short]

Ein weiterer Scan blieb anschließend ohne Befund.

Viele Grüße,

Rainer

cosinus 05.09.2010 15:14
Ok, erfahrungsgemäß hat SASW hin und wieder auch einige Fehlalarme.
Noch Probleme oder weitere Funde in der Zwischenzeit?

Rainer2 05.09.2010 17:36
Hallo.

beide Scans sind inzwischen ohne Meldung durchgelaufen. Meine Verbindung bleibt stabil. Sowie ich aber Outlook starte, was aber inzwischen nicht mehr mein Hauptmailprogramm ist, werde ich immer noch rausgeschmissen.

Grüße.

Rainer

cosinus 05.09.2010 18:16
Zitat:
Sowie ich aber Outlook starte, was aber inzwischen nicht mehr mein Hauptmailprogramm ist, werde ich immer noch rausgeschmissen.
Darf nicht passieren, aber wieso startest Du OE denn immer noch? Welchen Sinn macht das, seine Mails parallel mit Thunderbird und OjE zu verwalten? :wtf:

Rainer2 05.09.2010 19:14
Hallo,

ich habe OE gestartet, um zu sehen, ob meine Verbindung stabil bleibt. Ich also jetzt sauber bin. Was aber noch nicht der Fall ist.

Grüße,

Rainer

cosinus 05.09.2010 19:45
Zitat:
Ich also jetzt sauber bin. Was aber noch nicht der Fall ist.
Weil Outlook die Verbindung abbrechen lässt, ist es merkwürdig auf Befall zu schließen. Nicht jedes Problem hängt mit Befall zusammen.
Hast Du eine dauerhafte Verbindung über einen DSL-Router oder baust Du die Verbindung jedes mal manuell auf?

Lies mal hier => http://forum.chip.de/rund-um-softwar...ung-47229.html

Rainer2 06.09.2010 17:46
Hallo,

früher hatte ich mit Outlook keine Probleme. Deswegen denke ich, es hat noch mit dem Befall zu tun.

Ich wähle mich jedesmal neu ein, mit einem externen Modem.

Grüße,

Rainer

cosinus 06.09.2010 19:31
Ja, dann lies mal den Artikel dazu. Da gab es einen Hinweis.
Allerdings versteh ich immer noch nicht, warum Du OjE immer noch öffnen musst :stirn:


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:31 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58