Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   20 tans werden abgefragt onlinebanking => rootkit? (https://www.trojaner-board.de/90436-20-tans-abgefragt-onlinebanking-rootkit.html)

sonor71 05.09.2010 19:55
20 tans werden abgefragt onlinebanking => rootkit?
 
Hallo,

wurde heute zum ersten Mal auf meiner onlinebanking-seite in einem fenster nach 20 tans gefragt. denke es ist ein sog. rootkit auf meinem pc.

ich bitte um kompetente unterstützung für mein problem. vorab - 1000 dank!

Hinweis: vor wenigen tagen ist auch ein fenster aufgegangen, das mir mitteilte, dass mein computer binnen einer zeitfrist automatisch heruntergefahren wird... dies erfolgte auch. z.t. funktionieren seit tagen auch manch andere internetseiten nicht wie gewohnt. ewiges laden, etc...

beste grüße

sonor 71

cosinus 05.09.2010 21:45
Hallo und :hallo:

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lies die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.



Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

sonor71 06.09.2010 06:08
MBAM log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4551

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

05.09.2010 21:14:01
mbam-log-2010-09-05 (21-14-01).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 133622
Laufzeit: 2 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sysReserve.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\krl32mainweq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
_________________________________________________________________OTL Logfile:
Code:
OTL logfile created on: 06.09.2010 06:40:19 - Run 1
OTL by OldTimer - Version 3.2.11.0    Folder = C:\Dokumente und Einstellungen\Uli\Desktop\MFTools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 87,00% Memory free
7,00 Gb Paging File | 7,00 Gb Available in Paging File | 95,00% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,73 Gb Total Space | 168,81 Gb Free Space | 72,54% Space Free | Partition Type: NTFS
Drive D: | 232,82 Gb Total Space | 201,45 Gb Free Space | 86,52% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: BÜRO
Current User Name: Uli
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Uli\Desktop\MFTools\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Realtek\Diagnostics Utility\8169Diag.exe (Realtek)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\Uli\Desktop\MFTools\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\asr_nime.dll ()
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Programme\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\test2.com\catchme.sys File not found
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                          )
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (Diag69xp) -- C:\WINDOWS\system32\drivers\diag69xp.sys (Realtek Semiconductor Corporation)
DRV - (RTLVLAN) -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS (Realtek Semiconductor Corporation)
DRV - (LANPkt) -- C:\WINDOWS\system32\drivers\LANPkt.sys (Realtek Semiconductor Corporation)
DRV - (DLADResM) -- C:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (MMRTKRNL) -- C:\WINDOWS\system32\drivers\mmrtkrnl.sys (ALCATech GmbH)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (MarxDev3) -- C:\WINDOWS\System32\drivers\MARXDEV3.SYS ()
DRV - (MarxDev2) -- C:\WINDOWS\System32\drivers\MARXDEV2.SYS ()
DRV - (MarxDev1) -- C:\WINDOWS\System32\drivers\MARXDEV1.SYS ()
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=6080814
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=6080814
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.24 18:19:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.24 10:12:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.08.15 11:08:06 | 000,000,000 | ---D | M]
 
[2010.01.09 01:28:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uli\Anwendungsdaten\Mozilla\Extensions
[2010.01.09 01:28:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Uli\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.02.26 01:11:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Uli\Anwendungsdaten\Mozilla\Firefox\Profiles\y7e5rgnc.default\extensions
[2010.02.26 01:11:28 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Dokumente und Einstellungen\Uli\Anwendungsdaten\Mozilla\Firefox\Profiles\y7e5rgnc.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.09.05 18:52:07 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.03.25 22:24:51 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.25 22:24:51 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.25 22:24:51 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.25 22:24:51 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.25 22:24:52 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.09.05 19:23:22 | 000,417,196 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 14422 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [8169Diag] C:\Programme\Realtek\Diagnostics Utility\8169Diag.exe (Realtek)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [dellsupportcenter] C:\Programme\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Programme\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 16
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Dell.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Dell.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.08.13 13:54:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{440f9c8c-73a4-11dd-9d16-002268b304ea}\Shell\AutoRun\command - "" = K:\Install FreeAgent Tools.exe -- File not found
O33 - MountPoints2\{e3ec2634-dceb-11dd-9e34-002268b304ea}\Shell\AutoRun\command - "" = K:\InstallSeagateManager.exe -- File not found
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\Install FreeAgent Tools.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: audipubw - (C:\WINDOWS\system32\asr_nime.dll) - C:\WINDOWS\system32\asr_nime.dll ()
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.05 21:01:46 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2010.09.05 20:58:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Uli\Anwendungsdaten\Malwarebytes
[2010.09.05 20:58:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.09.05 20:58:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.09.05 20:58:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.09.05 20:58:16 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.09.05 20:56:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Uli\Desktop\MFTools
[2010.09.03 22:33:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Uli\Eigene Dateien\Turbo Lister
[2010.09.03 18:59:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010.09.02 18:27:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Uli\Anwendungsdaten\Foxit Software
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.06 06:20:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.09.06 06:20:33 | 000,000,488 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2010.09.06 06:20:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.06 06:20:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.06 00:10:45 | 015,204,352 | ---- | M] () -- C:\Dokumente und Einstellungen\Uli\ntuser.dat
[2010.09.06 00:10:40 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Uli\ntuser.ini
[2010.09.05 21:18:22 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Uli\defogger_reenable
[2010.09.05 21:03:01 | 000,000,591 | ---- | M] () -- C:\Dokumente und Einstellungen\Uli\Desktop\NTREGOPT.lnk
[2010.09.05 21:03:01 | 000,000,572 | ---- | M] () -- C:\Dokumente und Einstellungen\Uli\Desktop\ERUNT.lnk
[2010.09.05 20:58:20 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.05 20:56:25 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Uli\Desktop\defogger.exe
[2010.09.05 20:56:06 | 000,284,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Uli\Desktop\Gmer.zip
[2010.09.05 20:43:18 | 000,388,197 | ---- | M] () -- C:\Dokumente und Einstellungen\Uli\Desktop\Load.exe
[2010.09.05 19:23:22 | 000,417,196 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.09.05 18:45:35 | 000,034,424 | ---- | M] () -- C:\Dokumente und Einstellungen\Uli\.recently-used.xbel
[2010.09.03 21:33:16 | 000,001,742 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\eBay Turbo Lister 2.lnk
[2010.09.02 17:51:36 | 000,046,592 | -H-- | M] () -- C:\WINDOWS\System32\asr_nime.dll
[2010.09.02 10:57:04 | 000,417,196 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100905-192322.backup
[2010.08.31 07:40:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[2010.08.13 06:19:59 | 000,247,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.12 23:15:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.08.12 23:15:27 | 001,029,462 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.08.12 23:15:27 | 000,460,664 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.08.12 23:15:27 | 000,442,602 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.08.12 23:15:27 | 000,085,396 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.08.12 23:15:27 | 000,071,868 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2010.09.05 21:23:19 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Uli\Desktop\gmer.exe
[2010.09.05 21:18:22 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Uli\defogger_reenable
[2010.09.05 21:01:46 | 000,000,591 | ---- | C] () -- C:\Dokumente und Einstellungen\Uli\Desktop\NTREGOPT.lnk
[2010.09.05 21:01:46 | 000,000,572 | ---- | C] () -- C:\Dokumente und Einstellungen\Uli\Desktop\ERUNT.lnk
[2010.09.05 20:58:20 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.05 20:56:25 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Uli\Desktop\defogger.exe
[2010.09.05 20:56:05 | 000,284,915 | ---- | C] () -- C:\Dokumente und Einstellungen\Uli\Desktop\Gmer.zip
[2010.09.05 20:44:01 | 000,388,197 | ---- | C] () -- C:\Dokumente und Einstellungen\Uli\Desktop\Load.exe
[2010.09.05 18:45:35 | 000,034,424 | ---- | C] () -- C:\Dokumente und Einstellungen\Uli\.recently-used.xbel
[2010.09.03 21:33:16 | 000,001,742 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\eBay Turbo Lister 2.lnk
[2010.08.30 14:15:42 | 000,046,592 | -H-- | C] () -- C:\WINDOWS\System32\asr_nime.dll
[2010.07.24 01:03:18 | 000,140,560 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.02.25 22:27:45 | 000,000,046 | ---- | C] () -- C:\WINDOWS\Goya.INI
[2010.02.17 19:50:07 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2010.02.17 19:49:23 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009.11.22 21:49:01 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009.10.08 09:51:03 | 000,000,054 | ---- | C] () -- C:\WINDOWS\AlphaPlayer.INI
[2009.07.28 23:43:37 | 000,537,110 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009.05.30 00:34:35 | 000,000,083 | ---- | C] () -- C:\WINDOWS\GraphicsDesk.INI
[2009.04.13 15:49:55 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2009.04.08 15:25:44 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\BH_DATA120VC8.dll
[2009.04.08 07:17:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\FKStampPainter20.dll
[2009.02.07 23:55:10 | 000,000,404 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009.02.07 23:44:15 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\CNCFLfNL.DLL
[2009.02.07 23:18:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\prestopm.INI
[2009.02.02 20:11:40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll
[2009.02.02 20:10:14 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll
[2009.02.02 20:08:36 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll
[2009.02.02 20:08:22 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll
[2008.12.28 23:22:23 | 000,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\MARXDEV3.SYS
[2008.12.28 23:22:23 | 000,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\MARXDEV2.SYS
[2008.12.28 23:22:23 | 000,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\MARXDEV1.SYS
[2008.12.28 23:22:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008.12.11 00:06:02 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2008.11.08 10:49:27 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI
[2008.08.27 21:25:42 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll
[2008.08.23 14:41:13 | 000,008,704 | ---- | C] () -- C:\Dokumente und Einstellungen\Uli\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.23 09:02:23 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6y.DLL
[2008.08.23 09:00:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2008.08.23 09:00:54 | 000,000,105 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI
[2008.08.23 09:00:48 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2008.08.23 09:00:25 | 000,000,074 | ---- | C] () -- C:\WINDOWS\PMINI.ini
[2008.08.23 08:57:20 | 000,000,398 | ---- | C] () -- C:\WINDOWS\System32\CNCMP60.INI
[2008.08.21 18:25:15 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.08.21 09:17:56 | 000,014,852 | ---- | C] () -- C:\Programme\settings.dat
[2008.08.20 21:04:29 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Uli\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008.08.14 12:52:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008.08.14 12:48:03 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008.08.14 12:46:47 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008.08.14 12:46:46 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008.08.14 12:24:41 | 000,876,544 | ---- | C] () -- C:\WINDOWS\System32\TEACico2.dll
[2008.08.14 12:23:30 | 000,001,507 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008.07.23 17:41:16 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\BH_DATA110VC8.dll
[2005.11.09 13:13:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC7.dll
[2005.11.09 13:11:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC7.dll
[2005.11.09 13:11:30 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC7.dll
[2004.08.13 14:04:30 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2000.04.12 07:24:10 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[1997.09.30 06:30:02 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 88 bytes -> C:\Dokumente und Einstellungen\Uli\Eigene Dateien\Adressen1.odb:SummaryInformation
< End of report >
--- --- ---

_________________________________________________________________

OTL EXTRAS Logfile:
OTL Logfile:
Code:
OTL Extras logfile created on: 06.09.2010 06:40:19 - Run 1
OTL by OldTimer - Version 3.2.11.0    Folder = C:\Dokumente und Einstellungen\Uli\Desktop\MFTools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 87,00% Memory free
7,00 Gb Paging File | 7,00 Gb Available in Paging File | 95,00% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,73 Gb Total Space | 168,81 Gb Free Space | 72,54% Space Free | Partition Type: NTFS
Drive D: | 232,82 Gb Total Space | 201,45 Gb Free Space | 86,52% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: BÜRO
Current User Name: Uli
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Dokumente und Einstellungen\Uli\Eigene Dateien\Media Player Classic\mplayerc_update_10_03_08_de\mplayerc_update_10_03_08_de\mplayerc.de.exe" = C:\Dokumente und Einstellungen\Uli\Eigene Dateien\Media Player Classic\mplayerc_update_10_03_08_de\mplayerc_update_10_03_08_de\mplayerc.de.exe:*:Enabled:Media Player Classic -- (Gabest)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series" = Canon MX850 series
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{19B822A6-372A-43E2-9230-0AFA4EC84F8C}" = Lexware buchhalter 2009
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{66B4C110-8BEB-49B5-824E-C70AEEB20ECD}" = ScanSoft OmniPage SE 4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6E9B276F-77BE-49F7-8676-C10017F9E20B}" = Lexware buchhalter Servicepack 2008, Version 13.50
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{88253B77-33C9-4A9D-9E4C-4579E39D9158}" = Diagnostics Utility
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{911A0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Outlook 2002
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{93567BBD-4369-47B2-A621-78E008F8EA33}" = Lexware Elster
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{BC63A4AC-435D-4AAD-9881-D0ED60804D1A}" = Lexware buchhalter Aktualisierung Februar 2008, Version 13.10
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB0694DF-0D74-44D2-8150-A1B435F6C041}" = 350.000 Power Clips auf DVD
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.20
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE688026-1C8C-4E50-889D-4B6607CADC24}" = Lexware buchhalter 2008
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Album Art Downloader XUI" = Album Art Downloader XUI 0.33
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BPM-Studio 4 Profi" = BPM-Studio 4 Profi
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Canon MX850 series Benutzerregistrierung" = Canon MX850 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ERUNT_is1" = ERUNT 1.1j
"Exact Audio Copy" = Exact Audio Copy 0.99pb4
"FFDesktopIcon_is1" = FFDesktopIcon 2
"Finale NotePad 2005a" = Finale NotePad 2005a
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"foobar2000" = foobar2000 v0.9.6.9
"Foxit Reader" = Foxit Reader
"Free DVD Video Burner_is1" = Free DVD Video Burner version 2.1
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.2
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{CB0694DF-0D74-44D2-8150-A1B435F6C041}" = 350.000 Power Clips auf DVD
"MAGIX Video deluxe SE D" = MAGIX Video deluxe SE 7.5.3.1 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2)
"MP Navigator EX 1.1" = Canon MP Navigator EX 1.1
"MuseScore 0.9" = MuseScore 0.9 MuseScore score typesetter
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PDFCreator Toolbar" = PDFCreator Toolbar
"qt7lite_is1" = QT Lite 2.7.0
"RealAlt_is1" = Real Alternative 1.8.2 Lite
"SearchAssist" = SearchAssist
"Uninstall_is1" = Uninstall 1.0.0.1
"WinGimp-2.0_is1" = GIMP 2.6.6
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.07.2010 14:22:23 | Computer Name = BÜRO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4063
 
Error - 25.07.2010 14:22:23 | Computer Name = BÜRO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4063
 
Error - 25.07.2010 14:40:58 | Computer Name = BÜRO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25.07.2010 14:40:58 | Computer Name = BÜRO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1119297
 
Error - 25.07.2010 14:40:58 | Computer Name = BÜRO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1119297
 
Error - 28.07.2010 03:10:25 | Computer Name = BÜRO | Source = ESENT | ID = 490
Description = svchost (2036) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 09.08.2010 12:33:39 | Computer Name = BÜRO | Source = ESENT | ID = 490
Description = svchost (280) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 15.08.2010 08:23:31 | Computer Name = BÜRO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung gimp-2.6.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul gimp-2.6.exe, Version 0.0.0.0, Fehleradresse 0x0005a4b5.
 
Error - 24.08.2010 02:10:57 | Computer Name = BÜRO | Source = ESENT | ID = 490
Description = svchost (2000) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 01.09.2010 15:33:05 | Computer Name = BÜRO | Source = SecurityCenter | ID = 1802
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
 WMI herstellen, um Antivirus- und Firewallprogramme von Drittanbietern zu überwachen.
 
[ System Events ]
Error - 05.09.2010 14:59:09 | Computer Name = BÜRO | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Starten Sie den Dienst neu..
 
Error - 05.09.2010 14:59:09 | Computer Name = BÜRO | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 05.09.2010 14:59:09 | Computer Name = BÜRO | Source = Service Control Manager | ID = 7034
Description = Dienst "SupportSoft Sprocket Service (dellsupportcenter)" wurde unerwartet
 beendet. Dies ist bereits 1 Mal passiert.
 
Error - 05.09.2010 14:59:09 | Computer Name = BÜRO | Source = Service Control Manager | ID = 7034
Description = Dienst "TuneUp Program Statistics Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 05.09.2010 14:59:09 | Computer Name = BÜRO | Source = Service Control Manager | ID = 7034
Description = Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 05.09.2010 14:59:09 | Computer Name = BÜRO | Source = Service Control Manager | ID = 7034
Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 05.09.2010 14:59:09 | Computer Name = BÜRO | Source = Service Control Manager | ID = 7034
Description = Dienst "NMSAccessU" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
Error - 05.09.2010 15:16:13 | Computer Name = BÜRO | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume2" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
 wurde angehalten.
 
Error - 05.09.2010 15:16:13 | Computer Name = BÜRO | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  iaStor
 
Error - 05.09.2010 15:32:20 | Computer Name = BÜRO | Source = System Error | ID = 1003
Description = Fehlercode 10000050, 1. Parameter e1186000, 2. Parameter 00000000,
 3. Parameter 8052ba48, 4. Parameter 00000001.
 
[ TuneUp Events ]
Error - 05.09.2010 14:58:32 | Computer Name = BÜRO | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-09-05 20:58:32', '\device\harddiskvolume2\programme\malwarebytes'
 anti-malware\mbam.exe','3920',0)
 
 
< End of report >
--- --- ---

--- --- ---

cosinus 06.09.2010 09:40
Zitat:
Art des Suchlaufs: Quick-Scan
Ich wollte einen Vollscan sehen.

sonor71 06.09.2010 11:04
meinst Du den mit GMER?

PS: bin die nächsten ca 5 Stunden unterwegs... bis denne!

cosinus 06.09.2010 11:23
Ich meinte den Vollscan mit Malwarebytes.

sonor71 06.09.2010 20:51
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4556

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

06.09.2010 21:46:12
Hallo, hoffe es ist jetzt der richtige scan!?

mbam-log-2010-09-06 (21-46-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 210458
Laufzeit: 22 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\System Volume Information\_restore{DF867C4F-0E0D-4E20-9F25-BC2B2DFBD84A}\RP160\A0014414.exe (Spyware.Zbot) -> Quarantined and deleted successfully.

cosinus 06.09.2010 21:17
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
:OTL
MOD - C:\WINDOWS\system32\asr_nime.dll ()
O33 - MountPoints2\{440f9c8c-73a4-11dd-9d16-002268b304ea}\Shell\AutoRun\command - "" = K:\Install FreeAgent Tools.exe -- File not found
O33 - MountPoints2\{e3ec2634-dceb-11dd-9e34-002268b304ea}\Shell\AutoRun\command - "" = K:\InstallSeagateManager.exe -- File not found
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\Install FreeAgent Tools.exe -- File not found
O36 - AppCertDlls: audipubw - (C:\WINDOWS\system32\asr_nime.dll) - C:\WINDOWS\system32\asr_nime.dll ()
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

sonor71 07.09.2010 06:41
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{440f9c8c-73a4-11dd-9d16-002268b304ea}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{440f9c8c-73a4-11dd-9d16-002268b304ea}\ not found.
File K:\Install FreeAgent Tools.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3ec2634-dceb-11dd-9e34-002268b304ea}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e3ec2634-dceb-11dd-9e34-002268b304ea}\ not found.
File K:\InstallSeagateManager.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ deleted successfully.
File K:\Install FreeAgent Tools.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\audipubw:C:\WINDOWS\system32\asr_nime.dll deleted successfully.
C:\WINDOWS\system32\asr_nime.dll moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Uli
->Temp folder emptied: 1366807 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 3612 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49635 bytes
RecycleBin emptied: 152243911 bytes

Total Files Cleaned = 147,00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 09072010_073617

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 07.09.2010 09:30
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

sonor71 07.09.2010 20:28
ComboFix 10-09-07.01 - Uli 07.09.2010 21:14:15.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3326.2882 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Uli\Desktop\cofi.exe.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\Uli\Anwendungsdaten\PriceGong
c:\dokumente und einstellungen\Uli\Anwendungsdaten\PriceGong\Data\1.xml
c:\dokumente und einstellungen\Uli\Anwendungsdaten\PriceGong\Data\a.xml
c:\dokumente und einstellungen\Uli\Anwendungsdaten\PriceGong\Data\b.xml
c:\dokumente und einstellungen\Uli\Anwendungsdaten\PriceGong\Data\c.xml
c:\dokumente und einstellungen\Uli\Anwendungsdaten\PriceGong\Data\d.xml
c:\dokumente und einstellungen\Uli\Anwendungsdaten\PriceGong\Data\e.xml
c:\dokumente und einstellungen\Uli\Anwendungsdaten\PriceGong\Data\f.xml
c:\dokumente und einstellungen\Uli\Anwendungsdaten\PriceGong\Data\g.xml
c:\dokumente und einstellungen\Uli\Anwendungsdaten\PriceGong\Data\h.xml
c:\dokumente und einstellungen\Uli\Anwendungsdaten\PriceGong\Data\i.xml
c:\dokumente und einstellungen\Uli\Anwendungsdaten\PriceGong\Data\J.xml
c:\dokumente und einstellungen\Uli\Anwendungsdaten\PriceGong\Data\k.xml
c:\dokumente und einstellungen\Uli\Anwendungsdaten\PriceGong\Data\l.xml
c:\dokumente und einstellungen\Uli\Anwendungsdaten\PriceGong\Data\m.xml
c:\dokumente und einstellungen\Uli\Anwendungsdaten\PriceGong\Data\n.xml
c:\dokumente und einstellungen\Uli\Anwendungsdaten\PriceGong\Data\o.xml
c:\dokumente und einstellungen\Uli\Anwendungsdaten\PriceGong\Data\p.xml
c:\dokumente und einstellungen\Uli\Anwendungsdaten\PriceGong\Data\q.xml
c:\dokumente und einstellungen\Uli\Anwendungsdaten\PriceGong\Data\r.xml
c:\dokumente und einstellungen\Uli\Anwendungsdaten\PriceGong\Data\s.xml
c:\dokumente und einstellungen\Uli\Anwendungsdaten\PriceGong\Data\t.xml
c:\dokumente und einstellungen\Uli\Anwendungsdaten\PriceGong\Data\u.xml
c:\dokumente und einstellungen\Uli\Anwendungsdaten\PriceGong\Data\v.xml
c:\dokumente und einstellungen\Uli\Anwendungsdaten\PriceGong\Data\w.xml
c:\dokumente und einstellungen\Uli\Anwendungsdaten\PriceGong\Data\x.xml
c:\dokumente und einstellungen\Uli\Anwendungsdaten\PriceGong\Data\y.xml
c:\dokumente und einstellungen\Uli\Anwendungsdaten\PriceGong\Data\z.xml

.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive1 - Bootkit Whistler was found and disinfected
.
((((((((((((((((((((((( Dateien erstellt von 2010-08-07 bis 2010-09-07 ))))))))))))))))))))))))))))))
.

2010-09-07 14:32 . 2010-09-07 14:32 46592 ---ha-w- c:\windows\system32\asr_nime.dll
2010-09-07 05:36 . 2010-09-07 05:36 -------- d-----w- C:\_OTL
2010-09-05 19:01 . 2010-09-05 19:03 -------- d-----w- c:\programme\ERUNT
2010-09-05 18:58 . 2010-09-05 18:58 -------- d-----w- c:\dokumente und einstellungen\Uli\Anwendungsdaten\Malwarebytes
2010-09-05 18:58 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-05 18:58 . 2010-09-05 18:58 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-09-05 18:58 . 2010-09-05 18:58 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-09-05 18:58 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-02 16:27 . 2010-09-02 16:27 -------- d-----w- c:\dokumente und einstellungen\Uli\Anwendungsdaten\Foxit Software
2010-09-01 02:38 . 2010-07-09 14:26 475136 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Dell\RMC\RMCCreationInfo.exe
2010-09-01 02:38 . 2010-07-02 14:25 1118208 ------w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Dell\RMC\Libxml2.dll
2010-09-01 02:38 . 2010-07-02 14:25 60416 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Dell\RMC\ZLib1.dll
2010-09-01 02:37 . 2010-08-17 18:10 372736 ------w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Dell\DSL\DSLCheck.exe
2010-08-15 09:09 . 2010-06-20 02:21 214016 ----a-w- c:\dokumente und einstellungen\Uli\Anwendungsdaten\Thunderbird\Profiles\yje1miwg.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}\components\calbscmp.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-07 19:04 . 2008-08-23 08:19 -------- d-----w- c:\dokumente und einstellungen\Uli\Anwendungsdaten\Media Player Classic
2010-09-07 19:04 . 2008-08-21 08:02 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-09-07 19:03 . 2010-01-09 13:17 -------- d-----w- c:\programme\CCleaner
2010-09-07 18:57 . 2008-08-28 06:35 -------- d-----w- c:\dokumente und einstellungen\Uli\Anwendungsdaten\foobar2000
2010-09-06 06:27 . 2008-08-23 11:16 -------- d-----w- c:\dokumente und einstellungen\Uli\Anwendungsdaten\gtk-2.0
2010-09-06 05:16 . 2009-06-16 21:11 1 ----a-w- c:\dokumente und einstellungen\Uli\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-05 16:43 . 2008-08-14 10:51 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Dell
2010-09-02 09:49 . 2009-03-18 06:02 -------- d-----w- c:\dokumente und einstellungen\Uli\Anwendungsdaten\Ebfui
2010-08-18 09:55 . 2009-07-18 13:33 -------- d-----w- c:\dokumente und einstellungen\Uli\Anwendungsdaten\BOM
2010-08-15 09:08 . 2008-08-21 07:20 -------- d-----w- c:\programme\Mozilla Thunderbird
2010-08-12 21:15 . 2004-08-13 11:40 85396 ----a-w- c:\windows\system32\perfc007.dat
2010-08-12 21:15 . 2004-08-13 11:40 460664 ----a-w- c:\windows\system32\perfh007.dat
2010-07-31 07:47 . 2009-06-21 11:25 -------- d-----w- c:\programme\CDBurnerXP
2010-07-23 23:03 . 2010-07-23 23:03 140560 ----a-w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
2010-06-30 12:28 . 2004-08-13 11:40 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:15 . 2004-08-13 11:40 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2004-08-13 11:40 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2004-08-13 11:40 17408 ------w- c:\windows\system32\corpol.dll
2010-06-24 09:02 . 2004-08-13 11:40 1852032 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 21:29 . 2009-10-29 07:13 2568656 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\NOS\Adobe_Downloads\install_flash_player.exe
2010-06-21 15:27 . 2004-08-13 11:40 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-13 11:40 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-08-13 11:53 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-13 11:40 1172480 ----a-w- c:\windows\system32\msxml3.dll
2008-08-21 07:17 . 2008-08-21 07:17 14852 -c--a-w- c:\programme\settings.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-01-14_08.14.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-07 19:13 . 2010-09-07 19:13 16384 c:\windows\Temp\Perflib_Perfdata_3c4.dat
+ 2010-02-18 06:37 . 2008-04-14 02:22 54272 c:\windows\system32\vfwwdm32.dll
- 2009-07-28 22:56 . 2009-07-15 09:48 29000 c:\windows\system32\uxtuneup.dll
+ 2010-01-22 19:47 . 2009-11-16 11:25 29000 c:\windows\system32\uxtuneup.dll
- 2008-08-14 10:41 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2008-08-14 10:41 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
+ 2010-02-17 17:51 . 2003-03-14 10:32 24576 c:\windows\system32\TTIC32.dll
+ 2010-02-17 17:51 . 2003-03-14 10:32 24576 c:\windows\system32\TTI32.dll
+ 2010-02-17 17:51 . 2007-07-31 18:58 32768 c:\windows\system32\STRING32.dll
- 2008-08-14 10:44 . 2007-07-27 08:41 26488 c:\windows\system32\spupdsvc.exe
+ 2008-08-14 10:44 . 2007-07-27 21:11 26488 c:\windows\system32\spupdsvc.exe
- 2008-08-14 10:51 . 2008-07-08 13:00 18808 c:\windows\system32\spmsg.dll
+ 2008-08-14 10:51 . 2010-02-22 14:22 18808 c:\windows\system32\spmsg.dll
+ 2009-04-08 16:24 . 2009-04-08 16:24 69632 c:\windows\system32\PXTTool70VC8.dll
+ 2010-03-30 22:16 . 2010-03-30 22:16 99176 c:\windows\system32\PresentationHostProxy.dll
+ 2004-08-13 11:40 . 2010-06-24 12:15 44544 c:\windows\system32\pngfilt.dll
- 2004-08-13 11:40 . 2009-10-29 07:41 44544 c:\windows\system32\pngfilt.dll
- 2004-08-13 11:40 . 2010-01-12 17:40 71868 c:\windows\system32\perfc009.dat
+ 2004-08-13 11:40 . 2010-08-12 21:15 71868 c:\windows\system32\perfc009.dat
+ 2009-11-06 23:07 . 2009-11-06 23:07 49488 c:\windows\system32\netfxperf.dll
+ 2009-11-05 20:17 . 2009-11-05 20:17 11600 c:\windows\system32\mui\0409\mscorees.dll
+ 2004-08-03 23:57 . 2009-11-27 17:11 17920 c:\windows\system32\msyuv.dll
+ 2002-02-04 01:43 . 2003-04-18 15:29 82432 c:\windows\system32\msxml4r.dll
- 2002-02-04 01:43 . 2002-02-04 01:43 82432 c:\windows\system32\msxml4r.dll
+ 2010-02-17 17:51 . 2003-04-18 15:29 44544 c:\windows\system32\msxml4a.dll
+ 2004-08-13 11:40 . 2009-11-27 16:08 28672 c:\windows\system32\msvidc32.dll
+ 2004-08-13 11:40 . 2009-11-27 16:08 11264 c:\windows\system32\msrle32.dll
- 2004-08-13 11:40 . 2008-04-14 02:22 11264 c:\windows\system32\msrle32.dll
- 2007-08-13 16:54 . 2009-10-29 07:40 52224 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 16:54 . 2010-06-24 12:15 52224 c:\windows\system32\msfeedsbs.dll
+ 2009-04-08 15:57 . 2009-04-08 15:57 98304 c:\windows\system32\LxUISettings10VC8.dll
- 2008-07-17 11:48 . 2008-07-17 11:48 98304 c:\windows\system32\LxUISettings10VC8.dll
+ 2009-04-08 16:24 . 2009-04-08 16:24 27648 c:\windows\system32\LXTPSW20VC8.dll
- 2008-07-17 11:48 . 2008-07-17 11:48 27648 c:\windows\system32\LXTPSW20VC8.dll
+ 2009-04-08 16:24 . 2009-04-08 16:24 61440 c:\windows\system32\LXCurr12VC8.dll
- 2008-07-17 11:48 . 2008-07-17 11:48 61440 c:\windows\system32\LXCurr12VC8.dll
- 2008-07-17 11:48 . 2008-07-17 11:48 81920 c:\windows\system32\LxCI12.dll
+ 2009-04-08 16:24 . 2009-04-08 16:24 81920 c:\windows\system32\LxCI12.dll
+ 2004-08-13 11:40 . 2010-06-24 12:15 27648 c:\windows\system32\jsproxy.dll
- 2004-08-13 11:40 . 2009-10-29 07:40 27648 c:\windows\system32\jsproxy.dll
+ 2004-08-03 23:57 . 2009-11-27 16:08 48128 c:\windows\system32\iyuv_32.dll
- 2007-08-13 16:39 . 2009-10-28 14:35 13824 c:\windows\system32\ieudinit.exe
+ 2007-08-13 16:39 . 2010-06-23 12:06 13824 c:\windows\system32\ieudinit.exe
+ 2004-08-13 11:40 . 2010-06-24 12:15 44544 c:\windows\system32\iernonce.dll
- 2004-08-13 11:40 . 2009-10-29 07:40 44544 c:\windows\system32\iernonce.dll
+ 2004-08-13 11:40 . 2010-06-23 12:06 70656 c:\windows\system32\ie4uinit.exe
- 2004-08-13 11:40 . 2009-10-28 14:35 70656 c:\windows\system32\ie4uinit.exe
- 2007-08-13 16:36 . 2009-10-29 07:40 63488 c:\windows\system32\icardie.dll
+ 2007-08-13 16:36 . 2010-06-24 12:15 63488 c:\windows\system32\icardie.dll
- 2007-11-13 08:39 . 2007-11-13 08:39 57344 c:\windows\system32\FKStampPainter20.dll
+ 2009-04-08 05:17 . 2009-04-08 05:17 57344 c:\windows\system32\FKStampPainter20.dll
+ 2010-04-16 08:28 . 2009-10-16 00:33 41472 c:\windows\system32\DRVSTORE\usbaapl_E0F497D6C8B1C59AEB6422181BF0AFABD8356D47\usbaapl.sys
+ 2010-04-16 08:28 . 2010-03-16 17:53 17408 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\netaapl.sys
+ 2010-04-16 08:30 . 2009-05-18 11:17 26600 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys
+ 2010-02-18 06:37 . 2008-04-13 18:46 19200 c:\windows\system32\drivers\WSTCODEC.SYS
+ 2010-04-16 08:28 . 2009-10-16 00:33 41472 c:\windows\system32\drivers\usbaapl.sys
+ 2010-02-18 06:38 . 2008-04-13 18:46 15232 c:\windows\system32\drivers\StreamIP.sys
+ 2010-02-18 06:37 . 2008-04-13 18:46 11136 c:\windows\system32\drivers\SLIP.sys
+ 2010-02-18 06:38 . 2008-04-13 18:46 10880 c:\windows\system32\drivers\NdisIP.sys
+ 2010-02-18 06:37 . 2008-04-13 18:46 85248 c:\windows\system32\drivers\NABTSFEC.sys
+ 2010-02-18 06:37 . 2008-04-13 18:46 51200 c:\windows\system32\drivers\msdv.sys
+ 2010-04-16 08:30 . 2009-05-18 11:17 26600 c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2010-02-18 06:37 . 2008-04-13 18:46 17024 c:\windows\system32\drivers\CCDECODE.sys
+ 2010-02-18 06:37 . 2008-04-13 18:46 38912 c:\windows\system32\drivers\avc.sys
+ 2010-02-18 06:37 . 2008-04-13 18:46 48128 c:\windows\system32\drivers\61883.sys
+ 2009-02-02 18:08 . 2009-02-02 18:08 90112 c:\windows\system32\dntvmc27VC8.dll
- 2007-11-15 20:25 . 2007-11-15 20:25 90112 c:\windows\system32\dntvmc27VC8.dll
- 2007-11-15 20:25 . 2007-11-15 20:25 86016 c:\windows\system32\dntvm27VC8.dll
+ 2009-02-02 18:08 . 2009-02-02 18:08 86016 c:\windows\system32\dntvm27VC8.dll
+ 2010-02-12 09:46 . 2010-02-12 09:46 91424 c:\windows\system32\dnssd.dll
+ 2010-02-17 17:51 . 2003-03-14 10:32 57344 c:\windows\system32\DLLTPO32.dll
+ 2010-02-17 17:51 . 2003-03-14 10:35 40960 c:\windows\system32\DLLRD32.dll
+ 2010-02-17 17:51 . 2003-03-14 10:32 65536 c:\windows\system32\DLLPTL32.dll
+ 2010-02-17 17:51 . 2003-03-14 10:33 53248 c:\windows\system32\DLLPRJ32.dll
+ 2010-02-17 17:51 . 2003-03-14 10:32 49152 c:\windows\system32\DLLPRF32.dll
+ 2010-02-17 17:51 . 2007-07-31 18:58 36864 c:\windows\system32\DLLPNT32.dll
+ 2010-02-17 17:51 . 2003-03-14 10:32 32768 c:\windows\system32\DLLMSC32.dll
+ 2010-02-17 17:51 . 2003-03-14 10:32 24576 c:\windows\system32\DLLIX.dll
+ 2010-02-17 17:51 . 2003-03-14 10:32 32768 c:\windows\system32\DLLISO32.dll
+ 2010-02-17 17:51 . 2007-07-31 18:58 53248 c:\windows\system32\DLLIO32.dll
+ 2010-02-17 17:51 . 2003-03-14 10:33 45056 c:\windows\system32\DLLIMG32.dll
+ 2010-02-17 17:51 . 2003-03-14 10:32 32768 c:\windows\system32\DLLDIR32.dll
+ 2010-02-17 17:51 . 2007-07-31 18:58 98304 c:\windows\system32\DLLCPY32.dll
+ 2010-02-17 17:51 . 2003-03-14 10:33 61440 c:\windows\system32\DLLCDF32.dll
+ 2010-02-18 06:37 . 2008-04-13 18:46 19200 c:\windows\system32\dllcache\wstcodec.sys
+ 2010-02-18 06:37 . 2008-04-14 02:22 54272 c:\windows\system32\dllcache\vfwwdm32.dll
+ 2010-02-18 06:38 . 2008-04-13 18:46 15232 c:\windows\system32\dllcache\streamip.sys
+ 2010-02-18 06:37 . 2008-04-13 18:46 11136 c:\windows\system32\dllcache\slip.sys
- 2008-08-14 10:39 . 2009-10-29 07:41 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-08-14 10:39 . 2010-06-24 12:15 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2010-02-18 06:38 . 2008-04-13 18:46 10880 c:\windows\system32\dllcache\ndisip.sys
+ 2010-02-18 06:37 . 2008-04-13 18:46 85248 c:\windows\system32\dllcache\nabtsfec.sys
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2009-11-27 16:08 . 2009-11-27 16:08 28672 c:\windows\system32\dllcache\msvidc32.dll
+ 2009-11-27 16:08 . 2009-11-27 16:08 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2008-10-05 18:52 . 2010-06-24 12:15 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-10-05 18:52 . 2009-10-29 07:40 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2010-02-18 06:37 . 2008-04-13 18:46 51200 c:\windows\system32\dllcache\msdv.sys
- 2008-08-14 10:39 . 2009-10-29 07:40 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-08-14 10:39 . 2010-06-24 12:15 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-11-27 16:08 . 2009-11-27 16:08 48128 c:\windows\system32\dllcache\iyuv_32.dll
- 2008-10-05 18:52 . 2009-10-28 14:35 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2008-10-05 18:52 . 2010-06-23 12:06 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2004-08-13 11:40 . 2010-06-24 12:15 44544 c:\windows\system32\dllcache\iernonce.dll
- 2004-08-13 11:40 . 2009-10-29 07:40 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2009-02-20 16:49 . 2010-06-24 12:15 78336 c:\windows\system32\dllcache\ieencode.dll
- 2009-02-20 16:49 . 2009-10-29 07:40 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-13 16:39 . 2010-06-23 12:06 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-13 16:39 . 2009-10-28 14:35 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-10-05 18:52 . 2010-06-24 12:15 63488 c:\windows\system32\dllcache\icardie.dll
- 2008-10-05 18:52 . 2009-10-29 07:40 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-12-14 07:08 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-06-29 15:55 . 2010-06-24 12:15 17408 c:\windows\system32\dllcache\corpol.dll
- 2009-06-29 15:55 . 2009-10-29 07:40 17408 c:\windows\system32\dllcache\corpol.dll
+ 2010-02-18 06:37 . 2008-04-13 18:46 17024 c:\windows\system32\dllcache\ccdecode.sys
+ 2010-01-13 14:00 . 2010-01-13 14:00 86528 c:\windows\system32\dllcache\cabview.dll
- 2009-06-10 14:13 . 2009-06-10 14:13 85504 c:\windows\system32\dllcache\avifil32.dll
+ 2009-06-10 14:13 . 2009-11-27 16:08 85504 c:\windows\system32\dllcache\avifil32.dll
+ 2010-02-18 06:37 . 2008-04-13 18:46 38912 c:\windows\system32\dllcache\avc.sys
+ 2010-03-05 14:37 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2010-02-18 06:37 . 2008-04-13 18:46 48128 c:\windows\system32\dllcache\61883.sys
+ 2004-08-13 11:40 . 2009-12-14 07:08 33280 c:\windows\system32\csrsrv.dll
+ 2004-08-13 11:40 . 2010-01-13 14:00 86528 c:\windows\system32\cabview.dll
- 2004-08-13 11:40 . 2009-06-10 14:13 85504 c:\windows\system32\avifil32.dll
+ 2004-08-13 11:40 . 2009-11-27 16:08 85504 c:\windows\system32\avifil32.dll
+ 2004-08-13 11:40 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll
+ 1999-08-09 13:39 . 1999-08-09 13:39 14832 c:\windows\system32\asfsipc.dll
- 2008-07-29 17:16 . 2008-07-29 17:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2010-04-07 21:48 . 2010-04-07 21:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2010-03-23 03:31 . 2010-03-23 03:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-04-01 09:42 . 2010-04-01 09:42 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2010-03-31 12:51 . 2010-03-31 12:51 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2008-05-27 22:49 . 2008-05-27 22:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2010-03-31 12:51 . 2010-03-31 12:51 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2008-05-27 22:49 . 2008-05-27 22:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-03-31 12:51 . 2010-03-31 12:51 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2008-05-27 22:49 . 2008-05-27 22:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2008-05-27 23:30 . 2008-05-27 23:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-03-31 13:32 . 2010-03-31 13:32 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2003-02-20 18:19 . 2003-02-20 18:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2010-03-31 13:32 . 2010-03-31 13:32 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2010-02-13 15:02 . 2010-02-13 15:02 84992 c:\windows\Installer\15c250b.msi
+ 2010-04-16 08:28 . 2010-04-16 08:28 27136 c:\windows\Installer\{C41300B9-185D-475E-BFEC-39EF732F19B1}\AppleSoftwareUpdateIco.exe
+ 2010-02-13 15:04 . 2010-02-13 15:04 10134 c:\windows\Installer\{93567BBD-4369-47B2-A621-78E008F8EA33}\ARPPRODUCTICON.exe
+ 2010-09-03 19:33 . 2010-09-03 19:33 45056 c:\windows\Installer\{8927E07C-97F7-4A54-88FB-D976F50DD46E}\NewShortcut11_98B583D780BC466EB9903ECA06AD09F1.exe
+ 2010-09-03 19:33 . 2010-09-03 19:33 45056 c:\windows\Installer\{8927E07C-97F7-4A54-88FB-D976F50DD46E}\NewShortcut1_A8873ADDBA0E42A0BF89BC75994F6A78.exe
+ 2010-09-03 19:33 . 2010-09-03 19:33 45056 c:\windows\Installer\{8927E07C-97F7-4A54-88FB-D976F50DD46E}\ARPPRODUCTICON.exe
+ 2010-02-13 15:04 . 2010-02-13 15:04 73728 c:\windows\Installer\{59624372-3B85-47f4-9B04-4911E551DF1E}\NewShortcut1.E478996E_1F9C_4900_988E_F8A470FEA557.exe
+ 2010-02-13 15:04 . 2010-02-13 15:04 10134 c:\windows\Installer\{59624372-3B85-47f4-9B04-4911E551DF1E}\ARPPRODUCTICON.exe
+ 2010-02-13 15:04 . 2010-02-13 15:17 57344 c:\windows\Installer\{19B822A6-372A-43E2-9230-0AFA4EC84F8C}\NewShortcut2.C5C62008_87C8_4C2F_ABF4_46914027DD45.exe
+ 2010-02-13 15:04 . 2010-02-13 15:04 45056 c:\windows\Installer\{19B822A6-372A-43E2-9230-0AFA4EC84F8C}\NewShortcut2.C3689185_4222_4F18_9E97_15FEFA5BB00F.exe
+ 2010-02-13 15:04 . 2010-02-13 15:17 40960 c:\windows\Installer\{19B822A6-372A-43E2-9230-0AFA4EC84F8C}\NewShortcut2.77753B3D_26FB_4DBC_81A5_15B1AD0AA28D.exe
+ 2010-02-13 15:04 . 2010-02-13 15:17 57344 c:\windows\Installer\{19B822A6-372A-43E2-9230-0AFA4EC84F8C}\NewShortcut2.306E0A24_77CC_4859_BD8E_90EF2434B1E8.exe
+ 2010-02-13 15:17 . 2010-02-13 15:17 45056 c:\windows\Installer\{19B822A6-372A-43E2-9230-0AFA4EC84F8C}\NewShortcut1.C3689185_4222_4F18_9E97_15FEFA5BB00F.exe
+ 2010-06-13 00:00 . 2010-03-11 12:31 44544 c:\windows\ie7updates\KB982381-IE7\pngfilt.dll
+ 2010-06-13 00:00 . 2010-03-11 12:31 52224 c:\windows\ie7updates\KB982381-IE7\msfeedsbs.dll
+ 2010-06-13 00:00 . 2010-03-11 12:31 27648 c:\windows\ie7updates\KB982381-IE7\jsproxy.dll
+ 2010-06-13 00:00 . 2010-03-10 13:17 13824 c:\windows\ie7updates\KB982381-IE7\ieudinit.exe
+ 2010-06-13 00:00 . 2010-03-11 12:31 44544 c:\windows\ie7updates\KB982381-IE7\iernonce.dll
+ 2010-06-13 00:00 . 2010-03-11 12:31 78336 c:\windows\ie7updates\KB982381-IE7\ieencode.dll
+ 2010-06-13 00:00 . 2010-03-10 13:17 70656 c:\windows\ie7updates\KB982381-IE7\ie4uinit.exe
+ 2010-06-13 00:00 . 2010-03-11 12:31 63488 c:\windows\ie7updates\KB982381-IE7\icardie.dll
+ 2010-06-13 00:00 . 2010-03-11 12:31 17408 c:\windows\ie7updates\KB982381-IE7\corpol.dll
+ 2010-03-31 01:40 . 2010-01-05 09:52 44544 c:\windows\ie7updates\KB980182-IE7\pngfilt.dll
+ 2010-03-31 01:40 . 2010-01-05 09:52 52224 c:\windows\ie7updates\KB980182-IE7\msfeedsbs.dll
+ 2010-03-31 01:40 . 2010-01-05 09:52 27648 c:\windows\ie7updates\KB980182-IE7\jsproxy.dll
+ 2010-03-31 01:40 . 2009-12-31 15:32 13824 c:\windows\ie7updates\KB980182-IE7\ieudinit.exe
+ 2010-03-31 01:40 . 2010-01-05 09:52 44544 c:\windows\ie7updates\KB980182-IE7\iernonce.dll
+ 2010-03-31 01:40 . 2010-01-05 09:52 78336 c:\windows\ie7updates\KB980182-IE7\ieencode.dll
+ 2010-03-31 01:40 . 2009-12-31 15:32 70656 c:\windows\ie7updates\KB980182-IE7\ie4uinit.exe
+ 2010-03-31 01:40 . 2010-01-05 09:52 63488 c:\windows\ie7updates\KB980182-IE7\icardie.dll
+ 2010-03-31 01:40 . 2010-01-05 09:52 17408 c:\windows\ie7updates\KB980182-IE7\corpol.dll
+ 2010-01-22 17:20 . 2009-10-29 07:41 44544 c:\windows\ie7updates\KB978207-IE7\pngfilt.dll
+ 2010-01-22 17:20 . 2009-10-29 07:40 52224 c:\windows\ie7updates\KB978207-IE7\msfeedsbs.dll
+ 2010-01-22 17:20 . 2009-10-29 07:40 27648 c:\windows\ie7updates\KB978207-IE7\jsproxy.dll
+ 2010-01-22 17:20 . 2009-10-28 14:35 13824 c:\windows\ie7updates\KB978207-IE7\ieudinit.exe
+ 2010-01-22 17:20 . 2009-10-29 07:40 44544 c:\windows\ie7updates\KB978207-IE7\iernonce.dll
+ 2010-01-22 17:20 . 2009-10-29 07:40 78336 c:\windows\ie7updates\KB978207-IE7\ieencode.dll
+ 2010-01-22 17:20 . 2009-10-28 14:35 70656 c:\windows\ie7updates\KB978207-IE7\ie4uinit.exe
+ 2010-01-22 17:20 . 2009-10-29 07:40 63488 c:\windows\ie7updates\KB978207-IE7\icardie.dll
+ 2010-01-22 17:20 . 2009-10-29 07:40 17408 c:\windows\ie7updates\KB978207-IE7\corpol.dll
+ 2010-08-12 21:16 . 2010-05-04 17:14 44544 c:\windows\ie7updates\KB2183461-IE7\pngfilt.dll
+ 2010-08-12 21:16 . 2010-05-04 17:14 52224 c:\windows\ie7updates\KB2183461-IE7\msfeedsbs.dll
+ 2010-08-12 21:16 . 2010-05-04 17:14 27648 c:\windows\ie7updates\KB2183461-IE7\jsproxy.dll
+ 2010-08-12 21:16 . 2010-05-04 12:39 13824 c:\windows\ie7updates\KB2183461-IE7\ieudinit.exe
+ 2010-08-12 21:16 . 2010-05-04 17:14 44544 c:\windows\ie7updates\KB2183461-IE7\iernonce.dll
+ 2010-08-12 21:16 . 2010-05-04 17:14 78336 c:\windows\ie7updates\KB2183461-IE7\ieencode.dll
+ 2010-08-12 21:16 . 2010-05-04 12:39 70656 c:\windows\ie7updates\KB2183461-IE7\ie4uinit.exe
+ 2010-08-12 21:16 . 2010-05-04 17:14 63488 c:\windows\ie7updates\KB2183461-IE7\icardie.dll
+ 2010-08-12 21:16 . 2010-05-04 17:14 17408 c:\windows\ie7updates\KB2183461-IE7\corpol.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:08 . 2009-11-27 16:08 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2010-06-13 00:05 . 2010-06-13 00:05 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_5840dac1\System.Drawing.Design.dll
+ 2010-06-13 00:05 . 2010-06-13 00:05 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_b1ec74a3\CustomMarshalers.dll
+ 2010-08-13 04:21 . 2010-08-13 04:21 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5ec9dec678303ebff0ef018edb5ec595\UIAutomationProvider.ni.dll
+ 2010-08-13 04:28 . 2010-08-13 04:28 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll
+ 2010-08-13 04:28 . 2010-08-13 04:28 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\aada360296a42e0413579a19c771ec2d\System.Web.DynamicData.Design.ni.dll
+ 2010-08-13 04:27 . 2010-08-13 04:27 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2b5ff2c6358c483eb1439b99badb54fd\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-08-13 04:27 . 2010-08-13 04:27 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\6125ff5a4fcd93d70a246cbff3005d42\System.AddIn.Contract.ni.dll
+ 2010-08-12 21:16 . 2010-08-12 21:16 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\de26af01222270c121788161496fcfe7\PresentationFontCache.ni.exe
+ 2010-08-12 21:16 . 2010-08-12 21:16 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3c5adeedb70e6e052a6556c6ab9b6918\PresentationCFFRasterizer.ni.dll
+ 2010-08-13 04:28 . 2010-08-13 04:28 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll
+ 2010-08-13 04:27 . 2010-08-13 04:27 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e1d4e0b1f112000ab33bbaf88bd9ed99\Microsoft.Build.Framework.ni.dll
+ 2010-08-13 04:27 . 2010-08-13 04:27 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4200cf5b7f247ec1b997808c6d1ba7d1\Microsoft.Build.Framework.ni.dll
+ 2010-08-13 04:27 . 2010-08-13 04:27 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\50b7fc7f36c76313cbb434b10923e4e9\dfsvc.ni.exe
+ 2010-08-13 04:27 . 2010-08-13 04:27 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5ffa548547613dbc5a92f2c5b7cad196\Accessibility.ni.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-06-13 00:03 . 2010-06-13 00:03 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2009-08-09 13:12 . 2009-08-09 13:12 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-03-30 07:33 . 2010-03-30 07:33 11264 c:\windows\assembly\GAC_MSIL\cli_basetypes\1.0.15.0__ce2cb7e279207b9e\cli_basetypes.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-03-30 07:34 . 2010-03-30 07:34 64000 c:\windows\assembly\GAC_32\cli_cppuhelper\1.0.18.0__ce2cb7e279207b9e\cli_cppuhelper.dll
+ 2010-06-13 00:05 . 2010-06-13 00:05 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-05-26 06:05 . 2010-01-23 08:11 46080 c:\windows\$NtUninstallKB981793$\tzchange.exe
+ 2010-05-26 06:05 . 2010-04-22 22:21 16896 c:\windows\$NtUninstallKB981793$\spuninst\tzchange.dll
+ 2010-06-13 00:03 . 2008-04-14 02:22 65024 c:\windows\$NtUninstallKB979482$\asycfilt.dll
+ 2010-04-14 10:54 . 2008-04-14 02:22 84992 c:\windows\$NtUninstallKB979309$\cabview.dll
+ 2010-02-24 08:19 . 2009-10-28 15:07 46080 c:\windows\$NtUninstallKB979306$\tzchange.exe
+ 2010-02-24 08:19 . 2010-01-23 10:40 16896 c:\windows\$NtUninstallKB979306$\spuninst\tzchange.dll
+ 2010-02-10 08:42 . 2008-04-14 02:22 32256 c:\windows\$NtUninstallKB978037$\csrsrv.dll
+ 2010-02-10 08:41 . 2004-08-04 13:00 25600 c:\windows\$NtUninstallKB977914$\msvidc32.dll
+ 2010-02-10 08:41 . 2008-04-14 02:22 11264 c:\windows\$NtUninstallKB977914$\msrle32.dll
+ 2010-02-10 08:41 . 2008-04-14 02:22 47616 c:\windows\$NtUninstallKB977914$\iyuv_32.dll
+ 2010-02-10 08:41 . 2009-06-10 14:13 85504 c:\windows\$NtUninstallKB977914$\avifil32.dll
+ 2010-02-10 08:41 . 2008-04-14 02:22 16896 c:\windows\$NtUninstallKB975560$\msyuv.dll
+ 2010-06-13 00:00 . 2008-07-08 13:00 26488 c:\windows\$hf_mig$\KB982381-IE7\update\spcustom.dll
+ 2010-06-13 00:00 . 2008-07-08 13:00 18808 c:\windows\$hf_mig$\KB982381-IE7\spmsg.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48 44544 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\pngfilt.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48 52224 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\msfeedsbs.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48 27648 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\jsproxy.dll
+ 2010-05-04 13:19 . 2010-05-04 13:19 13824 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieudinit.exe
+ 2010-05-04 16:48 . 2010-05-04 16:48 44544 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iernonce.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48 78336 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieencode.dll
+ 2010-05-04 13:19 . 2010-05-04 13:19 70656 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ie4uinit.exe
+ 2010-05-04 16:48 . 2010-05-04 16:48 63488 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\icardie.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48 17408 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\corpol.dll
+ 2010-04-15 07:06 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB981349\update\spcustom.dll
+ 2010-04-15 07:06 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB981349\spmsg.dll
+ 2010-04-15 07:08 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB980232\update\spcustom.dll
+ 2010-04-15 07:08 . 2009-05-26 09:01 18808 c:\windows\$hf_mig$\KB980232\spmsg.dll
+ 2010-06-13 00:05 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB980218\update\spcustom.dll
+ 2010-06-13 00:05 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB980218\spmsg.dll
+ 2010-06-13 00:05 . 2008-07-08 13:00 26488 c:\windows\$hf_mig$\KB980195\update\spcustom.dll
+ 2010-06-13 00:05 . 2008-07-08 13:00 18808 c:\windows\$hf_mig$\KB980195\spmsg.dll
+ 2010-03-31 01:40 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB980182-IE7\update\spcustom.dll
+ 2010-03-31 01:40 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB980182-IE7\spmsg.dll
+ 2010-03-11 11:42 . 2010-03-11 11:42 44544 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\pngfilt.dll
+ 2010-03-11 11:42 . 2010-03-11 11:42 52224 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\msfeedsbs.dll
+ 2010-03-11 11:42 . 2010-03-11 11:42 27648 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\jsproxy.dll
+ 2010-03-10 14:05 . 2010-03-10 14:05 13824 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\ieudinit.exe
+ 2010-03-11 11:42 . 2010-03-11 11:42 44544 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\iernonce.dll
+ 2010-03-11 11:42 . 2010-03-11 11:42 78336 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\ieencode.dll
+ 2010-03-10 14:05 . 2010-03-10 14:05 70656 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\ie4uinit.exe
+ 2010-03-11 11:42 . 2010-03-11 11:42 63488 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\icardie.dll
+ 2010-03-11 11:42 . 2010-03-11 11:42 17408 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\corpol.dll
+ 2010-04-15 07:08 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB979683\update\spcustom.dll
+ 2010-04-15 07:03 . 2010-03-05 14:53 16896 c:\windows\$hf_mig$\KB979683\update\mpsyschk.dll
+ 2010-04-15 07:08 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB979683\spmsg.dll
+ 2010-06-13 00:04 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB979559\update\spcustom.dll
+ 2010-06-13 00:04 . 2009-05-26 09:01 18808 c:\windows\$hf_mig$\KB979559\spmsg.dll
+ 2010-06-13 00:03 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB979482\update\spcustom.dll
+ 2010-06-13 00:03 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB979482\spmsg.dll
+ 2010-03-05 14:50 . 2010-03-05 14:50 65536 c:\windows\$hf_mig$\KB979482\SP3QFE\asycfilt.dll
+ 2010-04-14 10:54 . 2008-07-08 13:00 26488 c:\windows\$hf_mig$\KB979309\update\spcustom.dll
+ 2010-04-14 10:54 . 2008-07-08 13:00 18808 c:\windows\$hf_mig$\KB979309\spmsg.dll
+ 2010-01-13 13:48 . 2010-01-13 13:48 86528 c:\windows\$hf_mig$\KB979309\SP3QFE\cabview.dll
+ 2010-04-14 10:54 . 2008-07-08 13:00 26488 c:\windows\$hf_mig$\KB978601\update\spcustom.dll
+ 2010-04-14 10:54 . 2008-07-08 13:00 18808 c:\windows\$hf_mig$\KB978601\spmsg.dll
+ 2010-05-12 07:17 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978542\update\spcustom.dll
+ 2010-05-12 07:17 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB978542\spmsg.dll
+ 2010-04-15 07:06 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978338\update\spcustom.dll
+ 2010-04-15 07:06 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB978338\spmsg.dll
+ 2010-02-10 08:43 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978262\update\spcustom.dll
+ 2010-02-10 08:43 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB978262\spmsg.dll
+ 2010-02-10 08:42 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978251\update\spcustom.dll
+ 2010-02-10 08:42 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB978251\spmsg.dll
+ 2010-01-22 17:20 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978207-IE7\update\spcustom.dll
+ 2010-01-22 17:20 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB978207-IE7\spmsg.dll
+ 2010-01-05 09:46 . 2010-01-05 09:46 44544 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\pngfilt.dll
+ 2010-01-05 09:45 . 2010-01-05 09:45 52224 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\msfeedsbs.dll
+ 2010-01-05 09:45 . 2010-01-05 09:45 27648 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\jsproxy.dll
+ 2010-01-01 06:55 . 2010-01-01 06:55 13824 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieudinit.exe
+ 2010-01-05 09:45 . 2010-01-05 09:45 44544 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\iernonce.dll
+ 2010-01-05 09:45 . 2010-01-05 09:45 78336 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieencode.dll
+ 2010-01-01 06:55 . 2010-01-01 06:55 70656 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ie4uinit.exe
+ 2010-01-05 09:45 . 2010-01-05 09:45 63488 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\icardie.dll
+ 2010-01-05 09:45 . 2010-01-05 09:45 17408 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\corpol.dll
+ 2010-02-10 08:42 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978037\update\spcustom.dll
+ 2010-02-10 08:42 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB978037\spmsg.dll
+ 2009-12-14 07:10 . 2009-12-14 07:10 33280 c:\windows\$hf_mig$\KB978037\SP3QFE\csrsrv.dll
+ 2010-02-10 08:41 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB977914\update\spcustom.dll
+ 2010-02-10 08:41 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB977914\spmsg.dll
+ 2009-11-27 16:28 . 2009-11-27 16:28 28672 c:\windows\$hf_mig$\KB977914\SP3QFE\msvidc32.dll
+ 2009-11-27 16:28 . 2009-11-27 16:28 11264 c:\windows\$hf_mig$\KB977914\SP3QFE\msrle32.dll
+ 2009-11-27 16:28 . 2009-11-27 16:28 48128 c:\windows\$hf_mig$\KB977914\SP3QFE\iyuv_32.dll
+ 2009-11-27 16:28 . 2009-11-27 16:28 85504 c:\windows\$hf_mig$\KB977914\SP3QFE\avifil32.dll
+ 2010-04-15 07:06 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB977816\update\spcustom.dll
+ 2010-04-15 07:06 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB977816\spmsg.dll
+ 2010-02-10 08:41 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB977165\update\spcustom.dll
+ 2010-02-10 08:41 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB977165\spmsg.dll
+ 2010-02-10 08:42 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB975713\update\spcustom.dll
+ 2010-02-10 08:42 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB975713\spmsg.dll
+ 2010-06-13 00:03 . 2008-07-08 13:00 26488 c:\windows\$hf_mig$\KB975562\update\spcustom.dll
+ 2010-06-13 00:03 . 2008-07-08 13:00 18808 c:\windows\$hf_mig$\KB975562\spmsg.dll
+ 2010-03-09 23:28 . 2008-07-08 13:00 26488 c:\windows\$hf_mig$\KB975561\update\spcustom.dll
+ 2010-03-09 23:28 . 2008-07-08 13:00 18808 c:\windows\$hf_mig$\KB975561\spmsg.dll
+ 2010-02-10 08:41 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB975560\update\spcustom.dll
+ 2010-02-10 08:41 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB975560\spmsg.dll
+ 2009-11-27 17:23 . 2009-11-27 17:23 17920 c:\windows\$hf_mig$\KB975560\SP3QFE\msyuv.dll
+ 2010-02-10 08:43 . 2008-07-08 13:00 26488 c:\windows\$hf_mig$\KB971468\update\spcustom.dll
+ 2010-02-10 08:43 . 2008-07-08 13:00 18808 c:\windows\$hf_mig$\KB971468\spmsg.dll
+ 2010-08-03 09:35 . 2010-02-22 14:22 26488 c:\windows\$hf_mig$\KB2286198\update\spcustom.dll
+ 2010-08-03 09:35 . 2010-02-22 14:22 18808 c:\windows\$hf_mig$\KB2286198\spmsg.dll
+ 2010-07-16 13:11 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2229593\update\spcustom.dll
+ 2010-07-16 13:11 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB2229593\spmsg.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2001-08-18 03:54 . 2009-11-27 16:08 8704 c:\windows\system32\tsbyuv.dll
+ 2009-11-22 19:49 . 2009-11-12 12:48 7168 c:\windows\system32\drivers\StarOpen.sys
- 2009-11-22 19:49 . 2009-09-28 19:57 7168 c:\windows\system32\drivers\StarOpen.sys
+ 2010-02-18 06:38 . 2008-04-13 18:39 5504 c:\windows\system32\drivers\MSTEE.sys
+ 2009-11-27 16:08 . 2009-11-27 16:08 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2010-02-18 06:38 . 2008-04-13 18:39 5504 c:\windows\system32\dllcache\mstee.sys
+ 2010-09-05 19:03 . 2010-09-05 19:03 8192 c:\windows\ERDNT\05.09.2010\Users\00000004\UsrClass.dat
+ 2010-09-05 19:03 . 2010-09-05 19:03 8192 c:\windows\ERDNT\05.09.2010\Users\00000002\UsrClass.dat
+ 2009-11-27 16:08 . 2009-11-27 16:08 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2010-03-30 07:34 . 2010-03-30 07:34 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_uretypes\4.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_uretypes.dll
+ 2010-03-30 07:34 . 2010-03-30 07:34 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_ure\18.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_ure.dll
+ 2010-03-30 07:34 . 2010-03-30 07:34 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_oootypes\4.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_oootypes.dll
+ 2010-03-30 07:34 . 2010-03-30 07:34 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_basetypes\15.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_basetypes.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-10-15 13:14 . 2009-10-15 13:14 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-10-15 13:14 . 2009-10-15 13:14 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-03-30 07:33 . 2010-03-30 07:33 7680 c:\windows\assembly\GAC_MSIL\cli_ure\1.0.18.0__ce2cb7e279207b9e\cli_ure.dll
+ 2010-03-30 07:34 . 2010-03-30 07:34 3072 c:\windows\assembly\GAC_32\policy.1.0.cli_cppuhelper\18.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_cppuhelper.dll
+ 2010-02-10 08:41 . 2004-08-04 13:00 8192 c:\windows\$NtUninstallKB977914$\tsbyuv.dll
+ 2009-11-27 16:28 . 2009-11-27 16:28 8704 c:\windows\$hf_mig$\KB977914\SP3QFE\tsbyuv.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-07-11 23:12 . 2009-07-11 23:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-11 23:09 . 2009-07-11 23:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-11 23:08 . 2009-07-11 23:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2009-04-08 16:24 . 2009-04-08 16:24 552960 c:\windows\system32\zvkonline70VC8.dll
+ 2010-02-17 17:52 . 2001-05-16 16:54 309616 c:\windows\system32\wmv8dmod.dll
+ 1999-08-09 13:40 . 1999-08-09 13:40 163600 c:\windows\system32\wmaudsdk.dll
+ 2004-08-13 11:40 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll
+ 2004-08-13 11:40 . 2010-06-24 12:15 233472 c:\windows\system32\webcheck.dll
- 2004-08-13 11:40 . 2009-10-29 07:41 233472 c:\windows\system32\webcheck.dll
+ 2004-08-13 11:40 . 2010-03-09 11:09 430080 c:\windows\system32\vbscript.dll
- 2004-08-13 11:40 . 2008-05-09 10:54 430080 c:\windows\system32\vbscript.dll
+ 2004-08-13 11:40 . 2010-06-24 12:15 105984 c:\windows\system32\url.dll
- 2004-08-13 11:40 . 2009-10-29 07:41 105984 c:\windows\system32\url.dll
+ 2010-01-22 19:47 . 2010-01-22 19:47 604488 c:\windows\system32\TUProgSt.exe
- 2008-12-31 16:32 . 2009-07-28 22:56 604488 c:\windows\system32\TUProgSt.exe
+ 2010-01-22 19:47 . 2010-01-22 19:47 361288 c:\windows\system32\TuneUpDefragService.exe
- 2009-07-28 22:56 . 2009-07-28 22:56 361288 c:\windows\system32\TuneUpDefragService.exe
+ 2004-08-13 11:40 . 2009-12-08 09:23 474624 c:\windows\system32\shlwapi.dll
- 2004-08-13 11:40 . 2008-04-14 02:22 474624 c:\windows\system32\shlwapi.dll
+ 2010-03-30 22:10 . 2010-03-30 22:10 295264 c:\windows\system32\PresentationHost.exe
+ 2004-08-13 11:40 . 2010-08-12 21:15 442602 c:\windows\system32\perfh009.dat
- 2004-08-13 11:40 . 2010-01-12 17:40 442602 c:\windows\system32\perfh009.dat
+ 2004-08-13 11:40 . 2010-06-24 12:15 102912 c:\windows\system32\occache.dll
- 2004-08-13 11:40 . 2009-10-29 07:41 102912 c:\windows\system32\occache.dll
+ 2010-02-17 17:51 . 2006-07-21 16:16 430080 c:\windows\system32\MXRestore.exe
- 2004-08-13 11:40 . 2009-10-29 07:41 671232 c:\windows\system32\mstime.dll
+ 2004-08-13 11:40 . 2010-06-24 12:15 671232 c:\windows\system32\mstime.dll
- 2004-08-13 11:40 . 2009-10-29 07:41 193024 c:\windows\system32\msrating.dll
+ 2004-08-13 11:40 . 2010-06-24 12:15 193024 c:\windows\system32\msrating.dll
+ 2004-08-13 11:40 . 2010-06-24 12:15 477696 c:\windows\system32\mshtmled.dll
- 2004-08-13 11:40 . 2009-10-29 07:41 477696 c:\windows\system32\mshtmled.dll
- 2007-08-13 16:54 . 2009-10-29 07:40 459264 c:\windows\system32\msfeeds.dll
+ 2007-08-13 16:54 . 2010-06-24 12:15 459264 c:\windows\system32\msfeeds.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 297808 c:\windows\system32\mscoree.dll
+ 2010-02-17 17:52 . 2001-05-11 12:18 420240 c:\windows\system32\mpg4c32.dll
+ 2010-02-17 17:49 . 2008-04-15 15:14 700416 c:\windows\system32\mgxoschk.dll
+ 2010-08-17 15:09 . 2010-08-17 15:09 232912 c:\windows\system32\Macromed\Flash\FlashUtil10i_Plugin.exe
+ 2009-04-08 15:57 . 2009-04-08 15:57 110592 c:\windows\system32\LxUISettings20Native.dll
- 2008-07-17 11:48 . 2008-07-17 11:48 716800 c:\windows\system32\lxter20VC8.dll
+ 2009-04-08 16:24 . 2009-04-08 16:24 716800 c:\windows\system32\lxter20VC8.dll
+ 2009-02-02 18:11 . 2009-02-02 18:11 208896 c:\windows\system32\LXPrnUtil10.dll
- 2007-11-09 14:18 . 2007-11-09 14:18 208896 c:\windows\system32\LXPrnUtil10.dll
+ 2009-04-08 16:24 . 2009-04-08 16:24 135168 c:\windows\system32\LxMail30VC8.dll
+ 2009-04-08 16:24 . 2009-04-08 16:24 323584 c:\windows\system32\LxImport70VC8.dll
+ 2009-04-08 16:24 . 2009-04-08 16:24 192512 c:\windows\system32\LXDasi70VC8.dll
+ 2009-04-08 16:24 . 2009-04-08 16:24 258048 c:\windows\system32\LXBtr70VC8.dll
+ 2009-04-08 16:24 . 2009-04-08 16:24 212992 c:\windows\system32\LxBasics70VC8.dll
+ 2010-03-30 07:31 . 2010-03-30 07:31 153376 c:\windows\system32\javaws.exe
+ 2010-03-30 07:31 . 2010-03-30 07:31 145184 c:\windows\system32\javaw.exe
+ 2010-03-30 07:31 . 2010-03-30 07:31 145184 c:\windows\system32\java.exe
- 2004-08-13 11:53 . 2008-04-11 19:04 691712 c:\windows\system32\inetcomm.dll
+ 2004-08-13 11:53 . 2010-01-29 14:59 691712 c:\windows\system32\inetcomm.dll
- 2007-08-13 16:34 . 2009-10-29 07:40 268288 c:\windows\system32\iertutil.dll
+ 2007-08-13 16:34 . 2010-06-24 12:15 268288 c:\windows\system32\iertutil.dll
+ 2004-08-13 11:40 . 2010-06-24 12:15 192512 c:\windows\system32\iepeers.dll
+ 2004-08-13 11:40 . 2010-06-24 12:15 385024 c:\windows\system32\iedkcs32.dll
- 2004-08-13 11:40 . 2009-10-29 07:40 385024 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 10:27 . 2010-06-24 12:15 380928 c:\windows\system32\ieapfltr.dll
- 2007-07-11 10:27 . 2009-10-29 07:40 380928 c:\windows\system32\ieapfltr.dll
- 2004-08-13 11:40 . 2009-10-28 06:52 161792 c:\windows\system32\ieakui.dll
+ 2004-08-13 11:40 . 2010-06-17 15:11 161792 c:\windows\system32\ieakui.dll
- 2004-08-13 11:40 . 2009-10-29 07:40 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-13 11:40 . 2010-06-24 12:15 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-13 11:40 . 2010-06-24 12:15 153088 c:\windows\system32\ieakeng.dll
- 2004-08-13 11:40 . 2009-10-29 07:40 153088 c:\windows\system32\ieakeng.dll
+ 2010-04-16 08:30 . 2008-04-17 10:12 107368 c:\windows\system32\GEARAspi.dll
+ 2004-08-13 11:46 . 2010-08-13 04:19 247104 c:\windows\system32\FNTCACHE.DAT
- 2004-08-13 11:40 . 2009-10-29 07:40 133120 c:\windows\system32\extmgr.dll
+ 2004-08-13 11:40 . 2010-06-24 12:15 133120 c:\windows\system32\extmgr.dll
- 2004-08-13 11:40 . 2009-10-29 07:40 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-13 11:40 . 2010-06-24 12:15 214528 c:\windows\system32\dxtrans.dll
- 2004-08-13 11:40 . 2009-10-29 07:40 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-13 11:40 . 2010-06-24 12:15 347136 c:\windows\system32\dxtmsft.dll
+ 2010-04-16 08:30 . 2008-04-17 10:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll
+ 2004-08-13 11:40 . 2010-02-11 12:02 226880 c:\windows\system32\drivers\tcpip6.sys
+ 2004-08-13 11:40 . 2010-02-24 13:11 455680 c:\windows\system32\drivers\mrxsmb.sys
- 2007-11-15 20:27 . 2007-11-15 20:27 303104 c:\windows\system32\dnt27VC8.dll
+ 2009-02-02 18:10 . 2009-02-02 18:10 303104 c:\windows\system32\dnt27VC8.dll
+ 2010-02-12 09:46 . 2010-02-12 09:46 107808 c:\windows\system32\dns-sd.exe
+ 2010-02-17 17:51 . 2007-07-31 18:58 192512 c:\windows\system32\DLLRES32.dll
+ 2010-02-17 17:51 . 2007-07-31 18:58 151552 c:\windows\system32\DLLDRV32.dll
+ 2010-02-17 17:50 . 2007-04-27 09:43 120200 c:\windows\system32\DLLDEV32i.dll
+ 2010-02-17 17:51 . 2007-07-31 18:58 167936 c:\windows\system32\DLLDEV32.dll
+ 2010-02-17 17:51 . 2003-03-14 10:33 114688 c:\windows\system32\DLLCDA32.dll
+ 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2008-08-14 10:39 . 2010-06-24 12:15 832512 c:\windows\system32\dllcache\wininet.dll
- 2008-08-14 10:39 . 2009-10-29 07:41 832512 c:\windows\system32\dllcache\wininet.dll
- 2007-08-13 16:54 . 2009-10-29 07:41 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2007-08-13 16:54 . 2010-06-24 12:15 233472 c:\windows\system32\dllcache\webcheck.dll
- 2008-05-09 10:54 . 2008-05-09 10:54 430080 c:\windows\system32\dllcache\vbscript.dll
+ 2008-05-09 10:54 . 2010-03-09 11:09 430080 c:\windows\system32\dllcache\vbscript.dll
- 2007-08-13 16:44 . 2009-10-29 07:41 105984 c:\windows\system32\dllcache\url.dll
+ 2007-08-13 16:44 . 2010-06-24 12:15 105984 c:\windows\system32\dllcache\url.dll
+ 2008-06-20 11:08 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2008-10-16 06:22 . 2010-06-21 15:27 354304 c:\windows\system32\dllcache\srv.sys
+ 2009-12-08 09:23 . 2009-12-08 09:23 474624 c:\windows\system32\dllcache\shlwapi.dll
+ 2008-12-05 06:55 . 2010-06-30 12:28 149504 c:\windows\system32\dllcache\schannel.dll
- 2007-08-13 16:44 . 2009-10-29 07:41 102912 c:\windows\system32\dllcache\occache.dll
+ 2007-08-13 16:44 . 2010-06-24 12:15 102912 c:\windows\system32\dllcache\occache.dll
- 2008-08-14 10:39 . 2009-10-29 07:41 671232 c:\windows\system32\dllcache\mstime.dll
+ 2008-08-14 10:39 . 2010-06-24 12:15 671232 c:\windows\system32\dllcache\mstime.dll
+ 2008-08-14 10:39 . 2010-06-24 12:15 193024 c:\windows\system32\dllcache\msrating.dll
- 2008-08-14 10:39 . 2009-10-29 07:41 193024 c:\windows\system32\dllcache\msrating.dll
+ 2008-08-14 10:39 . 2010-06-24 12:15 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2008-08-14 10:39 . 2009-10-29 07:41 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-05 18:52 . 2010-06-24 12:15 459264 c:\windows\system32\dllcache\msfeeds.dll
- 2008-10-05 18:52 . 2009-10-29 07:40 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-11-12 08:03 . 2010-02-24 13:11 455680 c:\windows\system32\dllcache\mrxsmb.sys
- 2008-08-23 11:10 . 2008-04-11 19:04 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2008-08-23 11:10 . 2010-01-29 14:59 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2007-08-13 16:43 . 2010-06-17 15:12 634656 c:\windows\system32\dllcache\iexplore.exe
- 2008-10-05 18:52 . 2009-10-29 07:40 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2008-10-05 18:52 . 2010-06-24 12:15 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2008-08-14 10:39 . 2010-06-24 12:15 192512 c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-13 16:39 . 2010-06-24 12:15 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2007-08-13 16:39 . 2009-10-29 07:40 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-05 18:52 . 2009-10-29 07:40 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-10-05 18:52 . 2010-06-24 12:15 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2004-08-13 11:40 . 2010-06-17 15:11 161792 c:\windows\system32\dllcache\ieakui.dll
- 2004-08-13 11:40 . 2009-10-28 06:52 161792 c:\windows\system32\dllcache\ieakui.dll
- 2004-08-13 11:40 . 2009-10-29 07:40 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-13 11:40 . 2010-06-24 12:15 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-13 11:40 . 2010-06-24 12:15 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2004-08-13 11:40 . 2009-10-29 07:40 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2010-07-16 13:04 . 2010-06-14 14:31 744448 c:\windows\system32\dllcache\helpsvc.exe
- 2008-08-14 10:39 . 2009-10-29 07:40 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2008-08-14 10:39 . 2010-06-24 12:15 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2008-08-14 10:39 . 2010-06-24 12:15 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2008-08-14 10:39 . 2009-10-29 07:40 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2008-08-14 10:39 . 2009-10-29 07:40 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-08-14 10:39 . 2010-06-24 12:15 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2010-04-20 05:29 . 2010-04-20 05:29 285696 c:\windows\system32\dllcache\atmfd.dll
- 2007-08-13 16:39 . 2009-10-29 07:40 124928 c:\windows\system32\dllcache\advpack.dll
+ 2007-08-13 16:39 . 2010-06-24 12:15 124928 c:\windows\system32\dllcache\advpack.dll
+ 2010-02-12 04:33 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2010-02-17 17:51 . 2007-07-31 18:58 618496 c:\windows\system32\DLLAV32.dll
+ 2009-06-16 20:36 . 2010-03-30 07:31 411368 c:\windows\system32\deploytk.dll
- 2009-06-16 20:36 . 2009-10-11 03:17 411368 c:\windows\system32\deploytk.dll
+ 2010-03-18 07:26 . 2010-02-12 10:03 293376 c:\windows\system32\browserchoice.exe
+ 2009-04-08 13:25 . 2009-04-08 13:25 364544 c:\windows\system32\BH_DATA120VC8.dll
- 2004-08-13 11:40 . 2008-04-14 02:20 285696 c:\windows\system32\atmfd.dll
+ 2004-08-13 11:40 . 2010-04-20 05:29 285696 c:\windows\system32\atmfd.dll
- 2004-08-13 11:40 . 2009-10-29 07:40 124928 c:\windows\system32\advpack.dll
+ 2004-08-13 11:40 . 2010-06-24 12:15 124928 c:\windows\system32\advpack.dll
+ 2004-08-13 11:40 . 2010-02-12 04:33 100864 c:\windows\system32\6to4svc.dll
+ 2010-03-30 22:16 . 2010-03-30 22:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2010-04-07 21:48 . 2010-04-07 21:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
- 2008-07-29 17:16 . 2008-07-29 17:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-04-07 21:48 . 2010-04-07 21:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-03-23 03:31 . 2010-03-23 03:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2010-02-09 10:22 . 2010-02-09 10:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2008-07-25 09:17 . 2008-07-25 09:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-05-11 04:40 . 2010-05-11 04:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2010-05-11 04:40 . 2010-05-11 04:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2009-08-07 21:51 . 2009-08-07 21:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-03-31 12:51 . 2010-03-31 12:51 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2008-05-27 22:49 . 2008-05-27 22:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2010-03-31 12:49 . 2010-03-31 12:49 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2008-05-27 22:48 . 2008-05-27 22:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2008-05-27 23:30 . 2008-05-27 23:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-03-31 13:32 . 2010-03-31 13:32 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-02-24 22:14 . 2010-02-24 22:14 543232 c:\windows\Installer\7bcefd.msp
+ 2010-04-16 08:28 . 2010-04-16 08:28 791552 c:\windows\Installer\5e67ee.msi
+ 2010-03-30 07:32 . 2010-03-30 07:32 178176 c:\windows\Installer\2a7dda.msi
+ 2010-03-30 07:31 . 2010-03-30 07:31 577536 c:\windows\Installer\2a7dd3.msi
+ 2010-02-13 15:04 . 2010-02-13 15:04 653824 c:\windows\Installer\15c2698.msi
+ 2010-02-13 15:01 . 2010-02-13 15:01 295606 c:\windows\Installer\{AC76BA86-7AD7-1031-7B44-A80000000002}\SC_Reader.exe
+ 2010-04-16 08:30 . 2010-04-16 08:30 372736 c:\windows\Installer\{996A2FAA-7514-4628-9D12-A8FC34A0016E}\iTunesIco.exe
+ 2010-02-13 15:04 . 2010-02-13 15:17 172032 c:\windows\Installer\{19B822A6-372A-43E2-9230-0AFA4EC84F8C}\NewShortcut11.F207EE89_63A7_4F89_8D5A_61A70CCCD4F1.exe
+ 2010-02-13 15:04 . 2010-02-13 15:17 172032 c:\windows\Installer\{19B822A6-372A-43E2-9230-0AFA4EC84F8C}\NewShortcut1.F207EE89_63A7_4F89_8D5A_61A70CCCD4F1.exe
+ 2010-06-13 00:00 . 2010-03-11 12:31 832512 c:\windows\ie7updates\KB982381-IE7\wininet.dll
+ 2010-06-13 00:00 . 2010-03-11 12:31 233472 c:\windows\ie7updates\KB982381-IE7\webcheck.dll
+ 2010-06-13 00:00 . 2010-03-11 12:31 105984 c:\windows\ie7updates\KB982381-IE7\url.dll
+ 2010-06-13 00:00 . 2009-05-26 11:40 388984 c:\windows\ie7updates\KB982381-IE7\spuninst\updspapi.dll
+ 2010-06-13 00:00 . 2008-07-08 13:00 234872 c:\windows\ie7updates\KB982381-IE7\spuninst\spuninst.exe
+ 2010-06-13 00:00 . 2010-03-11 12:31 102912 c:\windows\ie7updates\KB982381-IE7\occache.dll
+ 2010-06-13 00:00 . 2010-03-11 12:31 671232 c:\windows\ie7updates\KB982381-IE7\mstime.dll
+ 2010-06-13 00:00 . 2010-03-11 12:31 193024 c:\windows\ie7updates\KB982381-IE7\msrating.dll
+ 2010-06-13 00:00 . 2010-03-11 12:31 477696 c:\windows\ie7updates\KB982381-IE7\mshtmled.dll
+ 2010-06-13 00:00 . 2010-03-11 12:31 459264 c:\windows\ie7updates\KB982381-IE7\msfeeds.dll
+ 2010-06-13 00:00 . 2010-02-23 05:20 634648 c:\windows\ie7updates\KB982381-IE7\iexplore.exe
+ 2010-06-13 00:00 . 2010-03-11 12:31 268288 c:\windows\ie7updates\KB982381-IE7\iertutil.dll
+ 2010-06-13 00:00 . 2010-03-11 12:31 192512 c:\windows\ie7updates\KB982381-IE7\iepeers.dll
+ 2010-06-13 00:00 . 2010-03-11 12:31 385024 c:\windows\ie7updates\KB982381-IE7\iedkcs32.dll
+ 2010-06-13 00:00 . 2010-03-11 12:31 380928 c:\windows\ie7updates\KB982381-IE7\ieapfltr.dll
+ 2010-06-13 00:00 . 2010-02-23 05:18 161792 c:\windows\ie7updates\KB982381-IE7\ieakui.dll
+ 2010-06-13 00:00 . 2010-03-11 12:31 230400 c:\windows\ie7updates\KB982381-IE7\ieaksie.dll
+ 2010-06-13 00:00 . 2010-03-11 12:31 153088 c:\windows\ie7updates\KB982381-IE7\ieakeng.dll
+ 2010-06-13 00:00 . 2010-03-11 12:31 133120 c:\windows\ie7updates\KB982381-IE7\extmgr.dll
+ 2010-06-13 00:00 . 2010-03-11 12:31 214528 c:\windows\ie7updates\KB982381-IE7\dxtrans.dll
+ 2010-06-13 00:00 . 2010-03-11 12:31 347136 c:\windows\ie7updates\KB982381-IE7\dxtmsft.dll
+ 2010-06-13 00:00 . 2010-03-11 12:31 124928 c:\windows\ie7updates\KB982381-IE7\advpack.dll
+ 2010-03-31 01:40 . 2010-01-05 09:52 832512 c:\windows\ie7updates\KB980182-IE7\wininet.dll
+ 2010-03-31 01:40 . 2010-01-05 09:52 233472 c:\windows\ie7updates\KB980182-IE7\webcheck.dll
+ 2010-03-31 01:40 . 2010-01-05 09:52 105984 c:\windows\ie7updates\KB980182-IE7\url.dll
+ 2010-03-31 01:40 . 2009-05-26 11:40 388984 c:\windows\ie7updates\KB980182-IE7\spuninst\updspapi.dll
+ 2010-03-31 01:40 . 2009-05-26 11:40 234872 c:\windows\ie7updates\KB980182-IE7\spuninst\spuninst.exe
+ 2010-03-31 01:40 . 2010-01-05 09:52 102912 c:\windows\ie7updates\KB980182-IE7\occache.dll
+ 2010-03-31 01:40 . 2010-01-05 09:52 671232 c:\windows\ie7updates\KB980182-IE7\mstime.dll
+ 2010-03-31 01:40 . 2010-01-05 09:52 193024 c:\windows\ie7updates\KB980182-IE7\msrating.dll
+ 2010-03-31 01:40 . 2010-01-05 09:52 477696 c:\windows\ie7updates\KB980182-IE7\mshtmled.dll
+ 2010-03-31 01:40 . 2010-01-05 09:52 459264 c:\windows\ie7updates\KB980182-IE7\msfeeds.dll
+ 2010-03-31 01:40 . 2009-12-18 13:05 634648 c:\windows\ie7updates\KB980182-IE7\iexplore.exe
+ 2010-03-31 01:40 . 2010-01-05 09:52 268288 c:\windows\ie7updates\KB980182-IE7\iertutil.dll
+ 2010-03-31 01:40 . 2010-01-05 09:52 192512 c:\windows\ie7updates\KB980182-IE7\iepeers.dll
+ 2010-03-31 01:40 . 2010-01-05 09:52 385024 c:\windows\ie7updates\KB980182-IE7\iedkcs32.dll
+ 2010-03-31 01:40 . 2010-01-05 09:52 380928 c:\windows\ie7updates\KB980182-IE7\ieapfltr.dll
+ 2010-03-31 01:40 . 2009-12-18 13:04 161792 c:\windows\ie7updates\KB980182-IE7\ieakui.dll
+ 2010-03-31 01:40 . 2010-01-05 09:52 230400 c:\windows\ie7updates\KB980182-IE7\ieaksie.dll
+ 2010-03-31 01:40 . 2010-01-05 09:52 153088 c:\windows\ie7updates\KB980182-IE7\ieakeng.dll
+ 2010-03-31 01:40 . 2010-01-05 09:52 133120 c:\windows\ie7updates\KB980182-IE7\extmgr.dll
+ 2010-03-31 01:40 . 2010-01-05 09:52 214528 c:\windows\ie7updates\KB980182-IE7\dxtrans.dll
+ 2010-03-31 01:40 . 2010-01-05 09:52 347136 c:\windows\ie7updates\KB980182-IE7\dxtmsft.dll
+ 2010-03-31 01:40 . 2010-01-05 09:52 124928 c:\windows\ie7updates\KB980182-IE7\advpack.dll
+ 2010-01-22 17:20 . 2009-10-29 07:41 832512 c:\windows\ie7updates\KB978207-IE7\wininet.dll
+ 2010-01-22 17:20 . 2009-10-29 07:41 233472 c:\windows\ie7updates\KB978207-IE7\webcheck.dll
+ 2010-01-22 17:20 . 2009-10-29 07:41 105984 c:\windows\ie7updates\KB978207-IE7\url.dll
+ 2010-01-22 17:20 . 2009-05-26 11:40 388984 c:\windows\ie7updates\KB978207-IE7\spuninst\updspapi.dll
+ 2010-01-22 17:20 . 2009-05-26 11:40 234872 c:\windows\ie7updates\KB978207-IE7\spuninst\spuninst.exe
+ 2010-01-22 17:20 . 2009-10-29 07:41 102912 c:\windows\ie7updates\KB978207-IE7\occache.dll
+ 2010-01-22 17:20 . 2009-10-29 07:41 671232 c:\windows\ie7updates\KB978207-IE7\mstime.dll
+ 2010-01-22 17:20 . 2009-10-29 07:41 193024 c:\windows\ie7updates\KB978207-IE7\msrating.dll
+ 2010-01-22 17:20 . 2009-10-29 07:41 477696 c:\windows\ie7updates\KB978207-IE7\mshtmled.dll
+ 2010-01-22 17:20 . 2009-10-29 07:40 459264 c:\windows\ie7updates\KB978207-IE7\msfeeds.dll
+ 2010-01-22 17:20 . 2009-10-28 06:54 634632 c:\windows\ie7updates\KB978207-IE7\iexplore.exe
+ 2010-01-22 17:20 . 2009-10-29 07:40 268288 c:\windows\ie7updates\KB978207-IE7\iertutil.dll
+ 2010-01-22 17:20 . 2007-08-13 16:54 191488 c:\windows\ie7updates\KB978207-IE7\iepeers.dll
+ 2010-01-22 17:20 . 2009-10-29 07:40 385024 c:\windows\ie7updates\KB978207-IE7\iedkcs32.dll
+ 2010-01-22 17:20 . 2009-10-29 07:40 380928 c:\windows\ie7updates\KB978207-IE7\ieapfltr.dll
+ 2010-01-22 17:20 . 2009-10-28 06:52 161792 c:\windows\ie7updates\KB978207-IE7\ieakui.dll
+ 2010-01-22 17:20 . 2009-10-29 07:40 230400 c:\windows\ie7updates\KB978207-IE7\ieaksie.dll
+ 2010-01-22 17:20 . 2009-10-29 07:40 153088 c:\windows\ie7updates\KB978207-IE7\ieakeng.dll
+ 2010-01-22 17:20 . 2009-10-29 07:40 133120 c:\windows\ie7updates\KB978207-IE7\extmgr.dll
+ 2010-01-22 17:20 . 2009-10-29 07:40 214528 c:\windows\ie7updates\KB978207-IE7\dxtrans.dll
+ 2010-01-22 17:20 . 2009-10-29 07:40 347136 c:\windows\ie7updates\KB978207-IE7\dxtmsft.dll
+ 2010-01-22 17:20 . 2009-10-29 07:40 124928 c:\windows\ie7updates\KB978207-IE7\advpack.dll
+ 2010-08-12 21:16 . 2010-05-04 17:14 832512 c:\windows\ie7updates\KB2183461-IE7\wininet.dll
+ 2010-08-12 21:16 . 2010-05-04 17:14 233472 c:\windows\ie7updates\KB2183461-IE7\webcheck.dll
+ 2010-08-12 21:16 . 2010-05-04 17:14 105984 c:\windows\ie7updates\KB2183461-IE7\url.dll
+ 2010-08-12 21:16 . 2010-02-22 14:22 388984 c:\windows\ie7updates\KB2183461-IE7\spuninst\updspapi.dll
+ 2010-08-12 21:16 . 2010-02-22 14:22 234872 c:\windows\ie7updates\KB2183461-IE7\spuninst\spuninst.exe
+ 2010-08-12 21:16 . 2010-05-04 17:14 102912 c:\windows\ie7updates\KB2183461-IE7\occache.dll
+ 2010-08-12 21:16 . 2010-05-04 17:14 671232 c:\windows\ie7updates\KB2183461-IE7\mstime.dll
+ 2010-08-12 21:16 . 2010-05-04 17:14 193024 c:\windows\ie7updates\KB2183461-IE7\msrating.dll
+ 2010-08-12 21:16 . 2010-05-04 17:14 477696 c:\windows\ie7updates\KB2183461-IE7\mshtmled.dll
+ 2010-08-12 21:16 . 2010-05-04 17:14 459264 c:\windows\ie7updates\KB2183461-IE7\msfeeds.dll
+ 2010-08-12 21:16 . 2010-04-16 11:43 634656 c:\windows\ie7updates\KB2183461-IE7\iexplore.exe
+ 2010-08-12 21:16 . 2010-05-04 17:14 268288 c:\windows\ie7updates\KB2183461-IE7\iertutil.dll
+ 2010-08-12 21:16 . 2010-05-04 17:14 192512 c:\windows\ie7updates\KB2183461-IE7\iepeers.dll
+ 2010-08-12 21:16 . 2010-05-04 17:14 385024 c:\windows\ie7updates\KB2183461-IE7\iedkcs32.dll
+ 2010-08-12 21:16 . 2010-05-04 17:14 380928 c:\windows\ie7updates\KB2183461-IE7\ieapfltr.dll
+ 2010-08-12 21:16 . 2010-04-16 11:43 161792 c:\windows\ie7updates\KB2183461-IE7\ieakui.dll
+ 2010-08-12 21:16 . 2010-05-04 17:14 230400 c:\windows\ie7updates\KB2183461-IE7\ieaksie.dll
+ 2010-08-12 21:16 . 2010-05-04 17:14 153088 c:\windows\ie7updates\KB2183461-IE7\ieakeng.dll
+ 2010-08-12 21:16 . 2010-05-04 17:14 133120 c:\windows\ie7updates\KB2183461-IE7\extmgr.dll
+ 2010-08-12 21:16 . 2010-05-04 17:14 214528 c:\windows\ie7updates\KB2183461-IE7\dxtrans.dll
+ 2010-08-12 21:16 . 2010-05-04 17:14 347136 c:\windows\ie7updates\KB2183461-IE7\dxtmsft.dll
+ 2010-08-12 21:16 . 2010-05-04 17:14 124928 c:\windows\ie7updates\KB2183461-IE7\advpack.dll
+ 2010-09-05 19:03 . 2010-09-05 19:03 262144 c:\windows\ERDNT\05.09.2010\Users\00000006\UsrClass.dat
+ 2010-09-05 19:03 . 2010-09-05 19:03 237568 c:\windows\ERDNT\05.09.2010\Users\00000003\ntuser.dat
+ 2010-09-05 19:03 . 2010-09-05 19:03 233472 c:\windows\ERDNT\05.09.2010\Users\00000001\NTUSER.DAT
+ 2010-09-05 19:02 . 2005-10-20 10:02 163328 c:\windows\ERDNT\05.09.2010\ERDNT.EXE
+ 2008-11-12 08:03 . 2010-02-24 13:11 455680 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-06-13 00:05 . 2010-06-13 00:05 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_2193f57e\System.Drawing.dll
+ 2010-06-13 05:30 . 2010-06-13 05:30 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_3c981671\System.Drawing.Design.dll
+ 2010-06-13 05:30 . 2010-06-13 05:30 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_e7c1324e\CustomMarshalers.dll
+ 2010-08-13 04:27 . 2010-08-13 04:27 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\a16b8bcca59515281688ec856c034698\WsatConfig.ni.exe
+ 2010-08-13 04:21 . 2010-08-13 04:21 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\672c4d8e3c33e309c1ed90fa4cb85aba\WindowsFormsIntegration.ni.dll
+ 2010-08-13 04:21 . 2010-08-13 04:21 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\cd91a32f4e36ccb2981c72c0d333e928\UIAutomationTypes.ni.dll
+ 2010-08-13 04:21 . 2010-08-13 04:21 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\9df760fdf8071c7b0de78f39de365e6a\UIAutomationClient.ni.dll
+ 2010-08-13 04:28 . 2010-08-13 04:28 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\ff53d5b5249a2841ee196294429f51cf\System.Xml.Linq.ni.dll
+ 2010-08-13 04:28 . 2010-08-13 04:28 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\5e16c279496a553c988c6199f0cee8aa\System.Web.Routing.ni.dll
+ 2010-08-13 04:28 . 2010-08-13 04:28 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\d0ae809162b55e2fa958739177476af8\System.Web.RegularExpressions.ni.dll
+ 2010-08-13 04:28 . 2010-08-13 04:28 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\720b28d81e987b889180b291ea19b821\System.Web.Extensions.Design.ni.dll
+ 2010-08-13 04:28 . 2010-08-13 04:28 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\da36fd678161cd3444ef547c894e3f35\System.Web.Entity.ni.dll
+ 2010-08-13 04:28 . 2010-08-13 04:28 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\49ae7c73fac8827123d5db1714c22599\System.Web.Entity.Design.ni.dll
+ 2010-08-13 04:28 . 2010-08-13 04:28 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ce3aa27d3c4c052845ac5abb1374defa\System.Web.DynamicData.ni.dll
+ 2010-08-13 04:28 . 2010-08-13 04:28 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\95fab896ef2af14876e3e1524379773b\System.Web.Abstractions.ni.dll
+ 2010-08-13 04:28 . 2010-08-13 04:28 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\26d5bf1f7e700c2c19aa9b1da5519b24\System.Transactions.ni.dll
+ 2010-08-13 04:28 . 2010-08-13 04:28 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll
+ 2010-08-13 04:27 . 2010-08-13 04:27 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\75e331a5d731d8e207be07adc06dec23\System.Security.ni.dll
+ 2010-08-13 04:28 . 2010-08-13 04:28 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dd7497aa089340600c8c5af8ab421ff7\System.Runtime.Serialization.Formatters.Soap.ni.d ll
+ 2010-08-13 04:28 . 2010-08-13 04:28 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll
+ 2010-08-13 04:28 . 2010-08-13 04:28 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll
+ 2010-08-13 04:28 . 2010-08-13 04:28 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll
+ 2010-08-13 04:27 . 2010-08-13 04:27 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\4490976887e2e5a3b594041edbdf5064\System.IO.Log.ni.dll
+ 2010-08-13 04:27 . 2010-08-13 04:27 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\77b9f6f6671aaaeb84c6907d467e792c\System.IdentityModel.Selectors.ni.dll
+ 2010-08-13 04:28 . 2010-08-13 04:28 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.Wrapper.dll
+ 2010-08-13 04:28 . 2010-08-13 04:28 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.ni.dll
+ 2010-08-13 04:21 . 2010-08-13 04:21 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\90199b4aa63b1b9c8ed0c3de16eec824\System.Drawing.Design.ni.dll
+ 2010-08-13 04:28 . 2010-08-13 04:28 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-08-13 04:28 . 2010-08-13 04:28 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7a823a4f61cf8c86aad02559f8fed07b\System.DirectoryServices.Protocols.ni.dll
+ 2010-08-13 04:28 . 2010-08-13 04:28 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll
+ 2010-08-13 04:28 . 2010-08-13 04:28 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll
+ 2010-08-13 04:28 . 2010-08-13 04:28 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\488c4017d45e861644a34fae557aa80f\System.Data.Entity.Design.ni.dll
+ 2010-08-13 04:27 . 2010-08-13 04:27 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\41345e34f26854fc1878eae3e4d5d4a5\System.Data.DataSetExtensions.ni.dll
+ 2010-08-13 04:27 . 2010-08-13 04:27 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll
+ 2010-08-13 04:28 . 2010-08-13 04:28 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\b48677ab9aa7a6830785f67b8478b4da\System.Configuration.Install.ni.dll
+ 2010-08-13 04:27 . 2010-08-13 04:27 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\93a0958d5557e2b380647af0171ad354\System.AddIn.ni.dll
+ 2010-08-13 04:27 . 2010-08-13 04:27 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d0758f84e927e3f0a15a6cde1b96d835\SMSvcHost.ni.exe
+ 2010-08-13 04:27 . 2010-08-13 04:27 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8043a108e3bb2d3dcc84b547b8085e99\SMDiagnostics.ni.dll
+ 2010-08-13 04:27 . 2010-08-13 04:27 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5aeb40ff7128df2881fb03c01d070b20\ServiceModelReg.ni.exe
+ 2010-08-13 04:21 . 2010-08-13 04:21 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e7e7321956e6822b1bf3691c35c842f6\PresentationFramework.Aero.ni.dll
+ 2010-08-13 04:21 . 2010-08-13 04:21 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a14488afff027f0f2985e659449097f5\PresentationFramework.Royale.ni.dll
+ 2010-08-13 04:21 . 2010-08-13 04:21 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\787e60c5dd562cb45887080095d2a3b7\PresentationFramework.Classic.ni.dll
+ 2010-08-13 04:21 . 2010-08-13 04:21 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2313ccc125dcb6a9800048ec1c51ec12\PresentationFramework.Luna.ni.dll
+ 2010-08-13 04:27 . 2010-08-13 04:27 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5db9c32d9f352162e6da220ca463db0d\MSBuild.ni.exe
+ 2010-08-13 04:27 . 2010-08-13 04:27 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fcf975f74bd134d8e0fa8f37c5bc6a8c\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-08-13 04:27 . 2010-08-13 04:27 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d6b9038136600fbfbbbd7460dc19da19\Microsoft.Build.Utilities.ni.dll
+ 2010-08-13 04:27 . 2010-08-13 04:27 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\585cc7218599e7806521d0e737ba5ffb\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-08-13 04:27 . 2010-08-13 04:27 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3057ec53731286e69e389d103c32fa41\Microsoft.Build.Engine.ni.dll
+ 2010-08-13 04:27 . 2010-08-13 04:27 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\914e338ac6e92714f3e32ae5d89bf03b\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-08-13 04:27 . 2010-08-13 04:27 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\12ae6f3635448471fc9f7d8bfe39c67d\CustomMarshalers.ni.dll
+ 2010-08-13 04:27 . 2010-08-13 04:27 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\daca3c9ad6d867d3fec70d14b4f20cf3\ComSvcConfig.ni.exe
+ 2010-08-13 04:27 . 2010-08-13 04:27 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\56aec0938ef1bbdeca65b07a5fe8cd39\AspNetMMCExt.ni.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-13 00:03 . 2010-06-13 00:03 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-06-13 00:03 . 2010-06-13 00:03 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-08-09 13:12 . 2009-08-09 13:12 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2010-06-13 00:03 . 2010-06-13 00:03 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility

sonor71 07.09.2010 20:31
TEIL 2 Combofix.txt

2009-10-15 13:14 . 2009-10-15 13:14 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-03-30 07:34 . 2010-03-30 07:34 118784 c:\windows\assembly\GAC_MSIL\cli_uretypes\1.0.4.0__ce2cb7e279207b9e\cli_uretypes.dll
+ 2010-03-30 07:34 . 2010-03-30 07:34 856064 c:\windows\assembly\GAC_MSIL\cli_oootypes\1.0.4.0__ce2cb7e279207b9e\cli_oootypes.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-02-25 23:11 . 2010-02-25 23:11 726456 c:\windows\assembly\GAC_32\NMSDVDNet\1.0.1007.2002__2ff9184220f553d5\NMSDVDNet.dll
+ 2010-02-25 23:11 . 2010-02-25 23:11 573952 c:\windows\assembly\GAC_32\DVSCommon\1.0.0.3__f82a82905f938a77\DVSCommon.dll
+ 2010-05-26 06:05 . 2009-05-26 09:01 388984 c:\windows\$NtUninstallKB981793$\spuninst\updspapi.dll
+ 2010-05-26 06:05 . 2009-05-26 09:01 234872 c:\windows\$NtUninstallKB981793$\spuninst\spuninst.exe
+ 2010-04-15 07:06 . 2008-05-09 10:54 430080 c:\windows\$NtUninstallKB981349$\vbscript.dll
+ 2010-04-15 07:06 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB981349$\spuninst\updspapi.dll
+ 2010-04-15 07:06 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB981349$\spuninst\spuninst.exe
+ 2010-04-15 07:08 . 2009-05-26 09:01 388984 c:\windows\$NtUninstallKB980232$\spuninst\updspapi.dll
+ 2010-04-15 07:08 . 2009-05-26 09:01 234872 c:\windows\$NtUninstallKB980232$\spuninst\spuninst.exe
+ 2010-04-15 07:08 . 2009-12-04 18:22 455424 c:\windows\$NtUninstallKB980232$\mrxsmb.sys
+ 2010-06-13 00:05 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB980218$\spuninst\updspapi.dll
+ 2010-06-13 00:05 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB980218$\spuninst\spuninst.exe
+ 2010-06-13 00:05 . 2008-04-14 02:20 285696 c:\windows\$NtUninstallKB980218$\atmfd.dll
+ 2010-06-13 00:05 . 2008-07-08 13:00 388984 c:\windows\$NtUninstallKB980195$\spuninst\updspapi.dll
+ 2010-06-13 00:05 . 2008-07-08 13:00 234872 c:\windows\$NtUninstallKB980195$\spuninst\spuninst.exe
+ 2010-04-15 07:08 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB979683$\spuninst\updspapi.dll
+ 2010-04-15 07:08 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB979683$\spuninst\spuninst.exe
+ 2010-06-13 00:04 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB979559$\spuninst\updspapi.dll
+ 2010-06-13 00:04 . 2009-05-26 09:01 234872 c:\windows\$NtUninstallKB979559$\spuninst\spuninst.exe
+ 2010-06-13 00:03 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB979482$\spuninst\updspapi.dll
+ 2010-06-13 00:03 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB979482$\spuninst\spuninst.exe
+ 2010-04-15 07:08 . 2007-07-27 21:11 382840 c:\windows\$NtUninstallKB979402_WM9$\spuninst\updspapi.dll
+ 2010-04-15 07:08 . 2007-07-27 18:46 234872 c:\windows\$NtUninstallKB979402_WM9$\spuninst\spuninst.exe
+ 2010-04-14 10:54 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB979309$\spuninst\updspapi.dll
+ 2010-04-14 10:54 . 2008-07-08 13:00 234872 c:\windows\$NtUninstallKB979309$\spuninst\spuninst.exe
+ 2010-02-24 08:19 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB979306$\spuninst\updspapi.dll
+ 2010-02-24 08:19 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB979306$\spuninst\spuninst.exe
+ 2010-06-13 00:03 . 2007-07-27 21:11 382840 c:\windows\$NtUninstallKB978695_WM9$\spuninst\updspapi.dll
+ 2010-06-13 00:03 . 2007-07-27 18:46 234872 c:\windows\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe
+ 2010-04-14 10:54 . 2008-04-14 02:22 176640 c:\windows\$NtUninstallKB978601$\wintrust.dll
+ 2010-04-14 10:54 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB978601$\spuninst\updspapi.dll
+ 2010-04-14 10:54 . 2008-07-08 13:00 234872 c:\windows\$NtUninstallKB978601$\spuninst\spuninst.exe
+ 2010-05-12 07:17 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB978542$\spuninst\updspapi.dll
+ 2010-05-12 07:17 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB978542$\spuninst\spuninst.exe
+ 2010-05-12 07:17 . 2008-04-11 19:04 691712 c:\windows\$NtUninstallKB978542$\inetcomm.dll
+ 2010-04-15 07:06 . 2008-06-20 11:08 225856 c:\windows\$NtUninstallKB978338$\tcpip6.sys
+ 2010-04-15 07:06 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB978338$\spuninst\updspapi.dll
+ 2010-04-15 07:06 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB978338$\spuninst\spuninst.exe
+ 2010-04-15 07:06 . 2008-04-14 02:22 100352 c:\windows\$NtUninstallKB978338$\6to4svc.dll
+ 2010-02-10 08:43 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB978262$\spuninst\updspapi.dll
+ 2010-02-10 08:43 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB978262$\spuninst\spuninst.exe
+ 2010-02-10 08:41 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB978251$\spuninst\updspapi.dll
+ 2010-02-10 08:41 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB978251$\spuninst\spuninst.exe
+ 2010-02-10 08:41 . 2008-10-24 11:21 455296 c:\windows\$NtUninstallKB978251$\mrxsmb.sys
+ 2010-02-10 08:42 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB978037$\spuninst\updspapi.dll
+ 2010-02-10 08:42 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB978037$\spuninst\spuninst.exe
+ 2010-02-10 08:41 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB977914$\spuninst\updspapi.dll
+ 2010-02-10 08:41 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB977914$\spuninst\spuninst.exe
+ 2010-04-15 07:06 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB977816$\spuninst\updspapi.dll
+ 2010-04-15 07:06 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB977816$\spuninst\spuninst.exe
+ 2010-02-10 08:41 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB977165$\spuninst\updspapi.dll
+ 2010-02-10 08:41 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB977165$\spuninst\spuninst.exe
+ 2010-02-10 08:42 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB975713$\spuninst\updspapi.dll
+ 2010-02-10 08:42 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB975713$\spuninst\spuninst.exe
+ 2010-02-10 08:42 . 2008-04-14 02:22 474624 c:\windows\$NtUninstallKB975713$\shlwapi.dll
+ 2010-06-13 00:03 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB975562$\spuninst\updspapi.dll
+ 2010-06-13 00:03 . 2008-07-08 13:00 234872 c:\windows\$NtUninstallKB975562$\spuninst\spuninst.exe
+ 2010-03-09 23:28 . 2009-05-26 16:10 388984 c:\windows\$NtUninstallKB975561$\spuninst\updspapi.dll
+ 2010-03-09 23:28 . 2008-07-08 13:00 234872 c:\windows\$NtUninstallKB975561$\spuninst\spuninst.exe
+ 2010-02-10 08:41 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB975560$\spuninst\updspapi.dll
+ 2010-02-10 08:41 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB975560$\spuninst\spuninst.exe
+ 2010-02-10 08:43 . 2008-12-11 10:57 333952 c:\windows\$NtUninstallKB971468$\srv.sys
+ 2010-02-10 08:43 . 2008-07-08 13:00 388984 c:\windows\$NtUninstallKB971468$\spuninst\updspapi.dll
+ 2010-02-10 08:43 . 2008-07-08 13:00 234872 c:\windows\$NtUninstallKB971468$\spuninst\spuninst.exe
+ 2010-08-03 09:35 . 2010-02-22 14:22 388984 c:\windows\$NtUninstallKB2286198$\spuninst\updspapi.dll
+ 2010-08-03 09:35 . 2010-02-22 14:22 234872 c:\windows\$NtUninstallKB2286198$\spuninst\spuninst.exe
+ 2010-07-16 13:11 . 2010-02-22 17:52 388984 c:\windows\$NtUninstallKB2229593$\spuninst\updspapi.dll
+ 2010-07-16 13:11 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB2229593$\spuninst\spuninst.exe
+ 2010-07-16 13:11 . 2008-04-14 02:22 744448 c:\windows\$NtUninstallKB2229593$\helpsvc.exe
+ 2010-06-13 00:00 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB982381-IE7\update\updspapi.dll
+ 2010-06-13 00:00 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB982381-IE7\update\update.exe
+ 2010-06-13 00:00 . 2008-07-08 13:00 234872 c:\windows\$hf_mig$\KB982381-IE7\spuninst.exe
+ 2010-05-04 16:48 . 2010-05-04 16:48 841216 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\wininet.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48 233472 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\webcheck.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48 105984 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\url.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48 102912 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\occache.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48 671232 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\mstime.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48 193024 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\msrating.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48 477696 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\mshtmled.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48 459264 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\msfeeds.dll
+ 2010-04-16 11:08 . 2010-04-16 11:08 634648 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iexplore.exe
+ 2010-05-04 16:48 . 2010-05-04 16:48 268288 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iertutil.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48 193024 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iepeers.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48 388608 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iedkcs32.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48 380928 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieapfltr.dll
+ 2010-04-16 11:06 . 2010-04-16 11:06 161792 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieakui.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48 230400 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieaksie.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48 153088 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieakeng.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48 132608 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\extmgr.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48 214528 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\dxtrans.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48 347136 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\dxtmsft.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48 124928 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\advpack.dll
+ 2010-04-15 07:06 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB981349\update\updspapi.dll
+ 2010-04-15 07:06 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB981349\update\update.exe
+ 2010-04-15 07:06 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB981349\spuninst.exe
+ 2010-03-09 11:07 . 2010-03-09 11:07 430080 c:\windows\$hf_mig$\KB981349\SP3QFE\vbscript.dll
+ 2010-04-15 07:08 . 2009-05-26 09:01 388984 c:\windows\$hf_mig$\KB980232\update\updspapi.dll
+ 2010-04-15 07:08 . 2009-05-26 09:01 765304 c:\windows\$hf_mig$\KB980232\update\update.exe
+ 2010-04-15 07:08 . 2009-05-26 09:01 234872 c:\windows\$hf_mig$\KB980232\spuninst.exe
+ 2010-04-15 07:03 . 2010-02-24 11:57 457216 c:\windows\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys
+ 2010-06-13 00:05 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB980218\update\updspapi.dll
+ 2010-06-13 00:05 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB980218\update\update.exe
+ 2010-06-13 00:05 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB980218\spuninst.exe
+ 2010-04-20 05:37 . 2010-04-20 05:37 285824 c:\windows\$hf_mig$\KB980218\SP3QFE\atmfd.dll
+ 2010-06-13 00:05 . 2008-07-08 13:00 388984 c:\windows\$hf_mig$\KB980195\update\updspapi.dll
+ 2010-06-13 00:05 . 2008-07-08 13:00 765304 c:\windows\$hf_mig$\KB980195\update\update.exe
+ 2010-06-13 00:05 . 2008-07-08 13:00 234872 c:\windows\$hf_mig$\KB980195\spuninst.exe
+ 2010-03-31 01:40 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB980182-IE7\update\updspapi.dll
+ 2010-03-31 01:40 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB980182-IE7\update\update.exe
+ 2010-03-31 01:40 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB980182-IE7\spuninst.exe
+ 2010-03-11 11:42 . 2010-03-11 11:42 841216 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\wininet.dll
+ 2010-03-11 11:42 . 2010-03-11 11:42 233472 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\webcheck.dll
+ 2010-03-11 11:42 . 2010-03-11 11:42 105984 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\url.dll
+ 2010-03-11 11:42 . 2010-03-11 11:42 102912 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\occache.dll
+ 2010-03-11 11:42 . 2010-03-11 11:42 671232 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\mstime.dll
+ 2010-03-11 11:42 . 2010-03-11 11:42 193024 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\msrating.dll
+ 2010-03-11 11:42 . 2010-03-11 11:42 477696 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\mshtmled.dll
+ 2010-03-11 11:42 . 2010-03-11 11:42 459264 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\msfeeds.dll
+ 2010-02-23 05:19 . 2010-02-23 05:19 634648 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\iexplore.exe
+ 2010-03-11 11:42 . 2010-03-11 11:42 268288 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\iertutil.dll
+ 2010-03-11 11:42 . 2010-03-11 11:42 193024 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\iepeers.dll
+ 2010-03-11 11:42 . 2010-03-11 11:42 388608 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\iedkcs32.dll
+ 2010-03-11 11:42 . 2010-03-11 11:42 380928 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\ieapfltr.dll
+ 2010-02-23 05:18 . 2010-02-23 05:18 161792 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\ieakui.dll
+ 2010-03-11 11:42 . 2010-03-11 11:42 230400 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\ieaksie.dll
+ 2010-03-11 11:42 . 2010-03-11 11:42 153088 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\ieakeng.dll
+ 2010-03-11 11:42 . 2010-03-11 11:42 132608 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\extmgr.dll
+ 2010-03-11 11:42 . 2010-03-11 11:42 214528 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\dxtrans.dll
+ 2010-03-11 11:42 . 2010-03-11 11:42 347136 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\dxtmsft.dll
+ 2010-03-11 11:42 . 2010-03-11 11:42 124928 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\advpack.dll
+ 2010-04-15 07:08 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB979683\update\updspapi.dll
+ 2010-04-15 07:08 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB979683\update\update.exe
+ 2010-04-15 07:08 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB979683\spuninst.exe
+ 2010-06-13 00:04 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB979559\update\updspapi.dll
+ 2010-06-13 00:04 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB979559\update\update.exe
+ 2010-06-13 00:04 . 2009-05-26 09:01 234872 c:\windows\$hf_mig$\KB979559\spuninst.exe
+ 2010-06-13 00:03 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB979482\update\updspapi.dll
+ 2010-06-13 00:03 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB979482\update\update.exe
+ 2010-06-13 00:03 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB979482\spuninst.exe
+ 2010-04-14 10:54 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB979309\update\updspapi.dll
+ 2010-04-14 10:54 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB979309\update\update.exe
+ 2010-04-14 10:54 . 2008-07-08 13:00 234872 c:\windows\$hf_mig$\KB979309\spuninst.exe
+ 2010-04-14 10:54 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB978601\update\updspapi.dll
+ 2010-04-14 10:54 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB978601\update\update.exe
+ 2010-04-14 10:54 . 2008-07-08 13:00 234872 c:\windows\$hf_mig$\KB978601\spuninst.exe
+ 2009-12-24 06:42 . 2009-12-24 06:42 178176 c:\windows\$hf_mig$\KB978601\SP3QFE\wintrust.dll
+ 2010-05-12 07:17 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB978542\update\updspapi.dll
+ 2010-05-12 07:17 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB978542\update\update.exe
+ 2010-05-12 07:17 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB978542\spuninst.exe
+ 2010-01-29 14:53 . 2010-01-29 14:53 691712 c:\windows\$hf_mig$\KB978542\SP3QFE\inetcomm.dll
+ 2010-04-15 07:06 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB978338\update\updspapi.dll
+ 2010-04-15 07:06 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB978338\update\update.exe
+ 2010-04-15 07:06 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB978338\spuninst.exe
+ 2010-02-11 11:36 . 2010-02-11 11:36 226880 c:\windows\$hf_mig$\KB978338\SP3QFE\tcpip6.sys
+ 2010-02-12 04:28 . 2010-02-12 04:28 100864 c:\windows\$hf_mig$\KB978338\SP3QFE\6to4svc.dll
+ 2010-02-10 08:43 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB978262\update\updspapi.dll
+ 2010-02-10 08:43 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB978262\update\update.exe
+ 2010-02-10 08:43 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB978262\spuninst.exe
+ 2010-02-10 08:42 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB978251\update\updspapi.dll
+ 2010-02-10 08:42 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB978251\update\update.exe
+ 2010-02-10 08:42 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB978251\spuninst.exe
+ 2010-02-10 08:29 . 2009-12-04 17:25 456832 c:\windows\$hf_mig$\KB978251\SP3QFE\mrxsmb.sys
+ 2010-01-22 17:20 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB978207-IE7\update\updspapi.dll
+ 2010-01-22 17:20 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB978207-IE7\update\update.exe
+ 2010-01-22 17:20 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB978207-IE7\spuninst.exe
+ 2010-01-05 09:46 . 2010-01-05 09:46 841216 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\wininet.dll
+ 2010-01-05 09:46 . 2010-01-05 09:46 233472 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\webcheck.dll
+ 2010-01-05 09:46 . 2010-01-05 09:46 105984 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\url.dll
+ 2010-01-05 09:46 . 2010-01-05 09:46 102912 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\occache.dll
+ 2010-01-05 09:46 . 2010-01-05 09:46 671232 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mstime.dll
+ 2010-01-05 09:46 . 2010-01-05 09:46 193024 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\msrating.dll
+ 2010-01-05 09:46 . 2010-01-05 09:46 477696 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mshtmled.dll
+ 2010-01-05 09:45 . 2010-01-05 09:45 459264 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\msfeeds.dll
+ 2009-12-18 07:00 . 2009-12-18 07:00 634632 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\iexplore.exe
+ 2010-01-05 09:45 . 2010-01-05 09:45 268288 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\iertutil.dll
+ 2010-01-05 09:45 . 2010-01-05 09:45 193024 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\iepeers.dll
+ 2010-01-05 09:45 . 2010-01-05 09:45 388608 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\iedkcs32.dll
+ 2010-01-05 09:45 . 2010-01-05 09:45 380928 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieapfltr.dll
+ 2009-12-18 06:58 . 2009-12-18 06:58 161792 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieakui.dll
+ 2010-01-05 09:45 . 2010-01-05 09:45 230400 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieaksie.dll
+ 2010-01-05 09:45 . 2010-01-05 09:45 153088 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieakeng.dll
+ 2010-01-05 09:45 . 2010-01-05 09:45 132608 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\extmgr.dll
+ 2010-01-05 09:45 . 2010-01-05 09:45 214528 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\dxtrans.dll
+ 2010-01-05 09:45 . 2010-01-05 09:45 347136 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\dxtmsft.dll
+ 2010-01-05 09:45 . 2010-01-05 09:45 124928 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\advpack.dll
+ 2010-02-10 08:42 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB978037\update\updspapi.dll
+ 2010-02-10 08:42 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB978037\update\update.exe
+ 2010-02-10 08:42 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB978037\spuninst.exe
+ 2010-02-10 08:41 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB977914\update\updspapi.dll
+ 2010-02-10 08:41 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB977914\update\update.exe
+ 2010-02-10 08:41 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB977914\spuninst.exe
+ 2010-04-15 07:06 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB977816\update\updspapi.dll
+ 2010-04-15 07:06 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB977816\update\update.exe
+ 2010-04-15 07:06 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB977816\spuninst.exe
+ 2010-02-10 08:41 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB977165\update\updspapi.dll
+ 2010-02-10 08:41 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB977165\update\update.exe
+ 2010-02-10 08:41 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB977165\spuninst.exe
+ 2010-02-10 08:42 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB975713\update\updspapi.dll
+ 2010-02-10 08:42 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB975713\update\update.exe
+ 2010-02-10 08:42 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB975713\spuninst.exe
+ 2009-12-08 09:01 . 2009-12-08 09:01 474624 c:\windows\$hf_mig$\KB975713\SP3QFE\shlwapi.dll
+ 2010-06-13 00:03 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB975562\update\updspapi.dll
+ 2010-06-13 00:03 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB975562\update\update.exe
+ 2010-06-13 00:03 . 2008-07-08 13:00 234872 c:\windows\$hf_mig$\KB975562\spuninst.exe
+ 2010-03-09 23:28 . 2009-05-26 16:10 388984 c:\windows\$hf_mig$\KB975561\update\updspapi.dll
+ 2010-03-09 23:28 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB975561\update\update.exe
+ 2010-03-09 23:28 . 2008-07-08 13:00 234872 c:\windows\$hf_mig$\KB975561\spuninst.exe
+ 2010-02-10 08:41 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB975560\update\updspapi.dll
+ 2010-02-10 08:41 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB975560\update\update.exe
+ 2010-02-10 08:41 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB975560\spuninst.exe
+ 2010-02-10 08:43 . 2008-07-08 13:00 388984 c:\windows\$hf_mig$\KB971468\update\updspapi.dll
+ 2010-02-10 08:43 . 2008-07-08 13:00 765304 c:\windows\$hf_mig$\KB971468\update\update.exe
+ 2010-02-10 08:43 . 2008-07-08 13:00 234872 c:\windows\$hf_mig$\KB971468\spuninst.exe
+ 2010-02-10 08:29 . 2010-01-01 07:58 353792 c:\windows\$hf_mig$\KB971468\SP3QFE\srv.sys
+ 2010-08-03 09:35 . 2010-02-22 14:22 388984 c:\windows\$hf_mig$\KB2286198\update\updspapi.dll
+ 2010-08-03 09:35 . 2010-02-22 14:22 765304 c:\windows\$hf_mig$\KB2286198\update\update.exe
+ 2010-08-03 09:35 . 2010-02-22 14:22 234872 c:\windows\$hf_mig$\KB2286198\spuninst.exe
+ 2010-07-16 13:11 . 2010-02-22 17:52 388984 c:\windows\$hf_mig$\KB2229593\update\updspapi.dll
+ 2010-07-16 13:11 . 2010-02-22 14:21 765304 c:\windows\$hf_mig$\KB2229593\update\update.exe
+ 2010-07-16 13:11 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB2229593\spuninst.exe
+ 2010-07-16 13:04 . 2010-06-14 14:38 744448 c:\windows\$hf_mig$\KB2229593\SP3QFE\helpsvc.exe
+ 2004-08-13 11:41 . 2010-04-08 12:03 2113536 c:\windows\system32\WMVCore.dll
+ 2004-08-13 11:41 . 2010-03-19 16:05 4874240 c:\windows\system32\wmp.dll
- 2004-08-13 11:41 . 2009-07-12 10:21 4874240 c:\windows\system32\wmp.dll
+ 2010-04-16 08:28 . 2009-10-16 00:33 3003680 c:\windows\system32\usbaaplrc.dll
- 2004-08-13 11:40 . 2009-10-29 07:41 1168384 c:\windows\system32\urlmon.dll
+ 2004-08-13 11:40 . 2010-06-24 12:15 1168384 c:\windows\system32\urlmon.dll
+ 2004-08-13 11:40 . 2010-07-27 06:29 8503296 c:\windows\system32\shell32.dll
+ 2004-08-13 11:40 . 2010-02-05 18:25 1297408 c:\windows\system32\quartz.dll
+ 2004-08-13 11:40 . 2010-04-28 05:41 2148864 c:\windows\system32\ntoskrnl.exe
+ 2004-08-03 23:50 . 2010-04-28 05:41 2027008 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-13 11:40 . 2010-06-24 12:15 3600896 c:\windows\system32\mshtml.dll
+ 2010-01-27 01:07 . 2010-08-17 15:09 5969360 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-04-08 16:24 . 2009-04-08 16:24 7311360 c:\windows\system32\LxXtreme60VC8.dll
- 2008-07-17 11:48 . 2008-07-17 11:48 5701632 c:\windows\system32\LxXtreme50VC8.dll
+ 2009-04-08 16:07 . 2009-04-08 16:07 5701632 c:\windows\system32\LxXtreme50VC8.dll
+ 2009-04-08 16:24 . 2009-04-08 16:24 1245184 c:\windows\system32\LxTool70VC8.dll
+ 2009-04-08 16:24 . 2009-04-08 16:24 1257472 c:\windows\system32\LXTool70NSVC8.dll
- 2007-08-13 16:54 . 2009-10-29 07:40 6067200 c:\windows\system32\ieframe.dll
+ 2007-08-13 16:54 . 2010-06-24 12:15 6067200 c:\windows\system32\ieframe.dll
+ 2009-04-08 17:14 . 2009-04-08 17:14 1421312 c:\windows\system32\FormAssi50.dll
+ 2010-04-16 08:28 . 2009-10-16 00:33 3003680 c:\windows\system32\DRVSTORE\usbaapl_E0F497D6C8B1C59AEB6422181BF0AFABD8356D47\usbaaplrc.dll
+ 2010-04-16 08:28 . 2010-03-16 17:53 1419232 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\wdfcoinstaller01005.dll
+ 2006-12-07 17:02 . 2010-04-08 12:03 2113536 c:\windows\system32\dllcache\WMVCore.dll
+ 2008-10-25 06:48 . 2010-03-19 16:05 4874240 c:\windows\system32\dllcache\wmp.dll
- 2008-10-25 06:48 . 2009-07-12 10:21 4874240 c:\windows\system32\dllcache\wmp.dll
+ 2008-10-16 06:21 . 2010-06-24 09:02 1852032 c:\windows\system32\dllcache\win32k.sys
- 2008-08-14 10:39 . 2009-10-29 07:41 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2008-08-14 10:39 . 2010-06-24 12:15 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:00 . 2010-07-27 06:29 8503296 c:\windows\system32\dllcache\shell32.dll
+ 2008-05-07 05:10 . 2010-02-05 18:25 1297408 c:\windows\system32\dllcache\quartz.dll
+ 2008-10-16 06:21 . 2010-04-28 18:11 2192256 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-16 06:21 . 2010-04-28 05:41 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-16 06:21 . 2010-04-28 05:41 2069120 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-16 06:21 . 2010-04-28 05:41 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-11-12 08:02 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll
- 2008-11-12 08:02 . 2009-07-31 04:32 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2004-08-13 11:53 . 2010-01-29 14:59 1315328 c:\windows\system32\dllcache\msoe.dll
- 2004-08-13 11:53 . 2009-07-10 13:26 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2008-02-17 02:59 . 2010-06-24 12:15 3600896 c:\windows\system32\dllcache\mshtml.dll
+ 2010-03-09 19:39 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2008-10-05 18:52 . 2010-06-24 12:15 6067200 c:\windows\system32\dllcache\ieframe.dll
- 2008-10-05 18:52 . 2009-10-29 07:40 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2009-11-06 23:06 . 2009-11-06 23:06 1130824 c:\windows\system32\dfshim.dll
+ 2010-04-07 21:48 . 2010-04-07 21:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
- 2008-11-25 02:59 . 2008-11-25 02:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 03:32 . 2010-03-23 03:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 03:32 . 2010-03-23 03:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2009-08-07 21:51 . 2009-08-07 21:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 04:40 . 2010-05-11 04:40 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 04:40 . 2010-05-11 04:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2010-04-01 09:42 . 2010-04-01 09:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2008-05-27 23:35 . 2008-05-27 23:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2010-04-01 09:42 . 2010-04-01 09:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2008-05-27 23:35 . 2008-05-27 23:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2010-03-31 12:50 . 2010-03-31 12:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2008-05-27 22:48 . 2008-05-27 22:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-03-31 12:50 . 2010-03-31 12:50 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2008-05-27 22:43 . 2008-05-27 22:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-04-01 09:42 . 2010-04-01 09:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-09-03 19:33 . 2010-09-03 19:33 2026496 c:\windows\Installer\ffe17.msi
+ 2009-11-16 15:02 . 2009-11-16 15:02 1092096 c:\windows\Installer\86488.msp
+ 2010-04-11 20:17 . 2010-04-11 20:17 2607104 c:\windows\Installer\7bcf0a.msp
+ 2010-04-11 20:17 . 2010-04-11 20:17 4210688 c:\windows\Installer\7bcf09.msp
+ 2009-11-08 22:25 . 2009-11-08 22:25 1935360 c:\windows\Installer\6ff2d8.msp
+ 2010-04-16 08:30 . 2010-04-16 08:30 4911104 c:\windows\Installer\5e685a.msi
+ 2010-04-16 08:29 . 2010-04-16 08:29 9472000 c:\windows\Installer\5e6856.msi
+ 2010-04-16 08:28 . 2010-04-16 08:28 1554944 c:\windows\Installer\5e6803.msi
+ 2010-04-16 08:28 . 2010-04-16 08:28 3165184 c:\windows\Installer\5e67fc.msi
+ 2010-04-16 08:28 . 2010-04-16 08:28 1984000 c:\windows\Installer\5e67f5.msi
+ 2010-02-13 15:04 . 2010-02-13 15:04 1744896 c:\windows\Installer\15c263c.msi
+ 2010-02-13 15:04 . 2010-02-13 15:04 3045888 c:\windows\Installer\15c2614.msi
+ 2010-02-13 15:01 . 2010-02-13 15:01 3588608 c:\windows\Installer\15c2505.msi
+ 2010-03-30 07:34 . 2010-03-30 07:34 7424000 c:\windows\Installer\{192A107E-C6B9-41B9-BDBF-38E3AA226054}\soffice.exe
+ 2010-06-13 00:00 . 2010-03-11 12:31 1168384 c:\windows\ie7updates\KB982381-IE7\urlmon.dll
+ 2010-06-13 00:00 . 2010-03-11 12:31 3599872 c:\windows\ie7updates\KB982381-IE7\mshtml.dll
+ 2010-06-13 00:00 . 2010-03-11 12:31 6067200 c:\windows\ie7updates\KB982381-IE7\ieframe.dll
+ 2010-03-31 01:40 . 2010-01-05 09:52 1168384 c:\windows\ie7updates\KB980182-IE7\urlmon.dll
+ 2010-03-31 01:40 . 2010-01-05 09:52 3599360 c:\windows\ie7updates\KB980182-IE7\mshtml.dll
+ 2010-03-31 01:40 . 2010-01-05 09:52 6067200 c:\windows\ie7updates\KB980182-IE7\ieframe.dll
+ 2010-01-22 17:20 . 2009-10-29 07:41 1168384 c:\windows\ie7updates\KB978207-IE7\urlmon.dll
+ 2010-01-22 17:20 . 2009-10-29 07:41 3598336 c:\windows\ie7updates\KB978207-IE7\mshtml.dll
+ 2010-01-22 17:20 . 2009-10-29 07:40 6067200 c:\windows\ie7updates\KB978207-IE7\ieframe.dll
+ 2010-08-12 21:16 . 2010-05-04 17:14 1168384 c:\windows\ie7updates\KB2183461-IE7\urlmon.dll
+ 2010-08-12 21:16 . 2010-05-04 17:14 3600384 c:\windows\ie7updates\KB2183461-IE7\mshtml.dll
+ 2010-08-12 21:16 . 2010-05-04 17:14 6067200 c:\windows\ie7updates\KB2183461-IE7\ieframe.dll
+ 2008-10-16 06:21 . 2010-04-28 18:11 2192256 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-16 06:21 . 2010-04-28 05:41 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-16 06:21 . 2010-04-28 05:41 2069120 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-16 06:21 . 2010-04-28 05:41 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-06-13 05:30 . 2010-06-13 05:30 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_87daa420\System.dll
+ 2010-06-13 00:05 . 2010-06-13 00:05 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_76826ccd\System.dll
+ 2010-06-13 00:05 . 2010-06-13 00:05 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_78a0469d\System.Xml.dll
+ 2010-06-13 05:31 . 2010-06-13 05:31 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_3607abe2\System.Xml.dll
+ 2010-06-13 00:05 . 2010-06-13 00:05 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_cbc1b153\System.Windows.Forms.dll
+ 2010-06-13 05:30 . 2010-06-13 05:30 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_b61b73ab\System.Windows.Forms.dll
+ 2010-06-13 05:31 . 2010-06-13 05:31 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_54ee9053\System.Drawing.dll
+ 2010-06-13 05:31 . 2010-06-13 05:31 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_c8039eec\System.Design.dll
+ 2010-06-13 00:05 . 2010-06-13 00:05 1466368 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_0ea2f709\System.Design.dll
+ 2010-06-13 05:31 . 2010-06-13 05:31 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_af797f1f\mscorlib.dll
+ 2010-06-13 00:05 . 2010-06-13 00:05 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_53f781f1\mscorlib.dll
+ 2010-08-12 21:16 . 2010-08-12 21:16 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cec7ecb8eac09dd630d180ce87d23b80\WindowsBase.ni.dll
+ 2010-08-13 04:21 . 2010-08-13 04:21 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\b7f6e7b265f9aae807ddc4284563e550\UIAutomationClientsideProviders.ni.dll
+ 2010-06-13 00:03 . 2010-06-13 00:03 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP40C.tmp\System.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
+ 2010-08-13 04:21 . 2010-08-13 04:21 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
+ 2010-08-13 04:28 . 2010-08-13 04:28 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\60b3c9a63b2065a6952d16256545c25d\System.WorkflowServices.ni.dll
+ 2010-08-13 04:28 . 2010-08-13 04:28 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5cc2a23ce8ac371c7a97b5e542ee27ed\System.Workflow.Runtime.ni.dll
+ 2010-08-13 04:28 . 2010-08-13 04:28 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c0aabf67e7ef98dc10c3e174c136731b\System.Workflow.ComponentModel.ni.dll
+ 2010-08-13 04:28 . 2010-08-13 04:28 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\66682c8a064608ba4ffd0463cf09aef9\System.Workflow.Activities.ni.dll
+ 2010-08-13 04:28 . 2010-08-13 04:28 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2d662564b8d9c57a34c588cc2970902b\System.Web.Services.ni.dll
+ 2010-08-13 04:28 . 2010-08-13 04:28 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\9b455702c9b7b02c5708406f87986751\System.Web.Mobile.ni.dll
+ 2010-08-13 04:28 . 2010-08-13 04:28 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\49c7a1c78ed9502ba97c11e6bd993f63\System.Web.Extensions.ni.dll
+ 2010-08-13 04:21 . 2010-08-13 04:21 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5eb08849d17b272ed2a393420cb0305b\System.Speech.ni.dll
+ 2010-08-13 04:28 . 2010-08-13 04:28 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\f5790a1b7b41e7b8d05f01b549c80f39\System.ServiceModel.Web.ni.dll
+ 2010-08-13 04:27 . 2010-08-13 04:27 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8061a0f5c1c2ee0549e19224352f67fa\System.Runtime.Serialization.ni.dll
+ 2010-08-13 04:21 . 2010-08-13 04:21 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\99767d4df92b83fdfb06012512722ec1\System.Printing.ni.dll
+ 2010-08-13 04:27 . 2010-08-13 04:27 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\0885f31c21b796465fde6297dba20981\System.IdentityModel.ni.dll
+ 2010-08-13 04:21 . 2010-08-13 04:21 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll
+ 2010-08-13 04:28 . 2010-08-13 04:28 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d20b7e58607ddb1ded9b687627ae8c21\System.DirectoryServices.ni.dll
+ 2010-08-13 04:28 . 2010-08-13 04:28 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\daa33674d4250e38a24b70180d209ac8\System.Deployment.ni.dll
+ 2010-08-13 04:21 . 2010-08-13 04:21 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f04ef00e652a8655a717639e8aeb7b63\System.Data.ni.dll
+ 2010-08-13 04:27 . 2010-08-13 04:27 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f0470c2be4e6bb1dadbeed43e4e8af5c\System.Data.SqlXml.ni.dll
+ 2010-08-13 04:28 . 2010-08-13 04:28 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\23cf0498f2ebe4c8ffa5cc79efca2dc5\System.Data.Services.ni.dll
+ 2010-08-13 04:21 . 2010-08-13 04:21 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c18c236a09e715138daec2e25be205bb\System.Data.Linq.ni.dll
+ 2010-08-13 04:28 . 2010-08-13 04:28 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6ce886492d9b6a34555be3f328682ec2\System.Data.Entity.ni.dll
+ 2010-08-13 04:21 . 2010-08-13 04:21 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\faeda674832135a080bc73eda51813ff\System.Core.ni.dll
+ 2010-08-13 04:21 . 2010-08-13 04:21 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\3e85c3d63ce3c3f37061aa626feb2a52\ReachFramework.ni.dll
+ 2010-08-13 04:21 . 2010-08-13 04:21 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\bf67db30179ff6e8cb1bdbaa290d122e\PresentationUI.ni.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\835786d8a0caabae09ad440f6e3abfc6\PresentationBuildTasks.ni.dll
+ 2010-08-13 04:27 . 2010-08-13 04:27 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\9732a7c993055f82040642966db07ccf\Microsoft.VisualBasic.ni.dll
+ 2010-08-13 04:27 . 2010-08-13 04:27 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\773d7bf69a9a0c0556aa41f53e75ab05\Microsoft.Transactions.Bridge.ni.dll
+ 2010-08-13 04:28 . 2010-08-13 04:28 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07efdb9da2a18e27585c604be\Microsoft.JScript.ni.dll
+ 2010-08-13 04:27 . 2010-08-13 04:27 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d0fb91b296616a1a844bf265947018ee\Microsoft.Build.Tasks.ni.dll
+ 2010-08-13 04:27 . 2010-08-13 04:27 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\892e993c8df1c75081113131dc429c15\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-08-13 04:27 . 2010-08-13 04:27 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d0beebd2c9045158cdcd4bd5987b717b\Microsoft.Build.Engine.ni.dll
+ 2010-06-23 11:28 . 2010-06-23 11:28 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-06-13 00:03 . 2010-06-13 00:03 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-23 11:28 . 2010-06-23 11:28 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-10-15 13:14 . 2009-10-15 13:14 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-06-23 11:28 . 2010-06-23 11:28 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2009-08-09 13:12 . 2009-08-09 13:12 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-06-13 00:05 . 2010-06-13 00:05 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2009-10-15 13:11 . 2009-10-15 13:11 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2009-10-15 13:11 . 2009-10-15 13:11 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-06-13 00:05 . 2010-06-13 00:05 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-04-15 07:08 . 2009-12-09 10:05 2147840 c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
+ 2010-04-15 07:08 . 2009-12-09 10:05 2026496 c:\windows\$NtUninstallKB979683$\ntkrpamp.exe
+ 2010-04-15 07:08 . 2009-12-09 10:05 2026496 c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
+ 2010-04-15 07:08 . 2009-12-09 10:05 2147840 c:\windows\$NtUninstallKB979683$\ntkrnlmp.exe
+ 2010-06-13 00:04 . 2009-08-14 15:10 1850752 c:\windows\$NtUninstallKB979559$\win32k.sys
+ 2010-04-15 07:08 . 2009-07-12 10:21 4874240 c:\windows\$NtUninstallKB979402_WM9$\wmp.dll
+ 2010-06-13 00:03 . 2009-05-26 14:53 2174976 c:\windows\$NtUninstallKB978695_WM9$\wmvcore.dll
+ 2010-05-12 07:17 . 2009-07-10 13:26 1315328 c:\windows\$NtUninstallKB978542$\msoe.dll
+ 2010-02-10 08:41 . 2009-08-04 17:26 2147840 c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
+ 2010-02-10 08:41 . 2009-08-04 17:25 2026496 c:\windows\$NtUninstallKB977165$\ntkrpamp.exe
+ 2010-02-10 08:41 . 2009-08-04 17:25 2026496 c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
+ 2010-02-10 08:41 . 2009-08-04 17:26 2147840 c:\windows\$NtUninstallKB977165$\ntkrnlmp.exe
+ 2010-06-13 00:03 . 2009-11-27 17:11 1297408 c:\windows\$NtUninstallKB975562$\quartz.dll
+ 2010-03-09 23:28 . 2008-04-14 02:22 3558912 c:\windows\$NtUninstallKB975561$\moviemk.exe
+ 2010-02-10 08:41 . 2009-06-03 19:09 1296896 c:\windows\$NtUninstallKB975560$\quartz.dll
+ 2010-08-03 09:35 . 2008-06-17 19:00 8502272 c:\windows\$NtUninstallKB2286198$\shell32.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48 1171968 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\urlmon.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48 3603456 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\mshtml.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48 6071296 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieframe.dll
+ 2010-06-12 21:57 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieapfltr.dat
+ 2010-03-11 11:42 . 2010-03-11 11:42 1171968 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\urlmon.dll
+ 2010-03-11 11:42 . 2010-03-11 11:42 3602944 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\mshtml.dll
+ 2010-03-11 11:42 . 2010-03-11 11:42 6070784 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\ieframe.dll
+ 2010-03-31 01:31 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\ieapfltr.dat
+ 2010-04-15 07:03 . 2010-02-16 18:58 2192384 c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
+ 2010-04-15 07:03 . 2010-02-16 18:58 2027008 c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrpamp.exe
+ 2010-04-15 07:03 . 2010-02-16 18:58 2069248 c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
+ 2010-04-15 07:03 . 2010-02-16 18:58 2148864 c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlmp.exe
+ 2010-05-02 08:00 . 2010-05-02 08:00 1860480 c:\windows\$hf_mig$\KB979559\SP3QFE\win32k.sys
+ 2010-01-29 14:53 . 2010-01-29 14:53 1315328 c:\windows\$hf_mig$\KB978542\SP3QFE\msoe.dll
+ 2010-01-05 09:46 . 2010-01-05 09:46 1170944 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\urlmon.dll
+ 2010-01-05 09:46 . 2010-01-05 09:46 3602944 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mshtml.dll
+ 2010-01-05 09:45 . 2010-01-05 09:45 6071296 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieframe.dll
+ 2010-01-22 17:15 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieapfltr.dat
+ 2009-12-09 14:29 . 2009-12-09 14:29 2191616 c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
+ 2010-02-10 08:29 . 2009-12-09 09:58 2026496 c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrpamp.exe
+ 2009-12-09 14:29 . 2009-12-09 14:29 2068480 c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
+ 2010-02-10 08:29 . 2009-12-09 09:58 2147840 c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlmp.exe
+ 2010-02-05 18:28 . 2010-02-05 18:28 1297408 c:\windows\$hf_mig$\KB975562\SP3QFE\quartz.dll
+ 2010-03-09 19:39 . 2009-10-23 14:53 3558912 c:\windows\$hf_mig$\KB975561\SP3QFE\moviemk.exe
+ 2009-11-27 17:23 . 2009-11-27 17:23 1297408 c:\windows\$hf_mig$\KB975560\SP3QFE\quartz.dll
+ 2010-07-27 06:27 . 2010-07-27 06:27 8504320 c:\windows\$hf_mig$\KB2286198\SP3QFE\shell32.dll
+ 2008-08-22 05:42 . 2010-08-03 18:09 35962312 c:\windows\system32\MRT.exe
+ 2010-04-02 17:29 . 2010-04-02 17:29 11413504 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp
+ 2010-02-13 15:02 . 2008-11-14 16:27 73009664 c:\windows\Installer\LxCache\{8E9A0A1E-84C6-4ED7-865D-3591180C6AC8}\Lexware_buchhalter.msi
+ 2010-04-02 10:30 . 2010-04-02 10:30 17456640 c:\windows\Installer\7bcf38.msp
+ 2010-04-11 20:17 . 2010-04-11 20:17 14599680 c:\windows\Installer\7bcf19.msp
+ 2010-03-30 23:23 . 2010-03-30 23:23 15638528 c:\windows\Installer\6ff2e5.msp
+ 2010-03-30 07:34 . 2010-03-30 07:34 10179072 c:\windows\Installer\2a8cf6.msi
+ 2010-05-19 11:08 . 2010-05-19 11:08 11408896 c:\windows\Installer\188949.msp
+ 2009-04-29 08:26 . 2009-04-29 08:26 15371776 c:\windows\Installer\15c2a02.msp
+ 2010-09-05 19:03 . 2010-09-05 19:03 15048704 c:\windows\ERDNT\05.09.2010\Users\00000005\ntuser.dat
+ 2010-06-13 00:02 . 2010-06-13 00:02 13725184 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP32D.tmp\PresentationFramework.dll
+ 2010-08-13 04:21 . 2010-08-13 04:21 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll
+ 2010-08-13 04:28 . 2010-08-13 04:28 11798016 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\411a627d6f5cb83509332253406988e5\System.Web.ni.dll
+ 2010-08-13 04:27 . 2010-08-13 04:27 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\f523a69e7c93ee4f245c996eac4b3a57\System.ServiceModel.ni.dll
+ 2010-08-13 04:21 . 2010-08-13 04:21 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\b307acf63075b997d02a97a7492d0d9c\System.Design.ni.dll
+ 2010-08-13 04:20 . 2010-08-13 04:20 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a632f3ef85ffd35341b383eed577cb93\PresentationFramework.ni.dll
+ 2010-08-12 21:16 . 2010-08-12 21:16 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f00db8db51f5707c7fe52c0683dc6136\PresentationCore.ni.dll
+ 2010-08-12 21:15 . 2010-08-12 21:15 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\programme\DVDVideoSoft\tbDVD1.dll" [2010-07-03 2736736]

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2010-07-03 23:20 2736736 ----a-w- c:\programme\DVDVideoSoft\tbDVD1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\programme\DVDVideoSoft\tbDVD1.dll" [2010-07-03 2736736]

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\programme\DVDVideoSoft\tbDVD1.dll" [2010-07-03 2736736]

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-09 8523776]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-05 1392640]
"8169Diag"="c:\programme\Realtek\Diagnostics Utility\8169Diag.exe" [2008-02-26 909312]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-31 16860672]
"dscactivate"="c:\programme\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"LexwareInfoService"="c:\programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe" [2008-11-03 339240]
"dellsupportcenter"="c:\programme\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 16 (0x10)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ISUSPM"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"SpybotSD TeaTimer"=c:\programme\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
"DellSupportCenter"="c:\programme\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
"CanonSolutionMenu"=c:\programme\Canon\SolutionMenu\CNSLMAIN.exe /logon
"OpwareSE4"="c:\programme\ScanSoft\OmniPageSE4\OpwareSE4.exe"
"SSBkgdUpdate"="c:\programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"CanonMyPrinter"=c:\programme\Canon\MyPrinter\BJMyPrt.exe /logon
"ECenter"=c:\dell\E-Center\EULALauncher.exe
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\programme\QT Lite\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Dokumente und Einstellungen\\Uli\\Eigene Dateien\\Media Player Classic\\mplayerc_update_10_03_08_de\\mplayerc_update_10_03_08_de\\mplayerc.de.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [12.01.2010 19:16 108289]
R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [14.08.2008 12:47 8960]
R2 MarxDev1;MarxDev1;c:\windows\system32\drivers\MARXDEV1.SYS [28.12.2008 23:22 8864]
R2 MarxDev2;MarxDev2;c:\windows\system32\drivers\MARXDEV2.SYS [28.12.2008 23:22 8864]
R2 MarxDev3;MarxDev3;c:\windows\system32\drivers\MARXDEV3.SYS [28.12.2008 23:22 8864]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [14.08.2008 12:47 11264]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programme\MAGIX\Common\Database\bin\fbserver.exe [17.02.2010 19:51 1527900]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [14.08.2008 12:47 16640]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2010-09-07 c:\windows\Tasks\1-Klick-Wartung.job
- c:\programme\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 11:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\dokumente und einstellungen\Uli\Anwendungsdaten\Mozilla\Firefox\Profiles\y7e5rgnc.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-07 21:18
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1672193358-1993206540-2074963698-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(1456)
c:\windows\System32\BCMLogon.dll
.
Zeit der Fertigstellung: 2010-09-07 21:20:13
ComboFix-quarantined-files.txt 2010-09-07 19:20
ComboFix2.txt 2010-01-14 08:17

Vor Suchlauf: 14 Verzeichnis(se), 181.187.854.336 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 181.214.081.024 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=15 Default=15 Failed=14 LastKnownGood=16 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
- - End Of File - - 5FD4A741965B0D80816456B6874B449F

sonor71 08.09.2010 17:23
@cosinus:

hi, ist nun alles ok. oder gibt es weiteren handlungsbedarf oder auch tipps???

danke

cosinus 08.09.2010 19:46
Zitat:
c:\windows\system32\asr_nime.dll
Bitte diese Datei bei Virustotal auswerten lassen und den Ergebnislink posten. Falls Du die Datei nicht siehst, musst Du sie evtl. vorher sichtbar machen.
Wenn die Datei schon ausgewertet sein sollte, bitte eine weitere Auswertung starten.

sonor71 08.09.2010 21:44
hier der link:
hxxp://www.virustotal.com/file-scan/report.html?id=1912ce3ad5558834684498fa8b89c0968988b695f7a46155d7b26eca0c191fe7-1283978498

cosinus 08.09.2010 22:03
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

sonor71 10.09.2010 21:16
Hi, GMER hat nicht funktioniert, aber OSAM:

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:15:25 on 10.09.2010

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.9

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"1-Klick-Wartung.job" - "TuneUp Software GmbH" - C:\Programme\TuneUp Utilities 2009\OneClickStarter.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"BCMWLCPL.CPL" - "Dell Inc." - C:\WINDOWS\system32\BCMWLCPL.CPL
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\WINDOWS\system32\ISUSPM.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QT Lite\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Aspi32" (Aspi32) - "Adaptec" - C:\WINDOWS\system32\drivers\Aspi32.sys
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\DOKUME~1\Uli\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"Diag69xp" (Diag69xp) - "Realtek Semiconductor Corporation" - C:\WINDOWS\System32\Drivers\Diag69xp.sys
"DLABMFSM" (DLABMFSM) - "Roxio" - C:\WINDOWS\System32\Drivers\DLABMFSM.SYS
"DLABOIOM" (DLABOIOM) - "Roxio" - C:\WINDOWS\System32\Drivers\DLABOIOM.SYS
"DLACDBHM" (DLACDBHM) - "Roxio" - C:\WINDOWS\System32\Drivers\DLACDBHM.SYS
"DLADResM" (DLADResM) - "Roxio" - C:\WINDOWS\System32\Drivers\DLADResM.SYS
"DLAIFS_M" (DLAIFS_M) - "Roxio" - C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS
"DLAOPIOM" (DLAOPIOM) - "Roxio" - C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS
"DLAPoolM" (DLAPoolM) - "Roxio" - C:\WINDOWS\System32\Drivers\DLAPoolM.SYS
"DLARTL_M" (DLARTL_M) - "Roxio" - C:\WINDOWS\System32\Drivers\DLARTL_M.SYS
"DLAUDFAM" (DLAUDFAM) - "Roxio" - C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS
"DLAUDF_M" (DLAUDF_M) - "Roxio" - C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS
"DRVMCDB" (DRVMCDB) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DRVMCDB.SYS
"DRVNDDM" (DRVNDDM) - "Roxio" - C:\WINDOWS\System32\Drivers\DRVNDDM.SYS
"Intel RAID Controller" (iaStor) - "Intel Corporation" - C:\WINDOWS\System32\drivers\iaStor.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MarxDev1" (MarxDev1) - ? - C:\WINDOWS\system32\drivers\MarxDev1.sys
"MarxDev2" (MarxDev2) - ? - C:\WINDOWS\system32\drivers\MarxDev2.sys
"MarxDev3" (MarxDev3) - ? - C:\WINDOWS\system32\drivers\MarxDev3.sys
"MMRTKRNL" (MMRTKRNL) - "ALCATech GmbH" - C:\WINDOWS\System32\drivers\mmrtkrnl.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{88895560-9AA2-1069-930E-00AA0030EBC8} "Erweiterung für HyperTerminal-Icons" - ? -  (File not found | COM-object registry key not found)
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2009\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2009\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
FF_TB_Property Shell Extension "{9519D9F3-360F-49b4-BAEC-7E1691F4C0EF}" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoft\tbDVD1.dll
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
<binary data> "PDFCreator Toolbar" - ? - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoft\tbDVD1.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"Messenger" - ? - C:\Programme\Messenger\msmsgs.exe  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoft\tbDVD1.dll
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} "PDFCreator Toolbar" - ? - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Dell Inc." - C:\Programme\Dell\BAE\BAE.dll
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoft\tbDVD1.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{C451C08A-EC37-45DF-AAAD-18B51AB5E837} "PDFCreator Toolbar Helper" - ? - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Uli\Startmenü\Programme\Autostart\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"8169Diag" - "Realtek" - C:\Programme\Realtek\Diagnostics Utility\8169Diag.exe /hw
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"Broadcom Wireless Manager UI" - "Dell Inc." - C:\WINDOWS\system32\WLTRAY.exe
"dellsupportcenter" - "SupportSoft, Inc." - "C:\Programme\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
"dscactivate" - " " - "C:\Programme\Dell Support Center\gs_agent\custom\dsca.exe"
"LexwareInfoService" - "Lexware GmbH & Co. KG" - C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe /autostart
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Dell Wireless WLAN Card Logon Provider" - "Dell Inc." - C:\WINDOWS\System32\BCMLogon.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Canon BJNP Port" - "CANON INC." - C:\WINDOWS\system32\CNMNPPM.DLL
"PDFCreator" - "internet-support foehr.com" - C:\WINDOWS\system32\pdfcmnnt.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Dell Wireless WLAN Tray Service" (wltrysvc) - ? - C:\WINDOWS\System32\WLTRYSVC.EXE  (File found, but it contains no detailed information)
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe
"HID Input Service" (HidServ) - ? -  C:\WINDOWS\System32\hidserv.dll  (File not found)
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"NMSAccessU" (NMSAccessU) - ? - C:\Programme\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"SupportSoft Sprocket Service (dellsupportcenter)" (sprtsvc_dellsupportcenter) - "SupportSoft, Inc." - C:\Programme\Dell Support Center\bin\sprtsvc.exe
"TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll
"TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) - "TuneUp Software" - C:\WINDOWS\System32\TuneUpDefragService.exe
"TuneUp Program Statistics Service" (TuneUp.ProgramStatisticsSvc) - "TuneUp Software" - C:\WINDOWS\System32\TUProgSt.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

sonor71 10.09.2010 21:30
.\debug.cpp(238) : Debug log started at 10.09.2010 - 20:27:59
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.0
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x0020e000 "\WINDOWS\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x806e5000 0x00020d00 "\WINDOWS\system32\hal.dll"
.\debug.cpp(256) : 0xba5a8000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xba4b8000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xb9f78000 0x0002f000 "ACPI.sys"
.\debug.cpp(256) : 0xba5aa000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xb9f67000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xba0a8000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xba670000 0x00001000 "pciide.sys"
.\debug.cpp(256) : 0xba328000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0xba0b8000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xb9f48000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xba5ac000 0x00002000 "dmload.sys"
.\debug.cpp(256) : 0xb9f22000 0x00026000 "dmio.sys"
.\debug.cpp(256) : 0xba330000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xba0c8000 0x0000e000 "VolSnap.sys"
.\debug.cpp(256) : 0xb9f0a000 0x00018000 "atapi.sys"
.\debug.cpp(256) : 0xb9e42000 0x000c8000 "iaStor.sys"
.\debug.cpp(256) : 0xba0d8000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xba0e8000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xb9e22000 0x00020000 "fltmgr.sys"
.\debug.cpp(256) : 0xb9e10000 0x00012000 "sr.sys"
.\debug.cpp(256) : 0xba5ae000 0x00002000 "DLACDBHM.SYS"
.\debug.cpp(256) : 0xb9df9000 0x00017000 "DRVMCDB.SYS"
.\debug.cpp(256) : 0xb9de2000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xb9d55000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xb9d28000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xba0f8000 0x0000b000 "sbp2port.sys"
.\debug.cpp(256) : 0xba108000 0x00010000 "ohci1394.sys"
.\debug.cpp(256) : 0xba118000 0x0000e000 "\WINDOWS\system32\DRIVERS\1394BUS.SYS"
.\debug.cpp(256) : 0xb9d0e000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xba288000 0x00010000 "\SystemRoot\system32\DRIVERS\nic1394.sys"
.\debug.cpp(256) : 0xb94d8000 0x0000a000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0xb8c63000 0x00715000 "\SystemRoot\system32\DRIVERS\nv4_mini.sys"
.\debug.cpp(256) : 0xb8c4f000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xba450000 0x00006000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0xb8c2b000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xba458000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0xb8c03000 0x00028000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0xb8b6f000 0x00094000 "\SystemRoot\system32\DRIVERS\bcmwl5.sys"
.\debug.cpp(256) : 0xb8b55000 0x0001a000 "\SystemRoot\system32\DRIVERS\Rtenicxp.sys"
.\debug.cpp(256) : 0xba460000 0x00007000 "\SystemRoot\system32\DRIVERS\fdc.sys"
.\debug.cpp(256) : 0xb94c8000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xb94b8000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys"
.\debug.cpp(256) : 0xb8b32000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0xba468000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"
.\debug.cpp(256) : 0xb94a8000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"
.\debug.cpp(256) : 0xba792000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys"
.\debug.cpp(256) : 0xb9498000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xb9cca000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xb8b1b000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xb9488000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xb9478000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xba470000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xb8b0a000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xba148000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xba478000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xba480000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xb8ada000 0x00030000 "\SystemRoot\system32\DRIVERS\rdpdr.sys"
.\debug.cpp(256) : 0xba158000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xba488000 0x00007000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xba490000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xba168000 0x00009000 "\SystemRoot\system32\drivers\mmrtkrnl.sys"
.\debug.cpp(256) : 0xba5dc000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xb8a7c000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xb9cae000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xba198000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xba208000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xba5e4000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xb6416000 0x00496000 "\SystemRoot\system32\drivers\RtkHDAud.sys"
.\debug.cpp(256) : 0xb63f2000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xba218000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xb9cea000 0x00003000 "\SystemRoot\System32\Drivers\i2omgmt.SYS"
.\debug.cpp(256) : 0xba388000 0x00008000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0xba5f4000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xba720000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xba5f6000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xba398000 0x00006000 "\SystemRoot\System32\Drivers\DLARTL_M.SYS"
.\debug.cpp(256) : 0xba3a0000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0xba3a8000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xba5fa000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
.\debug.cpp(256) : 0xba5fc000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xba3b0000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xba3b8000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xb9ce2000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0xb627c000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0xb6223000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0xb61fb000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0xb61d5000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xba238000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0xb61b3000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xba248000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0xba268000 0x0000f000 "\SystemRoot\system32\DRIVERS\arp1394.sys"
.\debug.cpp(256) : 0xba3c0000 0x00006000 "\SystemRoot\system32\DRIVERS\ssmdrv.sys"
.\debug.cpp(256) : 0xb60e8000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0xb6078000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xba278000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
.\debug.cpp(256) : 0xb600c000 0x0001c000 "\SystemRoot\system32\DRIVERS\avipbb.sys"
.\debug.cpp(256) : 0xba604000 0x00002000 "\??\C:\Programme\Avira\AntiVir Desktop\avgio.sys"
.\debug.cpp(256) : 0xba3d8000 0x00007000 "\SystemRoot\system32\DRIVERS\USBSTOR.SYS"
.\debug.cpp(256) : 0xb68f0000 0x00003000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0xba2a8000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0xb63d5000 0x00004000 "\SystemRoot\system32\DRIVERS\usbscan.sys"
.\debug.cpp(256) : 0xba3e8000 0x00007000 "\SystemRoot\system32\DRIVERS\usbprint.sys"
.\debug.cpp(256) : 0xb63c9000 0x00004000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
.\debug.cpp(256) : 0xb63c5000 0x00003000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0xb9508000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xb5fa4000 0x00018000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
.\debug.cpp(256) : 0xba636000 0x00002000 "\SystemRoot\System32\Drivers\dump_WMILIB.SYS"
.\debug.cpp(256) : 0xbf800000 0x001c5000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xb62bf000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xba418000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xba7ad000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbf012000 0x00580000 "\SystemRoot\System32\nv4_disp.dll"
.\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0xb5c78000 0x00014000 "\SystemRoot\system32\DRIVERS\avgntflt.sys"
.\debug.cpp(256) : 0xba1e8000 0x0000b000 "\SystemRoot\System32\Drivers\DRVNDDM.SYS"
.\debug.cpp(256) : 0xba6eb000 0x00001000 "\SystemRoot\System32\Drivers\DLADResM.SYS"
.\debug.cpp(256) : 0xb5c37000 0x00019000 "\SystemRoot\System32\Drivers\DLAIFS_M.SYS"
.\debug.cpp(256) : 0xba420000 0x00006000 "\SystemRoot\System32\Drivers\DLAOPIOM.SYS"
.\debug.cpp(256) : 0xb5ccc000 0x00003000 "\SystemRoot\System32\Drivers\DLAPoolM.SYS"
.\debug.cpp(256) : 0xba428000 0x00008000 "\SystemRoot\System32\Drivers\DLABMFSM.SYS"
.\debug.cpp(256) : 0xba430000 0x00007000 "\SystemRoot\System32\Drivers\DLABOIOM.SYS"
.\debug.cpp(256) : 0xb5bf9000 0x00016000 "\SystemRoot\System32\Drivers\DLAUDFAM.SYS"
.\debug.cpp(256) : 0xb5be2000 0x00017000 "\SystemRoot\System32\Drivers\DLAUDF_M.SYS"
.\debug.cpp(256) : 0xb5bde000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0xb5a96000 0x00003000 "\SystemRoot\System32\Drivers\MarxDev1.SYS"
.\debug.cpp(256) : 0xb5a92000 0x00003000 "\SystemRoot\System32\Drivers\MarxDev2.SYS"
.\debug.cpp(256) : 0xb5a8e000 0x00003000 "\SystemRoot\System32\Drivers\MarxDev3.SYS"
.\debug.cpp(256) : 0xb5a86000 0x00004000 "\SystemRoot\System32\Drivers\Aspi32.SYS"
.\debug.cpp(256) : 0xb581b000 0x00057000 "\SystemRoot\system32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xb57de000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
.\debug.cpp(256) : 0xb6123000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
.\debug.cpp(256) : 0xb48c2000 0x00003000 "\SystemRoot\system32\DRIVERS\LANPkt.sys"
.\debug.cpp(256) : 0xb50a0000 0x00003000 "\SystemRoot\System32\Drivers\Diag69xp.sys"
.\debug.cpp(256) : 0x7c910000 0x000b9000 "\WINDOWS\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{cbb428c0-6ee9-11dd-9cfc-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_DVD-ROM_TS-H353B_______________D500____#5&1ab7cbc9&0&0.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T1L0-c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10280278&REV_1000#4&2498870a&0&0201#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000007b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{60F5FADD-9D1A-4F53-9A68-D06B14ADC7DA}"
.\debug.cpp(400) : Destination "\Device\{60F5FADD-9D1A-4F53-9A68-D06B14ADC7DA}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_DVD+-RW_TS-H653B_______________D300____#5&7fe1b24&0&0.1.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T1L0-20"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\0000003c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_04a9&Pid_172c#11D3A5#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination "\Device\Video1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0}"
.\debug.cpp(400) : Destination "\Device\0000003c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000032"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_23#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000042"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon"
.\debug.cpp(400) : Destination "\Device\DmControl\DmIoDaemon"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000045"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{84c60694-f560-11dd-9e81-002268b304ea}"
.\debug.cpp(400) : Destination "\Device\Harddisk6\DP(1)0-0+e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) : Destination "\Device\Ip"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0644&Pid_0200#000001153959#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination "\Device\Video2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&183a7a8c&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_TEAC&Prod_USB___HS-SD_Card&Rev_4.08#000001153959&3#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\0000008a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgio"
.\debug.cpp(400) : Destination "\Device\avgio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) : Destination "\Device\IPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination "\Device\Video3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5D65CB0E-1A95-431B-8DF8-03683B341252}"
.\debug.cpp(400) : Destination "\Device\{5D65CB0E-1A95-431B-8DF8-03683B341252}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000031"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_23#_3#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000044"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{cbb428c7-6ee9-11dd-9cfc-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\Harddisk5\DP(1)0-0+d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
.\debug.cpp(400) : Destination "\Device\NDProxy"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3}"
.\debug.cpp(400) : Destination "\Device\0000003c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#8&13318303&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Harddisk6\DP(1)0-0+e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}"
.\debug.cpp(400) : Destination "\Device\0000003c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1B2658EA-F73B-418A-B2EB-073F8A216FB8}"
.\debug.cpp(400) : Destination "\Device\{1B2658EA-F73B-418A-B2EB-073F8A216FB8}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
.\debug.cpp(400) : Destination "\Device\RdpDrDvMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c517&MI_00#7&18a8479&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000008b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_293A&SUBSYS_02781028&REV_02#3&2411e6fe&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0013"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&2e36cf93&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Harddisk4\DP(1)0-0+c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{cbb428c2-6ee9-11dd-9cfc-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{cbb428c6-6ee9-11dd-9cfc-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\Harddisk4\DP(1)0-0+c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:"
.\debug.cpp(400) : Destination "\Device\CdRom1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&20cc1c9c&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#8&13318303&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Harddisk6\DP(1)0-0+e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&3206b847&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Harddisk2\DP(1)0-0+a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RTLPKT_{07DEBA0A-1108-4C50-A0FA-BF3C7AAB8D94}"
.\debug.cpp(400) : Destination "\Device\RTLPKT_{07DEBA0A-1108-4C50-A0FA-BF3C7AAB8D94}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgntflt"
.\debug.cpp(400) : Destination "\FileSystem\Filters\avgntflt"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2939&SUBSYS_02781028&REV_02#3&2411e6fe&0&D2#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_23#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000041"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Usbscan0"
.\debug.cpp(400) : Destination "\Device\Usbscan0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_04a9&Pid_172c&MI_00#6&1d32a1&0&0000#{6bdd1fc6-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination "\Device\00000082"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&2574b651&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&7faa55a&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Harddisk5\DP(1)0-0+d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\G:"
.\debug.cpp(400) : Destination "\Device\Harddisk2\DP(1)0-0+a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) : Destination "\Device\IPNAT"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&303df5de&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) : Destination "\Device\PSched"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination "\Device\Tcp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\I2OExec"
.\debug.cpp(400) : Destination "\Device\I2OExec"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_02781028&REV_02#4&e5b9abb&0&00E5#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0022"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_DVD+-RW_TS-H653B_______________D300____#5&7fe1b24&0&0.1.0#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T1L0-20"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) : Destination "\Device\VideoPdo0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c517&MI_01&Col04#7&29f53242&0&0003#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000008f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c517&MI_01&Col03#7&29f53242&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000008e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_TEAC&Prod_USB___HS-CF_Card&Rev_4.08#000001153959&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000087"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_293C&SUBSYS_02781028&REV_02#3&2411e6fe&0&D7#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination "\Device\USBFDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&a169679&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\H:"
.\debug.cpp(400) : Destination "\Device\Harddisk3\DP(1)0-0+b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c517&MI_01&Col01#7&29f53242&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000008c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1"
.\debug.cpp(400) : Destination "\Device\Harddisk1\DR1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
.\debug.cpp(400) : Destination "\Device\sysaudio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_046d&Pid_c517#5&8b3c571&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination "\Device\FsWrap"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000034"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination "\Device\USBFDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{cbb428c1-6ee9-11dd-9cfc-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive2"
.\debug.cpp(400) : Destination "\Device\Harddisk2\DR5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbMmDp32"
.\debug.cpp(400) : Destination "\Device\MbMmDp32"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10280278&REV_1000#4&2498870a&0&0201#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination "\Device\0000007b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination "\Device\USBFDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom1"
.\debug.cpp(400) : Destination "\Device\CdRom1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive3"
.\debug.cpp(400) : Destination "\Device\Harddisk3\DR6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_TEAC&Prod_USB___HS-xD#SM&Rev_4.08#000001153959&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000088"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c517&MI_01&Col01#7&29f53242&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000008c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5"
.\debug.cpp(400) : Destination "\Device\USBFDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000004a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{cbb428c5-6ee9-11dd-9cfc-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\Harddisk3\DP(1)0-0+b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\I:"
.\debug.cpp(400) : Destination "\Device\Harddisk4\DP(1)0-0+c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive4"
.\debug.cpp(400) : Destination "\Device\Harddisk4\DR7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\drvnddm"
.\debug.cpp(400) : Destination "\Device\drvnddm"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6"
.\debug.cpp(400) : Destination "\Device\USBFDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2937&SUBSYS_02781028&REV_02#3&2411e6fe&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive5"
.\debug.cpp(400) : Destination "\Device\Harddisk5\DR8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{441218EC-8F6C-48A3-94AD-B3D61356223E}"
.\debug.cpp(400) : Destination "\Device\{441218EC-8F6C-48A3-94AD-B3D61356223E}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2934&SUBSYS_02781028&REV_02#3&2411e6fe&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2938&SUBSYS_02781028&REV_02#3&2411e6fe&0&D1#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD7"
.\debug.cpp(400) : Destination "\Device\USBFDO-7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000049"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) : Destination "\Device\0000003c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive6"
.\debug.cpp(400) : Destination "\Device\Harddisk6\DR9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{07DEBA0A-1108-4C50-A0FA-BF3C7AAB8D94}"
.\debug.cpp(400) : Destination "\Device\{07DEBA0A-1108-4C50-A0FA-BF3C7AAB8D94}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10280278&REV_1000#4&2498870a&0&0201#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000007b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) : Destination "\Device\0000003c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ARP1394"
.\debug.cpp(400) : Destination "\Device\ARP1394"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2da9c2ff&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}"
.\debug.cpp(400) : Destination "\Device\0000003c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\J:"
.\debug.cpp(400) : Destination "\Device\Harddisk5\DP(1)0-0+d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&7faa55a&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Harddisk5\DP(1)0-0+d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&113da56d&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&3206b847&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Harddisk2\DP(1)0-0+a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ssmctl"
.\debug.cpp(400) : Destination "\Device\ssmctl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000030"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{33DE7603-FB4C-4810-B32E-16D2B514A863}"
.\debug.cpp(400) : Destination "\Device\{33DE7603-FB4C-4810-B32E-16D2B514A863}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_23#_2#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000043"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig"
.\debug.cpp(400) : Destination "\Device\DmControl\DmConfig"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Diag69xp"
.\debug.cpp(400) : Destination "\Device\Diag69xp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination "\Device\WANARP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_DVD-ROM_TS-H353B_______________D500____#5&1ab7cbc9&0&0.1.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T1L0-c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskSAMSUNG_HD251HJ_________________________1AC01113#5&7fe1b24&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-18"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskSAMSUNG_HD251HJ_________________________1AC01113#5&1ab7cbc9&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RealTekCard"
.\debug.cpp(400) : Destination "\Device\RealTekCard"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2936&SUBSYS_02781028&REV_02#3&2411e6fe&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D173229D-FB7D-4710-8E5B-D150CAE49CAA}"
.\debug.cpp(400) : Destination "\Device\{D173229D-FB7D-4710-8E5B-D150CAE49CAA}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace"
.\debug.cpp(400) : Destination "\Device\DmControl\DmTrace"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&2e36cf93&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Harddisk4\DP(1)0-0+c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&31e2fe1d&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Harddisk3\DP(1)0-0+b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination "\Device\NdisWanIp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_DVD+-RW_TS-H653B_______________D300____#5&7fe1b24&0&0.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T1L0-20"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
.\debug.cpp(400) : Destination "\Device\0000003c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c517&MI_00#7&18a8479&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000008b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2935&SUBSYS_02781028&REV_02#3&2411e6fe&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature23F12D67Offset5649600Length3A2EBCDA00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\L:"
.\debug.cpp(400) : Destination "\Device\Harddisk6\DP(1)0-0+e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{FA518659-6A32-47CC-B13F-FCC8C797E7B1}"
.\debug.cpp(400) : Destination "\Device\{FA518659-6A32-47CC-B13F-FCC8C797E7B1}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10280278&REV_1000#4&2498870a&0&0201#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\0000007b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&342fe76a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
.\debug.cpp(400) : Destination "\Device\1394BUS0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_04a9&Pid_172c&MI_03#6&1d32a1&0&0003#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}"
.\debug.cpp(400) : Destination "\Device\00000085"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000033"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
.\debug.cpp(400) : Destination "\Device\ParTechInc0"
.\debug.cpp(409) : --
.\debug.cpp(369) : Device "\GLOBAL??\MMRTKRNL"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{cbb428c3-6ee9-11dd-9cfc-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\CdRom1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
.\debug.cpp(400) : Destination "\Device\0000003c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
.\debug.cpp(400) : Destination "\Device\NdisTapi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination "\Device\NdisWan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) : Destination "\Device\IPMULTICAST"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
.\debug.cpp(400) : Destination "\Device\ParTechInc1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader"
.\debug.cpp(400) : Destination "\Device\DmLoader"
.\debug.cpp(409) : --
.\debug.cpp(369) : Device "\GLOBAL??\DLAIFS"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&31e2fe1d&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Harddisk3\DP(1)0-0+b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
.\debug.cpp(400) : Destination "\Device\LanmanRedirector"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MARXDEV1"
.\debug.cpp(400) : Destination "\Device\MDEV1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) : Destination "\Device\ParTechInc2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\drvmcdb"
.\debug.cpp(400) : Destination "\Device\drvmcdb"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MARXDEV2"
.\debug.cpp(400) : Destination "\Device\MDEV2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0611&SUBSYS_053C10DE&REV_A2#4&b71b61b&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\FtControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c517&MI_01&Col05#7&29f53242&0&0004#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000090"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c517&MI_01&Col02#7&29f53242&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000008d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MARXDEV3"
.\debug.cpp(400) : Destination "\Device\MDEV3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Canon&Prod_MX850_series&Rev_1060#7&2d18dba1&0&11D3A5&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000092"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_4328&SUBSYS_000A1028&REV_03#4&3597c417&0&00E2#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{3A9FC0D5-546D-4D41-B573-C796E6C5DBC2}"
.\debug.cpp(400) : Destination "\Device\{3A9FC0D5-546D-4D41-B573-C796E6C5DBC2}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination "\Device\Ndisuio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_TEAC&Prod_USB___HS-MS_Card&Rev_4.08#000001153959&2#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000089"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000003a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{63B20959-98C5-45C2-BB34-D15B23B7E84F}"
.\debug.cpp(400) : Destination "\Device\{63B20959-98C5-45C2-BB34-D15B23B7E84F}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature81Offset7E00Length3A349E7400#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_11C1&DEV_5811&SUBSYS_80101028&REV_61#4&bb29fa6&0&08F0#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{cbb428c4-6ee9-11dd-9cfc-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\Harddisk2\DP(1)0-0+a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RTLPKT_{FA518659-6A32-47CC-B13F-FCC8C797E7B1}"
.\debug.cpp(400) : Destination "\Device\RTLPKT_{FA518659-6A32-47CC-B13F-FCC8C797E7B1}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RTLPKT"
.\debug.cpp(400) : Destination "\Device\RTLPKT"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avipbb"
.\debug.cpp(400) : Destination "\Device\avipbb"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10280278&REV_1000#4&2498870a&0&0201#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000007b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_04a9&Pid_172c&MI_01#6&1d32a1&0&0001#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}"
.\debug.cpp(400) : Destination "\Device\00000083"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo"
.\debug.cpp(400) : Destination "\Device\DmControl\DmInfo"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`05649600
.\boot_cleaner.cpp(276) : Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd
.\boot_cleaner.cpp(1060) :
.\boot_cleaner.cpp(1061) : Size Device Name MBR Status
.\boot_cleaner.cpp(1062) : --------------------------------------------
.\boot_cleaner.cpp(1106) : 232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1112) :
.\boot_cleaner.cpp(1151) : Done;

cosinus 11.09.2010 14:22
Zitat:
232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

sonor71 11.09.2010 16:53
Hi cosinus: malwarebytes muss ich noch ausführen!

hier super-anti-spy

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 09/11/2010 at 05:23 PM

Application Version : 4.42.1000

Core Rules Database Version : 5489
Trace Rules Database Version: 3301

Scan type : Complete Scan
Total Scan Time : 00:49:08

Memory items scanned : 468
Memory threats detected : 0
Registry items scanned : 6352
Registry threats detected : 2
File items scanned : 90905
File threats detected : 10

Trojan.Agent/Gen-Alureon
HKU\S-1-5-19\Software\h8srt
HKU\S-1-5-20\Software\h8srt

Adware.Tracking Cookie
vidii.hardsextube.com [ C:\Dokumente und Einstellungen\Uli\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\QAGY9VHF ]
www.naiadsystems.com [ C:\Dokumente und Einstellungen\Uli\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\QAGY9VHF ]
.imrworldwide.com [ C:\Dokumente und Einstellungen\Uli\Anwendungsdaten\Mozilla\Firefox\Profiles\y7e5rgnc.default\cookies.sqlite ]
.imrworldwide.com [ C:\Dokumente und Einstellungen\Uli\Anwendungsdaten\Mozilla\Firefox\Profiles\y7e5rgnc.default\cookies.sqlite ]
adserver.71i.de [ C:\Dokumente und Einstellungen\Uli\Anwendungsdaten\Mozilla\Firefox\Profiles\y7e5rgnc.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Dokumente und Einstellungen\Uli\Anwendungsdaten\Mozilla\Firefox\Profiles\y7e5rgnc.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Dokumente und Einstellungen\Uli\Anwendungsdaten\Mozilla\Firefox\Profiles\y7e5rgnc.default\cookies.sqlite ]
.apm.emediate.eu [ C:\Dokumente und Einstellungen\Uli\Anwendungsdaten\Mozilla\Firefox\Profiles\y7e5rgnc.default\cookies.sqlite ]
.apm.emediate.eu [ C:\Dokumente und Einstellungen\Uli\Anwendungsdaten\Mozilla\Firefox\Profiles\y7e5rgnc.default\cookies.sqlite ]
www.zanox-affiliate.de [ C:\Dokumente und Einstellungen\Uli\Anwendungsdaten\Mozilla\Firefox\Profiles\y7e5rgnc.default\cookies.sqlite ]

sonor71 12.09.2010 15:12
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4599

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12.09.2010 16:03:15
mbam-log-2010-09-12 (16-03-15).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 199816
Laufzeit: 21 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 12.09.2010 21:13
Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

sonor71 13.09.2010 06:23
Hallo Arne,

ich danke Dir vielmals für Deine tolle Unterstützung und Geduld :singsing:. Ich bin selbstständig und habe nur begrenzt Zeit, da ich sehr flexibel sein muss!

Ich hätte noch ein bitte bzgl. Freeware:
Kannst Du mir einen guten Virenscanner empfehlen? - habe momentan AntiVir

Kann ich das ein oder andere Programm, welches wir nun "benutzten", ohne weiteres weiterhin verwenden. Wenn ja, welche(s).

Soll ich alle oder einen Teil der Programme wieder löschen?

Nochmals für Deine Hilfe - 1000 Dank

Beste Grüße

PS: Möchte Dir ein Geschenk machen - Bitte um kurze Info per Nachrichten-Funktion!

cosinus 13.09.2010 09:57
Zitat:
Kannst Du mir einen guten Virenscanner empfehlen? - habe momentan AntiVir
Der ist ok. Es kommt primär auf Dein Verhalten an, der Virenscanner ist nur optional und keine notwendige Komponente. Halte Dich am besten grob an diese fünf Regeln:

1) Sei misstrauisch im Internet und v.a. bei unbekannten E-Mails, sei vorsichtig bei der Herausgabe persönlicher Daten!!
2) Halte Windows und alle verwendeten Programme immer aktuell
3) Führe regelmäßig Backups auf externe Medien durch
4) Arbeite mit eingeschränkten Rechten
5) Nutze sichere Programme wie zB Opera oder Firefox zum Surfen statt den IE, zum Mailen Thunderbird statt Outlook Express - E-Mails nur als reinen text anzeigen lassen

Alles noch genauer erklärt steht hier => Kompromittierung unvermeidbar?

Zitat:
Kann ich das ein oder andere Programm, welches wir nun "benutzten", ohne weiteres weiterhin verwenden. Wenn ja, welche(s).
Soll ich alle oder einen Teil der Programme wieder löschen?
Du kannst im Grunde alle Programme behalten, da diese das System nicht belasten. Wenn sie Dich stören kannst Du aber auch alle löschen/deinstallieren.


Wir wären dann durch! :)

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:39 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131