Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise (https://www.trojaner-board.de/97502-appconf32-exe-wahrscheinlich-ganz-richtige-vorgehensweise.html)

qupapa 15.04.2011 09:34
appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise
 
Erstmal möchte ich ein Hallo in die Runde werfen, da dies mein erster Post hier auf dem Board ist.

Nun zu meinem Problem:

Gestern gab mir Avast die Warnung, dass o.g. Datei gefunden wurde. Ich habe diese löschen lassen und danach so einige Lösungsschritte vorgenommen welche ich auf diversen Seiten im Internet gefunden habe.
Einer der Threats die ich wiederfinden konnte war dieser hier (ich poste den mal auch wenn es aus einem anderen Forum stammt, damit nachvollzogen werden kann welche Schritte ich bisher unternommen habe)

hxxp://forum.avira.com/wbb/index.php?page=Thread&threadID=116658

Da ich vorhin dann mal hier genauer im Forum rumgeschaut habe und feststellte, dass es selten eine gute Idee ist die Lösungswege für solche Probleme anderer User blind nachzuvollziehen und ich dementsprechend vielleicht nicht die schlauste Variante gewählt habe, hab ich mich dazu entschieden mein Problem zu schildern in der Hoffnung, dass mir jemand dabei helfen kann zu klären ob mein System sauber ist, oder was ich dazu noch unternehmen muss.

//edit: Falls das relevant ist: OS ist Windows XP SP3

Ich versuche mal chronologisch aufzulisten was ich bisher getan habe:

Gestern:
Avast: Datei gelöscht
Avast Scan ohne Ergebnis
MBAM Scan: 15 infizierte Objekte, Log ist im Anhang
Hitman Pro 3.5: da meine kostenlose Lizenz abgelaufen ist wurden die Probleme nur angezeigt und nicht gefixt, es handelte sich dabei aber lediglich um einige Tracking-Cookies
CCleaner: Temporäre Dateien entfernt und Registry bereinigt (um heute zu lesen, dass zweiteres keine besonders gute Idee ist)
Combofix: nach o.g. Threat, Log ist im Anhang
MBAM Scan: 0 infizierte Objekte, Log ist im Anhang

Heute:
entsprechend http://www.trojaner-board.de/69886-a...-beachten.html
MBAM Scan: 0 infizierte Objekte, Log ist im Anhang
OTL Scan: Log ist im Anhang

Ich hoffe ich habe mich an alles erinnert, möchte aber nicht ausschließen, dass ich etwas vergessen habe :S

Ich möchte mich schonmal im Voraus bedanken, falls sich jemand meines Problems annimmt.

MfG

cosinus 15.04.2011 11:53
Zitat:
[2011.04.14 18:44:34 | 000,000,000 | ---D | C] -- C:\Qoobox
Wer hat dich angewiesen combofix auszuführen?!

qupapa 15.04.2011 12:35
Niemand, wie gesagt ich habe die Lösungen nur grob überflogen und nach dem "Viel-hilft-viel" Prinzip so ziemlich alles gemacht was irgendwo stand.
Dass dies nicht die schlauste Variante war ist mir inzwischen klar.

Auf Combofix gestossen bin ich in o.g. Thread aus dem Avira Forum

cosinus 15.04.2011 13:48
Dann poste wenigstens das Logfile!

qupapa 15.04.2011 14:01
Ist das nicht die ComboFix.txt in der angehängten Datei?
Falls nicht, wo finde ich die denn ansonsten?

Tut mir leid, falls ich unnötige Umstände verursachen sollte ...

cosinus 15.04.2011 14:18
Sry, das Log ist mir entgangen :o

cosinus 15.04.2011 14:20
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Kilaoa\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Kilaoa\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.17 16:05:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
[2011.03.21 11:35:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kilaoa\Anwendungsdaten\269511
[2011.03.21 11:35:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kilaoa\Anwendungsdaten\106311
:Files
c:\windows\system32\5015
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

qupapa 15.04.2011 14:57
Ok, danke schon mal soweit.
Hier die OTL-Log

Code:
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0\ deleted successfully.
File About:Home not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General\\WallPaper deleted successfully.
C:\Dokumente und Einstellungen\Kilaoa\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General\\BackupWallPaper deleted successfully.
File C:\Dokumente und Einstellungen\Kilaoa\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\ deleted successfully.
C:\Programme\SUPERAntiSpyware\SASSEH.DLL moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
C:\Dokumente und Einstellungen\Kilaoa\Anwendungsdaten\269511 folder moved successfully.
C:\Dokumente und Einstellungen\Kilaoa\Anwendungsdaten\106311 folder moved successfully.
========== FILES ==========
c:\windows\system32\5015\components folder moved successfully.
c:\windows\system32\5015 folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Kilaoa
->Temp folder emptied: 1441928 bytes
->Temporary Internet Files folder emptied: 538764 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 91864852 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1102 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 38976 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 90,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 04152011_154918

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_65c.dat not found!

Registry entries deleted on Reboot...

cosinus 15.04.2011 15:03
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html


Falls du durch die Infektion auf die Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

qupapa 15.04.2011 15:12
Auf Dokumente und Einstellungen konnte ich ohne Probleme zugreifen.

Hier die Log von TDSSKiller:

Code:
2011/04/15 16:06:34.0109 2584        TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/15 16:06:34.0343 2584        ================================================================================
2011/04/15 16:06:34.0343 2584        SystemInfo:
2011/04/15 16:06:34.0343 2584       
2011/04/15 16:06:34.0343 2584        OS Version: 5.1.2600 ServicePack: 3.0
2011/04/15 16:06:34.0343 2584        Product type: Workstation
2011/04/15 16:06:34.0343 2584        ComputerName: KILAO
2011/04/15 16:06:34.0343 2584        UserName: Kilaoa
2011/04/15 16:06:34.0343 2584        Windows directory: C:\WINDOWS
2011/04/15 16:06:34.0343 2584        System windows directory: C:\WINDOWS
2011/04/15 16:06:34.0343 2584        Processor architecture: Intel x86
2011/04/15 16:06:34.0343 2584        Number of processors: 2
2011/04/15 16:06:34.0343 2584        Page size: 0x1000
2011/04/15 16:06:34.0343 2584        Boot type: Normal boot
2011/04/15 16:06:34.0343 2584        ================================================================================
2011/04/15 16:06:34.0812 2584        Initialize success
2011/04/15 16:09:47.0687 1704        ================================================================================
2011/04/15 16:09:47.0687 1704        Scan started
2011/04/15 16:09:47.0687 1704        Mode: Manual;
2011/04/15 16:09:47.0687 1704        ================================================================================
2011/04/15 16:09:48.0156 1704        Aavmker4        (2ccfa74242741ca22a4267cce9b586f4) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/04/15 16:09:48.0234 1704        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/15 16:09:48.0250 1704        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/15 16:09:48.0296 1704        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/15 16:09:48.0328 1704        AFD            (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/04/15 16:09:48.0421 1704        Arp1394        (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/04/15 16:09:48.0500 1704        aswFsBlk        (b4079a98f294a3e262872cb76f4849f0) C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
2011/04/15 16:09:48.0515 1704        aswMon2        (dbee7b5ecb50fc2cf9323f52cbf41141) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/04/15 16:09:48.0531 1704        aswRdr          (8080d683489c99cbace813f6fa4069cc) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/04/15 16:09:48.0546 1704        aswSP          (2e5a2ad5004b55df39b7606130a88142) C:\WINDOWS\system32\drivers\aswSP.sys
2011/04/15 16:09:48.0578 1704        aswTdi          (d4c83a37efadfa2c398362e0776e3773) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/04/15 16:09:48.0593 1704        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/15 16:09:48.0609 1704        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/15 16:09:48.0640 1704        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/15 16:09:48.0671 1704        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/15 16:09:48.0718 1704        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/15 16:09:48.0750 1704        BLKWGU(Belkin)  (ed910b63a75863a89aab65f2763d5b71) C:\WINDOWS\system32\DRIVERS\BLKWGU.sys
2011/04/15 16:09:48.0796 1704        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/15 16:09:48.0828 1704        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/15 16:09:48.0828 1704        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/15 16:09:48.0859 1704        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/15 16:09:48.0937 1704        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/15 16:09:49.0015 1704        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/15 16:09:49.0046 1704        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/15 16:09:49.0062 1704        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/15 16:09:49.0093 1704        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/15 16:09:49.0140 1704        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/15 16:09:49.0203 1704        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/15 16:09:49.0234 1704        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/15 16:09:49.0250 1704        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/15 16:09:49.0265 1704        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/15 16:09:49.0296 1704        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/15 16:09:49.0312 1704        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/15 16:09:49.0328 1704        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/15 16:09:49.0328 1704        gameenum        (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/04/15 16:09:49.0359 1704        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/15 16:09:49.0375 1704        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/04/15 16:09:49.0406 1704        hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/15 16:09:49.0453 1704        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/15 16:09:49.0484 1704        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\drivers\i8042prt.sys
2011/04/15 16:09:49.0500 1704        iaStor          (88b1943ecff661f765228099138cf6ab) C:\WINDOWS\system32\drivers\iaStor.sys
2011/04/15 16:09:49.0531 1704        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/15 16:09:49.0656 1704        IntcAzAudAddService (909d03b3b7fb7c830b74f74f4d0ea7ce) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/04/15 16:09:49.0687 1704        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/15 16:09:49.0718 1704        ip6fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/15 16:09:49.0750 1704        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/15 16:09:49.0765 1704        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/15 16:09:49.0781 1704        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/15 16:09:49.0796 1704        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/15 16:09:49.0812 1704        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/15 16:09:49.0843 1704        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/15 16:09:49.0875 1704        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/15 16:09:49.0875 1704        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/15 16:09:49.0906 1704        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/15 16:09:49.0937 1704        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/15 16:09:50.0000 1704        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/15 16:09:50.0015 1704        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/15 16:09:50.0031 1704        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/15 16:09:50.0046 1704        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/15 16:09:50.0062 1704        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/15 16:09:50.0093 1704        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/15 16:09:50.0125 1704        MRxSmb          (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/15 16:09:50.0171 1704        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/15 16:09:50.0203 1704        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/15 16:09:50.0218 1704        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/15 16:09:50.0234 1704        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/15 16:09:50.0265 1704        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/15 16:09:50.0265 1704        Mup            (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/15 16:09:50.0296 1704        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/15 16:09:50.0312 1704        NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/15 16:09:50.0328 1704        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/15 16:09:50.0328 1704        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/15 16:09:50.0359 1704        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/15 16:09:50.0375 1704        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/15 16:09:50.0406 1704        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/15 16:09:50.0437 1704        NIC1394        (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/04/15 16:09:50.0453 1704        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/15 16:09:50.0484 1704        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/15 16:09:50.0500 1704        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/15 16:09:50.0718 1704        nv              (cd9ed87b4fc6ec41d3b5be0b923843fc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/15 16:09:51.0031 1704        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/15 16:09:51.0187 1704        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/15 16:09:51.0218 1704        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/04/15 16:09:51.0250 1704        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/15 16:09:51.0265 1704        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/15 16:09:51.0296 1704        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/15 16:09:51.0312 1704        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/15 16:09:51.0343 1704        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/15 16:09:51.0375 1704        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/15 16:09:51.0484 1704        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/15 16:09:51.0500 1704        Processor      (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/04/15 16:09:51.0515 1704        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/15 16:09:51.0546 1704        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/15 16:09:51.0625 1704        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/15 16:09:51.0656 1704        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/15 16:09:51.0671 1704        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/15 16:09:51.0671 1704        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/15 16:09:51.0703 1704        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/15 16:09:51.0718 1704        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/15 16:09:51.0750 1704        RDPWD          (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/15 16:09:51.0781 1704        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/15 16:09:51.0828 1704        RTL8023xp      (d6e1b1bd04fad422af17fc4b810cb9af) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/04/15 16:09:51.0968 1704        SANDRA          (230fd3749904ca045ea5ec0aa14006e9) C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP1\WNt500x86\Sandra.sys
2011/04/15 16:09:52.0000 1704        SASDIFSV        (a3281aec37e0720a2bc28034c2df2a56) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
2011/04/15 16:09:52.0031 1704        SASENUM        (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Programme\SUPERAntiSpyware\SASENUM.SYS
2011/04/15 16:09:52.0046 1704        SASKUTIL        (61db0d0756a99506207fd724e3692b25) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
2011/04/15 16:09:52.0078 1704        SCREAMINGBDRIVER (a689d522eedf89401e1da2fe883aa7ec) C:\WINDOWS\system32\drivers\ScreamingBAudio.sys
2011/04/15 16:09:52.0109 1704        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/15 16:09:52.0125 1704        serenum        (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/15 16:09:52.0140 1704        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/15 16:09:52.0203 1704        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/15 16:09:52.0265 1704        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/15 16:09:52.0281 1704        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/15 16:09:52.0328 1704        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/15 16:09:52.0359 1704        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/15 16:09:52.0375 1704        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/15 16:09:52.0453 1704        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/15 16:09:52.0500 1704        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/15 16:09:52.0531 1704        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/15 16:09:52.0546 1704        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/15 16:09:52.0562 1704        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/15 16:09:52.0609 1704        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/15 16:09:52.0656 1704        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/15 16:09:52.0687 1704        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/15 16:09:52.0718 1704        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/15 16:09:52.0734 1704        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/15 16:09:52.0765 1704        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/15 16:09:52.0781 1704        usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/15 16:09:52.0812 1704        VCSVADHWSer    (b2abab4ca46bad182e27763dc19c780f) C:\WINDOWS\system32\DRIVERS\vcsvad.sys
2011/04/15 16:09:52.0828 1704        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/15 16:09:52.0875 1704        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/15 16:09:52.0890 1704        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/15 16:09:52.0953 1704        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/15 16:09:53.0031 1704        ZDPSp50        (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys
2011/04/15 16:09:53.0171 1704        ================================================================================
2011/04/15 16:09:53.0171 1704        Scan finished
2011/04/15 16:09:53.0171 1704        ================================================================================

cosinus 15.04.2011 17:44
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

qupapa 15.04.2011 19:28
Done.

Kann es sein, dass ComboFix meinen Standardbrowser geändert hat?

So oder so, hier die Log:

Code:
ComboFix 11-04-14.03 - Kilaoa 15.04.2011  20:21:15.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.2047.1565 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Kilaoa\Desktop\CoFi.exe
AV: avast! antivirus 4.8.1368 [VPS 110415-0] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-03-15 bis 2011-04-15  ))))))))))))))))))))))))))))))
.
.
2011-04-15 07:19 . 2011-04-15 07:19        --------        d-----w-        C:\_OTL
2011-04-13 08:29 . 2011-04-13 08:29        --------        d-----w-        c:\dokumente und einstellungen\Kilaoa\Lokale Einstellungen\Anwendungsdaten\Opera
2011-04-13 08:29 . 2011-04-13 08:29        --------        d-----w-        c:\programme\Opera
2011-04-13 07:21 . 2011-04-13 07:21        --------        d-----w-        c:\dokumente und einstellungen\Kilaoa\Lokale Einstellungen\Anwendungsdaten\Chromium
2011-04-13 07:21 . 2011-04-13 07:21        --------        d-----w-        c:\programme\SRWare Iron
2011-04-12 21:17 . 2011-04-12 21:18        --------        d-----w-        c:\programme\FileZilla FTP Client
2011-04-06 08:11 . 2011-04-06 08:39        --------        d-----w-        c:\programme\Google
2011-04-05 10:41 . 2011-04-05 10:41        --------        d--h--w-        c:\windows\PIF
2011-03-18 08:28 . 2011-03-18 08:28        --------        d-----w-        C:\msstyle
2011-03-17 10:00 . 2011-03-17 10:00        --------        d-----w-        c:\dokumente und einstellungen\Kilaoa\Anwendungsdaten\CAD-KAS
2011-03-17 09:59 . 2011-03-20 11:29        --------        d-----w-        c:\programme\PDF Editor 3
2011-03-17 09:59 . 2011-03-17 09:59        80896        ----a-w-        c:\windows\cadkasdeinst01.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 15:42 . 2011-02-16 13:07        16968        ----a-w-        c:\windows\system32\drivers\hitmanpro35.sys
2011-03-21 22:03 . 2011-02-10 12:11        1629        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\xml12F.tmp
2011-03-21 22:03 . 2011-02-10 12:11        14229        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\xml12E.tmp
2011-03-21 22:03 . 2011-02-10 12:11        8114        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\xml12D.tmp
2011-03-07 05:33 . 2010-01-17 14:03        692736        ----a-w-        c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2003-04-02 12:00        420864        ----a-w-        c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2003-04-02 12:00        1858048        ----a-w-        c:\windows\system32\win32k.sys
2011-02-22 23:05 . 2003-04-02 12:00        916480        ----a-w-        c:\windows\system32\wininet.dll
2011-02-22 23:05 . 2003-04-02 12:00        43520        ------w-        c:\windows\system32\licmgr10.dll
2011-02-22 23:05 . 2003-04-02 12:00        1469440        ------w-        c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2010-01-17 15:22        385024        ----a-w-        c:\windows\system32\html.iec
2011-02-17 13:18 . 2003-04-02 12:00        455936        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2003-04-02 12:00        357888        ----a-w-        c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 06:25        5632        ----a-w-        c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2003-04-02 12:00        290432        ----a-w-        c:\windows\system32\atmfd.dll
2011-02-10 15:40 . 2011-02-10 15:40        7952        ----a-w-        c:\windows\system32\OODDRMBS.EXE
2011-02-09 13:53 . 2003-04-02 12:00        270848        ----a-w-        c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2003-04-02 12:00        186880        ----a-w-        c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2003-04-02 12:00        978944        ----a-w-        c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2003-04-02 12:00        974848        ----a-w-        c:\windows\system32\mfc42u.dll
2011-02-08 01:16 . 2011-02-08 01:16        922112        ------w-        c:\windows\system32\imapi2fs.dll
2011-02-08 01:16 . 2011-02-08 01:16        426496        ------w-        c:\windows\system32\imapi2.dll
2011-02-02 07:58 . 2010-01-17 14:02        2067456        ----a-w-        c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-01-17 14:02        677888        ----a-w-        c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2003-04-02 12:00        440832        ----a-w-        c:\windows\system32\shimgvw.dll
2011-03-18 17:56 . 2011-03-13 16:10        142296        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll
2006-05-03 09:06        163328        --sh--r-        c:\windows\system32\flvDX.dll
2007-02-21 10:47        31232        --sh--r-        c:\windows\system32\msfDX.dll
2008-03-16 12:30        216064        --sh--r-        c:\windows\system32\nbDX.dll
.
.
(((((((((((((((((((((((((((((  SnapShot@2011-04-14_16.54.37  )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-15 15:45 . 2011-04-15 15:45        16384              c:\windows\Temp\Perflib_Perfdata_66c.dat
+ 2003-04-02 12:00 . 2011-04-15 13:10        84844              c:\windows\system32\perfc009.dat
- 2003-04-02 12:00 . 2010-12-20 23:52        66560              c:\windows\system32\mshtmled.dll
+ 2003-04-02 12:00 . 2011-02-22 23:05        66560              c:\windows\system32\mshtmled.dll
+ 2009-03-08 03:31 . 2011-02-22 23:05        55296              c:\windows\system32\msfeedsbs.dll
- 2009-03-08 03:31 . 2010-12-20 23:52        55296              c:\windows\system32\msfeedsbs.dll
+ 2003-04-02 12:00 . 2011-02-22 23:05        25600              c:\windows\system32\jsproxy.dll
- 2003-04-02 12:00 . 2010-12-20 23:52        25600              c:\windows\system32\jsproxy.dll
- 2003-04-02 12:00 . 2008-04-14 06:52        45568              c:\windows\system32\dnsrslvr.dll
+ 2003-04-02 12:00 . 2009-04-20 17:17        45568              c:\windows\system32\dnsrslvr.dll
- 2010-05-01 07:55 . 2010-12-20 23:52        12800              c:\windows\system32\dllcache\xpshims.dll
+ 2010-05-01 07:55 . 2011-02-22 23:05        12800              c:\windows\system32\dllcache\xpshims.dll
- 2009-03-08 03:31 . 2010-12-20 23:52        66560              c:\windows\system32\dllcache\mshtmled.dll
+ 2009-03-08 03:31 . 2011-02-22 23:05        66560              c:\windows\system32\dllcache\mshtmled.dll
- 2010-05-01 07:55 . 2010-12-20 23:52        55296              c:\windows\system32\dllcache\msfeedsbs.dll
+ 2010-05-01 07:55 . 2011-02-22 23:05        55296              c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-03-08 03:34 . 2010-12-20 23:52        43520              c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-08 03:34 . 2011-02-22 23:05        43520              c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-08 03:33 . 2011-02-22 23:05        25600              c:\windows\system32\dllcache\jsproxy.dll
- 2009-03-08 03:33 . 2010-12-20 23:52        25600              c:\windows\system32\dllcache\jsproxy.dll
+ 2009-04-20 17:17 . 2009-04-20 17:17        45568              c:\windows\system32\dllcache\dnsrslvr.dll
- 2010-03-18 11:16 . 2010-03-18 11:16        56656              c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2011-02-10 02:10 . 2011-02-10 02:10        56656              c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        87408              c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        87408              c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        93024              c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        93024              c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        35688              c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        35688              c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        17784              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        17784              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        58240              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        58240              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        44920              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        44920              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        37240              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        37240              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        64352              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        64352              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        51032              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        51032              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        50552              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        50552              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        81784              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        81784              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        81800              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        81800              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        39784              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        39784              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        68952              c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        68952              c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        12128              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        12128              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        97680              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        97680              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        17240              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        17240              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        78168              c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        78168              c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        81248              c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        81248              c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-04-15 13:10 . 2010-12-20 23:52        12800              c:\windows\ie8updates\KB2497640-IE8\xpshims.dll
+ 2011-04-15 13:10 . 2010-12-20 23:52        66560              c:\windows\ie8updates\KB2497640-IE8\mshtmled.dll
+ 2011-04-15 13:10 . 2010-12-20 23:52        55296              c:\windows\ie8updates\KB2497640-IE8\msfeedsbs.dll
+ 2011-04-15 13:10 . 2010-12-20 23:52        43520              c:\windows\ie8updates\KB2497640-IE8\licmgr10.dll
+ 2011-04-15 13:10 . 2010-12-20 23:52        25600              c:\windows\ie8updates\KB2497640-IE8\jsproxy.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03        96768              c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\9824b202ffe88c945577effdc7fc8fc3\UIAutomationProvider.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29        54784              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\8e97109a6278b73bf4fd77b61ce6c154\System.Xaml.Hosting.ni.dll
+ 2011-04-15 16:30 . 2011-04-15 16:30        35328              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\6474ae2cebac637025eab3cbcdc9ffe6\System.Windows.Presentation.ni.dll
+ 2011-04-15 16:30 . 2011-04-15 16:30        24064              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Routing\1070fda1dc17a4b0f121195f9c1ebcfe\System.Web.Routing.ni.dll
+ 2011-04-15 16:30 . 2011-04-15 16:30        46592              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\5a41a2282d6b6ac525073db4f0604677\System.Web.DynamicData.Design.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03        71680              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\50cbf014f60fa88f67a763dfbead1fee\System.Web.ApplicationServices.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29        24576              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Abstract#\8aa6f2e7225a8c20edda9ee3a260692a\System.Web.Abstractions.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29        82432              c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f472171edc898ea876f14b97b4f332b8\System.ServiceModel.Channels.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29        12288              c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\2f4398558c8128f92887fde8660f1ca8\System.ServiceModel.ServiceMoniker40.ni.dll
+ 2011-04-15 16:04 . 2011-04-15 16:04        78848              c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\473102f936b4a823e5e2b2e6282c5104\System.AddIn.Contract.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03        37376              c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Workflow.#\c4eae41feecde838e71941f5b7359b48\Microsoft.Workflow.Compiler.ni.exe
+ 2011-04-15 16:03 . 2011-04-15 16:03        11776              c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\1a21a54acf18fabfddb0b94d40e509a1\Microsoft.VisualC.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02        44544              c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\7600f9d2a3bc01ba15674667283c2e53\Accessibility.ni.dll
+ 2011-04-15 13:46 . 2011-04-15 13:46        60928              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\368187bcb570d202a019fc7c53b1df4c\UIAutomationProvider.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02        37888              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\3f621b90371e67197bd4d0b86aa6f21d\System.Windows.Presentation.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02        36864              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\577b049541803541e6b00e2c36c00852\System.Web.DynamicData.Design.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00        94208              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\636ed65b7e5481320e3010b78a5e6cfa\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00        82944              c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f83b1e8dd8c90490c8d924826c8b107d\System.AddIn.Contract.ni.dll
+ 2011-04-15 13:45 . 2011-04-15 13:45        47104              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2740ba673b1040f1995f13c6044da64c\PresentationFontCache.ni.exe
+ 2011-04-15 13:10 . 2011-04-15 13:10        39424              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\8514e7de63d46b6f8232ef70d93a1650\PresentationCFFRasterizer.ni.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01        55296              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\108426b4dc654100c9a99bfa71f69886\Microsoft.Vsa.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00        15872              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\61ae638a8173b053fc3e6dde41df25a3\Microsoft.VisualC.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00        74752              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\8905268997c77a27c7f9c54aeba37f24\Microsoft.Build.Framework.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00        65024              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\11bb8ef375848eb1c074da1afd5cecdc\Microsoft.Build.Framework.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00        14336              c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\6d74b9308a1517bfe959e597c3dd2427\dfsvc.ni.exe
+ 2011-04-15 15:59 . 2011-04-15 15:59        25600              c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\fdf7f1404f4a5c7f5a0463d8e7a442e4\Accessibility.ni.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        77824              c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        77824              c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        81920              c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        81920              c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        81920              c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        81920              c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        32768              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        32768              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        12800              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        12800              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        28672              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        28672              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        77824              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        77824              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        36864              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        36864              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        77824              c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        77824              c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        13312              c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        13312              c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        10752              c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        10752              c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        72192              c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        72192              c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        69120              c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        69120              c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        8192              c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        8192              c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2011-04-15 13:10 . 2011-04-15 13:10        2688              c:\windows\SoftwareDistribution\EventCache\{FCC119B7-C2EC-4B11-88C9-2664CA973400}.bin
+ 2011-04-15 16:02 . 2011-04-15 16:02        9728              c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\1a4701c5a061d081b78353bd04349c3e\dfsvc.ni.exe
+ 2011-04-15 13:09 . 2011-04-15 13:09        7168              c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        7168              c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        5632              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-10-27 15:54 . 2010-10-27 15:54        5632              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        6656              c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        6656              c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        8192              c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        8192              c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        109568              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        109568              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        246128              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        246128              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        113664              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        113664              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2003-04-02 12:00 . 2011-04-15 13:10        494300              c:\windows\system32\perfh009.dat
+ 2003-04-02 12:00 . 2011-04-15 13:10        517632              c:\windows\system32\perfh007.dat
+ 2003-04-02 12:00 . 2011-04-15 13:10        101784              c:\windows\system32\perfc007.dat
- 2003-04-02 12:00 . 2010-12-20 23:52        206848              c:\windows\system32\occache.dll
+ 2003-04-02 12:00 . 2011-02-22 23:05        206848              c:\windows\system32\occache.dll
- 2003-04-02 12:00 . 2008-06-20 17:46        247296              c:\windows\system32\mswsock.dll
+ 2003-04-02 12:00 . 2008-06-20 16:02        247296              c:\windows\system32\mswsock.dll
- 2003-04-02 12:00 . 2010-12-20 23:52        611840              c:\windows\system32\mstime.dll
+ 2003-04-02 12:00 . 2011-02-22 23:05        611840              c:\windows\system32\mstime.dll
+ 2009-03-08 03:32 . 2011-02-22 23:05        602112              c:\windows\system32\msfeeds.dll
- 2009-03-08 03:32 . 2010-12-20 23:52        602112              c:\windows\system32\msfeeds.dll
- 2003-04-02 12:00 . 2009-12-09 05:53        726528              c:\windows\system32\jscript.dll
+ 2003-04-02 12:00 . 2011-03-04 06:36        726528              c:\windows\system32\jscript.dll
+ 2003-04-02 12:00 . 2011-02-22 23:05        184320              c:\windows\system32\iepeers.dll
- 2003-04-02 12:00 . 2010-12-20 23:52        184320              c:\windows\system32\iepeers.dll
+ 2003-04-02 12:00 . 2011-02-22 23:05        387584              c:\windows\system32\iedkcs32.dll
- 2003-04-02 12:00 . 2010-12-20 23:52        387584              c:\windows\system32\iedkcs32.dll
+ 2003-04-02 12:00 . 2011-02-18 11:49        173568              c:\windows\system32\ie4uinit.exe
- 2003-04-02 12:00 . 2010-12-20 12:55        173568              c:\windows\system32\ie4uinit.exe
+ 2010-01-17 13:46 . 2011-04-15 13:42        359344              c:\windows\system32\FNTCACHE.DAT
- 2010-01-17 13:46 . 2011-04-14 14:45        359344              c:\windows\system32\FNTCACHE.DAT
+ 2003-04-02 12:00 . 2008-10-16 14:43        138496              c:\windows\system32\drivers\afd.sys
- 2003-04-02 12:00 . 2008-08-14 10:04        138496              c:\windows\system32\drivers\afd.sys
+ 2003-04-02 12:00 . 2011-03-03 06:54        149504              c:\windows\system32\dnsapi.dll
+ 2009-10-29 05:24 . 2011-02-22 23:05        916480              c:\windows\system32\dllcache\wininet.dll
- 2009-10-29 05:24 . 2010-12-20 23:52        916480              c:\windows\system32\dllcache\wininet.dll
+ 2008-05-09 10:54 . 2011-03-04 06:36        420864              c:\windows\system32\dllcache\vbscript.dll
+ 2010-01-17 18:11 . 2011-02-17 13:18        357888              c:\windows\system32\dllcache\srv.sys
+ 2009-03-08 03:34 . 2011-02-22 23:05        206848              c:\windows\system32\dllcache\occache.dll
- 2009-03-08 03:34 . 2010-12-20 23:52        206848              c:\windows\system32\dllcache\occache.dll
- 2008-06-20 17:46 . 2008-06-20 17:46        247296              c:\windows\system32\dllcache\mswsock.dll
+ 2008-06-20 17:46 . 2008-06-20 16:02        247296              c:\windows\system32\dllcache\mswsock.dll
- 2009-03-08 03:32 . 2010-12-20 23:52        611840              c:\windows\system32\dllcache\mstime.dll
+ 2009-03-08 03:32 . 2011-02-22 23:05        611840              c:\windows\system32\dllcache\mstime.dll
- 2010-05-01 07:55 . 2010-12-20 23:52        602112              c:\windows\system32\dllcache\msfeeds.dll
+ 2010-05-01 07:55 . 2011-02-22 23:05        602112              c:\windows\system32\dllcache\msfeeds.dll
+ 2010-01-17 18:11 . 2011-02-17 13:18        455936              c:\windows\system32\dllcache\mrxsmb.sys
- 2010-09-18 10:22 . 2010-09-18 10:22        974848              c:\windows\system32\dllcache\mfc42u.dll
+ 2010-09-18 10:22 . 2011-02-08 13:33        974848              c:\windows\system32\dllcache\mfc42u.dll
+ 2010-10-13 14:15 . 2011-02-08 13:33        978944              c:\windows\system32\dllcache\mfc42.dll
- 2010-01-17 18:06 . 2009-12-09 05:53        726528              c:\windows\system32\dllcache\jscript.dll
+ 2010-01-17 18:06 . 2011-03-04 06:36        726528              c:\windows\system32\dllcache\jscript.dll
- 2010-01-17 18:09 . 2010-06-09 07:43        692736              c:\windows\system32\dllcache\inetcomm.dll
+ 2010-01-17 18:09 . 2011-03-07 05:33        692736              c:\windows\system32\dllcache\inetcomm.dll
+ 2010-05-01 07:55 . 2011-02-22 23:05        247808              c:\windows\system32\dllcache\ieproxy.dll
- 2010-05-01 07:55 . 2010-12-20 23:52        247808              c:\windows\system32\dllcache\ieproxy.dll
+ 2010-02-26 05:41 . 2011-02-22 23:05        184320              c:\windows\system32\dllcache\iepeers.dll
- 2010-02-26 05:41 . 2010-12-20 23:52        184320              c:\windows\system32\dllcache\iepeers.dll
- 2010-06-11 13:32 . 2010-12-20 23:52        743424              c:\windows\system32\dllcache\iedvtool.dll
+ 2010-06-11 13:32 . 2011-02-22 23:05        743424              c:\windows\system32\dllcache\iedvtool.dll
+ 2009-03-08 13:09 . 2011-02-22 23:05        387584              c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 13:09 . 2010-12-20 23:52        387584              c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 03:32 . 2010-12-20 12:55        173568              c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-03-08 03:32 . 2011-02-18 11:49        173568              c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-06-20 17:46 . 2011-03-03 06:54        149504              c:\windows\system32\dllcache\dnsapi.dll
+ 2010-04-20 05:29 . 2011-02-15 12:56        290432              c:\windows\system32\dllcache\atmfd.dll
- 2008-06-20 11:40 . 2008-08-14 10:04        138496              c:\windows\system32\dllcache\afd.sys
+ 2008-06-20 11:40 . 2008-10-16 14:43        138496              c:\windows\system32\dllcache\afd.sys
- 2010-03-18 11:16 . 2010-03-18 11:16        517448              c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2011-02-10 02:10 . 2011-02-10 02:10        517448              c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
- 2010-03-18 11:16 . 2010-03-18 11:16        955728              c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
+ 2011-02-10 02:10 . 2011-02-10 02:10        955728              c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
- 2010-03-18 11:16 . 2010-03-18 11:16        385864              c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
+ 2011-02-10 02:10 . 2011-02-10 02:10        385864              c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
+ 2011-01-18 02:39 . 2011-01-18 02:39        388936              c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2010-05-11 04:40 . 2010-05-11 04:40        388936              c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-01-18 02:39 . 2011-01-18 02:39        363856              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-01-18 02:39 . 2011-01-18 02:39        989016              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2010-05-11 04:40 . 2010-05-11 04:40        989016              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        350592              c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        350592              c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        163168              c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        163168              c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        138592              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        138592              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        699224              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        699224              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        857960              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        857960              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        675672              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        675672              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        113512              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        113512              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        129912              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        129912              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        390008              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        390008              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        505208              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        505208              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        261472              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        261472              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        122264              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        122264              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        291184              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        291184              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        349568              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        349568              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        231760              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        231760              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        253280              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        253280              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        378720              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        378720              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        134528              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        134528              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        123736              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        123736              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        392552              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        392552              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        125816              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        125816              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        120152              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        120152              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        607064              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        607064              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        395120              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        395120              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        182144              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        182144              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        285072              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        285072              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        829280              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        829280              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        747360              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        747360              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        436600              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        436600              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        683872              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        683872              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        409448              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        409448              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        210816              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        210816              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        149848              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        149848              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        122248              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        122248              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        525704              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        525704              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        112976              c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        112976              c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        581464              c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        581464              c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        832856              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        832856              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        194424              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        194424              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        478576              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        478576              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        167288              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        167288              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        232304              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        232304              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        661352              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        661352              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        349576              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        349576              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        387960              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        387960              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        746336              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        746336              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        505184              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        505184              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        269672              c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        269672              c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        334688              c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        334688              c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        109568              c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        109568              c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        246128              c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        246128              c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        170368              c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        170368              c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-04-15 13:02 . 2010-03-10 06:15        420352              c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
+ 2011-04-15 13:02 . 2010-07-05 13:14        388984              c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
+ 2011-04-15 13:02 . 2010-07-05 13:14        234872              c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
+ 2011-04-15 13:02 . 2009-12-09 05:53        726528              c:\windows\ie8updates\KB2510531-IE8\jscript.dll
+ 2011-04-15 13:10 . 2010-12-20 23:52        916480              c:\windows\ie8updates\KB2497640-IE8\wininet.dll
+ 2011-04-15 13:10 . 2010-07-05 13:14        388984              c:\windows\ie8updates\KB2497640-IE8\spuninst\updspapi.dll
+ 2011-04-15 13:10 . 2010-07-05 13:14        234872              c:\windows\ie8updates\KB2497640-IE8\spuninst\spuninst.exe
+ 2011-04-15 13:10 . 2010-12-20 23:52        206848              c:\windows\ie8updates\KB2497640-IE8\occache.dll
+ 2011-04-15 13:10 . 2010-12-20 23:52        611840              c:\windows\ie8updates\KB2497640-IE8\mstime.dll
+ 2011-04-15 13:10 . 2010-12-20 23:52        602112              c:\windows\ie8updates\KB2497640-IE8\msfeeds.dll
+ 2011-04-15 13:10 . 2010-12-20 23:52        247808              c:\windows\ie8updates\KB2497640-IE8\ieproxy.dll
+ 2011-04-15 13:10 . 2010-12-20 23:52        184320              c:\windows\ie8updates\KB2497640-IE8\iepeers.dll
+ 2011-04-15 13:10 . 2010-12-20 23:52        743424              c:\windows\ie8updates\KB2497640-IE8\iedvtool.dll
+ 2011-04-15 13:10 . 2010-12-20 23:52        387584              c:\windows\ie8updates\KB2497640-IE8\iedkcs32.dll
+ 2011-04-15 13:10 . 2010-12-20 12:55        173568              c:\windows\ie8updates\KB2497640-IE8\ie4uinit.exe
+ 2010-01-17 18:11 . 2011-02-17 13:18        455936              c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2011-04-15 16:30 . 2011-04-15 16:30        399360              c:\windows\assembly\NativeImages_v4.0.30319_32\XamlBuildTask\071230a3e7b1d19779210ed709761da4\XamlBuildTask.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02        353792              c:\windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\308200c3a43e5cd40f7ca07328be5d56\WsatConfig.ni.exe
+ 2011-04-15 16:30 . 2011-04-15 16:30        245760              c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\c854ff737035c79fdf1b56b95e28fdbc\WindowsFormsIntegration.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03        195584              c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\c085fc0d222fb39afe14cc8e5eb32eee\UIAutomationTypes.ni.dll
+ 2011-04-15 16:30 . 2011-04-15 16:30        481792              c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\974f99cb0c5b67484ce5a3fd1fc5e7dd\UIAutomationClient.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03        391680              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\6d7c87b19bf40f2bc57ec4429b628c9a\System.Xml.Linq.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03        187904              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\21eb4743be4fdd8df5f0a9cd0dd52f5d\System.Windows.Input.Manipulations.ni.dll
+ 2011-04-15 16:30 . 2011-04-15 16:30        192512              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\506e5c072114a604751e589a03818287\System.Windows.Forms.DataVisualization.Design.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03        218624              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.RegularE#\4f6ed094f67cf65019b24b7ae4950047\System.Web.RegularExpressions.ni.dll
+ 2011-04-15 16:30 . 2011-04-15 16:30        858112              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\e48ad421c99a1dff1680d775abf7fdec\System.Web.Extensions.Design.ni.dll
+ 2011-04-15 16:30 . 2011-04-15 16:30        332288              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\25f74ac76ed1a5762f05984a8e8f675c\System.Web.Entity.ni.dll
+ 2011-04-15 16:30 . 2011-04-15 16:30        296448              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\022f7f8e65394aab269df0a14f3f8757\System.Web.Entity.Design.ni.dll
+ 2011-04-15 16:30 . 2011-04-15 16:30        705536              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\c1a917d7d45e2e5731ab1a2c69bc3c79\System.Web.DynamicData.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29        256512              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\79696f4c00767d1db7c4a93b9e417359\System.Web.DataVisualization.Design.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03        645632              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\1fac5b5769af4e4dd0aa3f09d9834734\System.Transactions.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03        220672              c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\4e5c6a1e261c43961b19f4712359234f\System.ServiceProcess.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29        421888              c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d1f5920c45a89d29bfcaaf3e913f5b43\System.ServiceModel.Activation.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29        365056              c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\9fc58e83505ef6bf05a4529665c7737d\System.ServiceModel.Routing.ni.dll
+ 2011-04-15 13:06 . 2011-04-15 13:06        721920              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\df00a90a0ca189eb49b071dfd9530347\System.Security.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03        310272              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\7de8fccb064fff0d219e8594a014b600\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03        767488              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\585f1cfab91fc0c2c3e2a9f483a2a4a2\System.Runtime.Remoting.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03        239616              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\46ecc1e6de3fba31062fe27e5bc2ef9c\System.Runtime.Caching.ni.dll
+ 2011-04-15 13:06 . 2011-04-15 13:06        144896              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\f2304201110addb8170997ff442e87fc\System.Numerics.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29        651264              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\56158e581a3dfce8f930fe7388cfe156\System.Net.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29        625152              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\8b3e59239912537657fc7f9c6b88dd8a\System.Messaging.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29        392704              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\117067671949b80852b0a7c112888b7b\System.Management.Instrumentation.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29        405504              c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\a483116d4df8444911c9d47fd99b8b95\System.IO.Log.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29        228352              c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\3891b868ee83ca630686d547c328da31\System.IdentityModel.Selectors.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03        230912              c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\547669d593c2ac7c94391e153ea6068f\System.EnterpriseServices.Wrapper.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03        784896              c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\547669d593c2ac7c94391e153ea6068f\System.EnterpriseServices.ni.dll
+ 2011-04-15 13:06 . 2011-04-15 13:06        373248              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\f9b335b9f86afcae5a54949288010a0f\System.Dynamic.ni.dll
+ 2011-04-15 13:07 . 2011-04-15 13:07        223744              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\bbb1323c2a613d3f4e9cfce17e03ee70\System.Drawing.Design.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29        911872              c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\8a7ceaec74327e2be758e7291b8a5849\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03        461824              c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\698dd101afeceb8ffc4a435b9be82038\System.DirectoryServices.Protocols.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29        112128              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\65b4592d5d04a0c5b6f102f8d1e065e8\System.Device.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29        499712              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\1cebe528201f40151fb29cb835f76ef2\System.Data.Services.Design.ni.dll
+ 2011-04-15 16:04 . 2011-04-15 16:04        134656              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\ee0a48c4f9340f1002baa71004a14932\System.Data.DataSetExtensions.ni.dll
+ 2011-04-15 13:06 . 2011-04-15 13:06        973312              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\f7f7d2aa985906327e256d05472bdeb3\System.Configuration.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03        145920              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\9a074aee02c2c27bd8a64bd39bb0f954\System.Configuration.Install.ni.dll
+ 2011-04-15 16:04 . 2011-04-15 16:04        193536              c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\f02a6c23986ba9eee3699717437b0f94\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-04-15 13:07 . 2011-04-15 13:07        690176              c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\50925baa7781cd6b13b345750b78cac2\System.ComponentModel.Composition.ni.dll
+ 2011-04-15 16:04 . 2011-04-15 16:04        613888              c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\d5de48c1c29a8498c89ed5da48e40690\System.AddIn.ni.dll
+ 2011-04-15 16:04 . 2011-04-15 16:04        402944              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\d60de251f6401ab42fe195f6bf25ca73\System.Activities.DurableInstancing.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02        316928              c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\d42aded7e797fe07a002cec27071b509\SMSvcHost.ni.exe
+ 2011-04-15 16:03 . 2011-04-15 16:03        142336              c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\22f477b2dad8700e564daead57f5b825\SMDiagnostics.ni.dll
+ 2011-04-15 13:07 . 2011-04-15 13:07        656896              c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ea81a1bfc0d3e8840be37dffb83fc12e\PresentationFramework.Luna.ni.dll
+ 2011-04-15 13:07 . 2011-04-15 13:07        327168              c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e4498a63f9913a5d47d26de0da220fdc\PresentationFramework.Royale.ni.dll
+ 2011-04-15 13:07 . 2011-04-15 13:07        283648              c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\debfd1ead83df514b9a663bf3601669f\PresentationFramework.Classic.ni.dll
+ 2011-04-15 13:07 . 2011-04-15 13:07        450048              c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bc6292c4e40c4bf27d35ec5a8065893f\PresentationFramework.Aero.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02        273920              c:\windows\assembly\NativeImages_v4.0.30319_32\MSBuild\f648f2557a7075889949469f0531b7c9\MSBuild.ni.exe
+ 2011-04-15 16:03 . 2011-04-15 16:03        219136              c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\e6c8530bfd8c9a39e07a5401b3acba04\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03        418304              c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\a78fa250714cf42472bc22d0b7ea14e5\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03        629248              c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Uti#\9c42659b778392df8680d350075a2e5b\Microsoft.Build.Utilities.v4.0.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02        257536              c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Fra#\9f1f00f55897b6fd12e65be9869fffa7\Microsoft.Build.Framework.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02        135680              c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Con#\c9519340c17ccff490727172072a7ff7\Microsoft.Build.Conversion.v4.0.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02        193024              c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\e665571fbfd43f6f3f715b715dd01f14\CustomMarshalers.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02        471040              c:\windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\1b247637f0106a0bbc4f19d822e5a13c\ComSvcConfig.ni.exe
+ 2011-04-15 16:02 . 2011-04-15 16:02        842752              c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\a1fca84c7a934ce073bce166101bc58e\AspNetMMCExt.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00        321536              c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\95de80b860252231b46014f58226e473\WsatConfig.ni.exe
+ 2011-04-15 13:46 . 2011-04-15 13:46        240128              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\715710f5a31a494ed5c0ec0874dafe3e\WindowsFormsIntegration.ni.dll
+ 2011-04-15 13:46 . 2011-04-15 13:46        187904              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\017be0e6c5f1810f15a696157cd5e2c2\UIAutomationTypes.ni.dll
+ 2011-04-15 13:46 . 2011-04-15 13:46        447488              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\bec5b0a93df12eb26c02c877a4eae678\UIAutomationClient.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02        400896              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\3d8f787002439f4942c33f376cfd8555\System.Xml.Linq.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02        129536              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\4b746fea8062a10ccc6e5331914e7dad\System.Web.Routing.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02        202240              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\103956fdb019bce8a173fe9cb9da3e02\System.Web.RegularExpressions.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02        859648              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c0a156fbf46ad272ac262e45eaa998f4\System.Web.Extensions.Design.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02        328704              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\e3651e13567ce4e3fa7bb2fbab737d9a\System.Web.Entity.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02        301056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\834d7769f39e4d937eda1ad3707d4716\System.Web.Entity.Design.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02        547328              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\032c96c6206b53bca122d1fbaf5f8ca2\System.Web.DynamicData.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02        141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6ce0e4fb33afcfcce43c427e82b987db\System.Web.Abstractions.ni.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01        627200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\990d96810a21e0fa95f916ffc66f3a94\System.Transactions.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02        212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e0d56c0582316e9ecb4c18186e37217c\System.ServiceProcess.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00        679936              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\9e91cca51a5ed6fb13b67558109d2726\System.Security.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00        311296              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\fa6a58394a1f162eecce4cd8af0875c3\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01        771584              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1d03df7f7548613e8beab2cc21e57910\System.Runtime.Remoting.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02        621056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\6194eb4bc1e0133d0183d086b747f512\System.Net.ni.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01        593408              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\fd6bd402916af28b2c2fa49ebb8a76d1\System.Messaging.ni.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01        998400              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\042658de519bb1e22ec5925092061892\System.Management.ni.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01        330752              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\d6ae8171ae6fd4fe83add34e6d70e5b5\System.Management.Instrumentation.ni.dll
+ 2011-04-15 15:59 . 2011-04-15 15:59        381440              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\abd5a61d39e474f12b30ccbbe6277667\System.IO.Log.ni.dll
+ 2011-04-15 15:59 . 2011-04-15 15:59        212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\12c4dba6d4ff0278d208c283d9ed7670\System.IdentityModel.Selectors.ni.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01        280064              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ff5c7a52497d892f3a3206384d46b5e7\System.EnterpriseServices.Wrapper.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01        627712              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ff5c7a52497d892f3a3206384d46b5e7\System.EnterpriseServices.ni.dll
+ 2011-04-15 13:45 . 2011-04-15 13:45        208384              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e6b7128278d8c0e8382a5685f5b196c6\System.Drawing.Design.ni.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01        881152              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8ef56bf47fc2fc4204e0fcc1f32bab01\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01        455680              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\447d7b4a7d0add13f8d2086088bcc41c\System.DirectoryServices.Protocols.ni.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01        354816              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ce2afe8854ee9cdc834b6f392348c882\System.Data.Services.Design.ni.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01        939008              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\03d4658290e300e437e745ef4a613b59\System.Data.Services.Client.ni.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01        756736              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\7ce21a2855bb7731de4dab797e69f3f6\System.Data.Entity.Design.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00        135680              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\ea57694aea47c05853516c9bb2ad54b4\System.Data.DataSetExtensions.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00        971264              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d6b4509225efde2a4e3db77205f8a51\System.Configuration.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00        141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f312bb844670ebc7458fec9e6b2568b3\System.Configuration.Install.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00        633856              c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\afd9595f07a8c68b26e81cf995957f56\System.AddIn.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00        366080              c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\3a42b2fbafe93d7b9395e328bea35afa\SMSvcHost.ni.exe
+ 2011-04-15 16:00 . 2011-04-15 16:00        256000              c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\97ff96d3fc8d0b10ea294f320acf821e\SMDiagnostics.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00        320512              c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\28ed0e9efd938b05b4f53e0d90046701\ServiceModelReg.ni.exe
+ 2011-04-15 13:45 . 2011-04-15 13:45        368128              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ffe13679e6b3e36e5cb6c47f8c4faf9c\PresentationFramework.Aero.ni.dll
+ 2011-04-15 13:45 . 2011-04-15 13:45        224768              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dbb40299379f2009c140ddadb04231b4\PresentationFramework.Classic.ni.dll
+ 2011-04-15 13:45 . 2011-04-15 13:45        258048              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a34cd33cec1bdfebe4a3910bceb8723b\PresentationFramework.Royale.ni.dll
+ 2011-04-15 13:45 . 2011-04-15 13:45        539648              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\689bb394bcb437ed085c22a43aba30c6\PresentationFramework.Luna.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00        133632              c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5670e74887ef1025c6a8c056ffe86b38\MSBuild.ni.exe
+ 2011-04-15 16:00 . 2011-04-15 16:00        386560              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\653732002ebf5c68f69150a60e145e6a\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00        175104              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\cc62770393640302bd4d7e442b1e49a4\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00        144384              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\352bff1ee71ce114e225f849038dc48d\Microsoft.Build.Utilities.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00        839680              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\7345f4d2d7157bf49de4158e8f2b6847\Microsoft.Build.Engine.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00        222720              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\d7dba901ddd410ca1a0156d0f2a27533\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00        220672              c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\010552e529d130ce914765b0801e2367\CustomMarshalers.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00        410112              c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\6861f639b13967e9b014b44bbb7c5d4c\ComSvcConfig.ni.exe
+ 2011-04-15 15:59 . 2011-04-15 15:59        842240              c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\800da7dec567fadf3392091e9f01ecb9\AspNetMMCExt.ni.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        839680              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        839680              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        303104              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        303104              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        372736              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        372736              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        626688              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        626688              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        401408              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        401408              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        970752              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        970752              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        745472              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        745472              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        425984              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        425984              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        659456              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        659456              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        749568              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        749568              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        655360              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        655360              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        348160              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        348160              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        507904              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        507904              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        261632              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        261632              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        113664              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        113664              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        258048              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        258048              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        486400              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        486400              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-04-15 07:17 . 2010-10-23 00:50        1748992              c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll
+ 2003-04-02 12:00 . 2011-02-22 23:05        1210880              c:\windows\system32\urlmon.dll
- 2003-04-02 12:00 . 2010-12-20 23:52        1210880              c:\windows\system32\urlmon.dll
+ 2003-04-02 12:00 . 2011-02-22 23:05        5962240              c:\windows\system32\mshtml.dll
- 2009-03-08 03:32 . 2010-12-20 23:52        1991680              c:\windows\system32\iertutil.dll
+ 2009-03-08 03:32 . 2011-02-22 23:05        1991680              c:\windows\system32\iertutil.dll
+ 2009-08-14 15:10 . 2011-03-03 13:53        1858048              c:\windows\system32\dllcache\win32k.sys
- 2009-10-29 05:24 . 2010-12-20 23:52        1210880              c:\windows\system32\dllcache\urlmon.dll
+ 2009-10-29 05:24 . 2011-02-22 23:05        1210880              c:\windows\system32\dllcache\urlmon.dll
+ 2009-10-29 18:54 . 2011-02-22 23:05        5962240              c:\windows\system32\dllcache\mshtml.dll
- 2010-05-01 07:55 . 2010-12-20 23:52        1991680              c:\windows\system32\dllcache\iertutil.dll
+ 2010-05-01 07:55 . 2011-02-22 23:05        1991680              c:\windows\system32\dllcache\iertutil.dll
- 2010-03-18 11:16 . 2010-03-18 11:16        5196112              c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2011-02-10 02:10 . 2011-02-10 02:10        5196112              c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2011-02-10 02:10 . 2011-02-10 02:10        1142104              c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
+ 2011-02-10 02:10 . 2011-02-10 02:10        6735176              c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
+ 2011-01-18 02:39 . 2011-01-18 02:39        5813072              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2010-05-11 04:40 . 2010-05-11 04:40        4550656              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-01-18 02:39 . 2011-01-18 02:39        4550656              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        1303896              c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        1303896              c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        3481928              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        3481928              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        2207568              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        2207568              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        4982120              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        4982120              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        1711496              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        1711496              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        6067048              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        6067048              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        1026936              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        1026936              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        4464480              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        4464480              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        1339736              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        1339736              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        1199968              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        1199968              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        1462648              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        1462648              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        6346600              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        6346600              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        2970968              c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        2970968              c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        3545952              c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        3545952              c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        5196112              c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        5196112              c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05        2989456              c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2010-10-22 18:16 . 2010-10-22 18:16        2989456              c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-04-15 13:10 . 2010-12-20 23:52        1210880              c:\windows\ie8updates\KB2497640-IE8\urlmon.dll
+ 2011-04-15 13:10 . 2010-12-20 23:52        5961216              c:\windows\ie8updates\KB2497640-IE8\mshtml.dll
+ 2011-04-15 13:10 . 2010-12-20 23:52        1991680              c:\windows\ie8updates\KB2497640-IE8\iertutil.dll
+ 2011-04-15 13:07 . 2011-04-15 13:07        3779072              c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8d8cf1d60737d945a526fb11577d4b8a\WindowsBase.ni.dll
+ 2011-04-15 16:30 . 2011-04-15 16:30        1055744              c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\28121866e3d6d8b0dc72d9e250b0af1c\UIAutomationClientsideProviders.ni.dll
+ 2011-04-15 13:06 . 2011-04-15 13:06        9000960              c:\windows\assembly\NativeImages_v4.0.30319_32\System\7abfd34ae39103ceccdfb8b262ed6a97\System.ni.dll
+ 2011-04-15 13:06 . 2011-04-15 13:06        5571584              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\eb45dda4b68ae7f29995c3a3d909fbe7\System.Xml.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02        1776640              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\738a078bc59722d6b06b5ae5e99569f9\System.Xaml.ni.dll
+ 2011-04-15 16:30 . 2011-04-15 16:30        1203712              c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\304d3a73f1164fd6a479d2ce3ce92eeb\System.WorkflowServices.ni.dll
+ 2011-04-15 16:30 . 2011-04-15 16:30        1956352              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Run#\2ad10d83d89a523c6de788549af858d7\System.Workflow.Runtime.ni.dll
+ 2011-04-15 16:30 . 2011-04-15 16:30        4428800              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\8195c01c967fc24ccb087de40259b8f9\System.Workflow.ComponentModel.ni.dll
+ 2011-04-15 16:30 . 2011-04-15 16:30        2839552              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\2d7c20df276d8353c5816f4bc765859d\System.Workflow.Activities.ni.dll
+ 2011-04-15 16:30 . 2011-04-15 16:30        4496384              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\eec21f9b08bbed54d9e36038badaf289\System.Windows.Forms.DataVisualization.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03        1864704              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\9a95136bec3e5267c7577404920d1d45\System.Web.Services.ni.dll
+ 2011-04-15 16:30 . 2011-04-15 16:30        2324992              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\12fe8461716ebb37f3c239be705a3346\System.Web.Mobile.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29        3079168              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\aeb23319f1c21615a69b9dabb3eed1e5\System.Web.Extensions.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29        4429312              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\5eb25b0fc92317024404b1c2f2c47e01\System.Web.DataVisualization.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29        1992192              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\01a3b3bf7fadd971e17400c8502ec886\System.Speech.ni.dll
+ 2011-04-15 16:28 . 2011-04-15 16:28        1046528              c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\809ed279c5eecfa3e211dfe4c3d891e1\System.ServiceModel.Web.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29        1127424              c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\6856341eadab4c3ace0e39182649bba2\System.ServiceModel.Discovery.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29        1388032              c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\4048a5620b0fa66a7414cff30155d30c\System.ServiceModel.Activities.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03        2625024              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\c46375bba06671d2a9369e630752987a\System.Runtime.Serialization.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03        1011200              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\6b6309a2e7f384bac4ccbdf1eca34c30\System.Runtime.DurableInstancing.ni.dll
+ 2011-04-15 16:04 . 2011-04-15 16:04        1047040              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\24f97354b0a95ef77b2db8de9e7374fe\System.Printing.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29        1159168              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\05a0937d76f565aa728348fc24f6c2eb\System.Management.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29        1065984              c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1f045fc92d6402b27f6b9fb9291d44c3\System.IdentityModel.ni.dll
+ 2011-04-15 13:06 . 2011-04-15 13:06        1651200              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\526f0a9717cbd8a50d09a10b5ce81c0d\System.Drawing.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03        1151488              c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\6dc0ed081400ec315f895bdc7fd016c4\System.DirectoryServices.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03        1872384              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\2a2a921350a9651e9bd681197edeb88d\System.Deployment.ni.dll
+ 2011-04-15 13:07 . 2011-04-15 13:07        6754816              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\adc8f2f7dff3233f2d72bcef8e58226a\System.Data.ni.dll
+ 2011-04-15 13:06 . 2011-04-15 13:06        2538496              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\c25dda9b477a33f9f235292114bb535c\System.Data.SqlXml.ni.dll
+ 2011-04-15 16:28 . 2011-04-15 16:28        2008576              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services\f6a18d8564d85567667671e65c1fac93\System.Data.Services.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29        1332736              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\aa778d274523b93d389e581e58698918\System.Data.Services.Client.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03        1183744              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\f1dd156de604f1a10aeea7108afd5e1f\System.Data.OracleClient.ni.dll
+ 2011-04-15 13:06 . 2011-04-15 13:06        2499072              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\8e0d083a7ad85b579d176e3594b5f3b8\System.Data.Linq.ni.dll
+ 2011-04-15 16:28 . 2011-04-15 16:28        1398272              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity.#\579e5f92bb6bcc68549c796d2650ea8c\System.Data.Entity.Design.ni.dll
+ 2011-04-15 13:06 . 2011-04-15 13:06        7025664              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\69b1f8a15cdfb26e30c8761fa4f96940\System.Core.ni.dll
+ 2011-04-15 16:04 . 2011-04-15 16:04        4103168              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\ec488a50a47246a625159744ad8e0931\System.Activities.ni.dll
+ 2011-04-15 16:04 . 2011-04-15 16:04        3691520              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\00fb4f96c610880aeee34d8670347a6d\System.Activities.Presentation.ni.dll
+ 2011-04-15 16:04 . 2011-04-15 16:04        1506304              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\a965a0f825fb91ce7cf78d99263968b4\System.Activities.Core.Presentation.ni.dll
+ 2011-04-15 16:04 . 2011-04-15 16:04        2842624              c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\3f04b2ab8961aceac03f8ae2ccabe947\ReachFramework.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03        1622528              c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\3aebfb1497141c9466ee8ce68a3bf805\PresentationUI.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03        1467904              c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationBuildTa#\04c896ef9acdfb2e0f068d78f3bb2dfc\PresentationBuildTasks.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03        1819648              c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\ff572ca3a119cd72903df8c6ed667b62\Microsoft.VisualBasic.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03        1133056              c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\e2d6ac83d5e42065b088e086479a1632\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03        1167872              c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\320f1578082f1de1f8562ce92c0c2dab\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03        1079808              c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\ac03be8a96bd10965da87208d81eb07d\Microsoft.Transactions.Bridge.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29        2441728              c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\d4572ad085979b16261058f1433e73e9\Microsoft.JScript.ni.dll
+ 2011-04-15 13:07 . 2011-04-15 13:07        1612288              c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\32454400da56267e19961852345d7a62\Microsoft.CSharp.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02        4226560              c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build\9eb482fd45d38ed674a400e280532e83\Microsoft.Build.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03        2850816              c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\dfdc36ac2dd7d51f61a05e15fe35c721\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02        1914368              c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Eng#\bb1cb4e6b20acc14abb6850cd4eecd0a\Microsoft.Build.Engine.ni.dll
+ 2011-04-15 13:10 . 2011-04-15 13:10        3325440              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\76e431fde1b252312b331f7108259fda\WindowsBase.ni.dll
+ 2011-04-15 13:46 . 2011-04-15 13:46        1049600              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\9e022c95e79f2b6f383a501ad99f08a9\UIAutomationClientsideProviders.ni.dll
+ 2011-04-15 13:10 . 2011-04-15 13:10        7949824              c:\windows\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll
+ 2011-04-15 13:46 . 2011-04-15 13:46        5450752              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b06e49ed8cbe07dbb90e313fa634b27b\System.Xml.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02        1356288              c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\6346221cecf631e5c0b754d842aad102\System.WorkflowServices.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02        1908224              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\1fbcd203ff8d77d561df8bf806417ab6\System.Workflow.Runtime.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02        4514304              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\efbaf3696c44fd7d4b3cd925e0437b36\System.Workflow.ComponentModel.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02        2992640              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\52a9bc5dd1fa497af7c7f4600bd8e6d1\System.Workflow.Activities.ni.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01        1840640              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f5ebeeb0a8aaba9db15ec3df591339ba\System.Web.Services.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02        2209280              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\92d6b75e3b63b528d4069bf4ee01983a\System.Web.Mobile.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02        2405376              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\02d53154634c8000382942e0f43ead41\System.Web.Extensions.ni.dll
+ 2011-04-15 13:46 . 2011-04-15 13:46        1917952              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\dd128c8e21e7fa14c12b71df9892d046\System.Speech.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02        1706496              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\8b0bb430bb6af96c18b43e3c54cfafe8\System.ServiceModel.Web.ni.dll
+ 2011-04-15 15:59 . 2011-04-15 15:59        2345472              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\85090bd451617e204ffda625b8d9fc30\System.Runtime.Serialization.ni.dll
+ 2011-04-15 13:46 . 2011-04-15 13:46        1035776              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\85a7a7aace114e78fc6c9b219bcd5551\System.Printing.ni.dll
+ 2011-04-15 15:59 . 2011-04-15 15:59        1070080              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\86c59378e9a43bf101a10ad452a4bb8e\System.IdentityModel.ni.dll
+ 2011-04-15 13:45 . 2011-04-15 13:45        1587200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d912066086a59f09424c7c69f95e2c55\System.Drawing.ni.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01        1116672              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c05d9332116964104c721e97f7ce1058\System.DirectoryServices.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00        1801216              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\0118c0c73ea5c77bda7b10b188102ab6\System.Deployment.ni.dll
+ 2011-04-15 13:45 . 2011-04-15 13:45        6616576              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\1337829e3df6888464a17aab78bb9b8f\System.Data.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00        2510336              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ba3ca7a93e227c32ce7b50d0a7ba935f\System.Data.SqlXml.ni.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01        1328128              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\2de52be5da96059651b5bec800cb4605\System.Data.Services.ni.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01        1115136              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\5018d7d39ee99a18c2c17d68837a7a6d\System.Data.OracleClient.ni.dll
+ 2011-04-15 13:45 . 2011-04-15 13:45        2516480              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\11f1306e0e311a0d0cbd139fb2fa4c36\System.Data.Linq.ni.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01        9924096              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6f83243158f28669aac9577fdb3d5aaf\System.Data.Entity.ni.dll
+ 2011-04-15 13:45 . 2011-04-15 13:45        2295296              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\684fe21837d3cf3e5935bbd0a7f53141\System.Core.ni.dll
+ 2011-04-15 13:45 . 2011-04-15 13:45        2128896              c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\12efddabe6fe35be21246c88ed9bf8ab\ReachFramework.ni.dll
+ 2011-04-15 13:45 . 2011-04-15 13:45        1657856              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\257c9327ba9cc5cd87f58de224aa2e0d\PresentationUI.ni.dll
+ 2011-04-15 13:10 . 2011-04-15 13:10        1451008              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\2faf279f73d492469a21f3e74d18955d\PresentationBuildTasks.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00        1712128              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\269103939243ec6929739c8b9a645c0d\Microsoft.VisualBasic.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00        1093120              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\bf7bd26d2828e35156814018939ce4f6\Microsoft.Transactions.Bridge.ni.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01        2332160              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\6594c17d7e112b0507b701d5b8a67bba\Microsoft.JScript.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00        1620992              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\f5eb1e42ccd0f67f7496b94a31949cd0\Microsoft.Build.Tasks.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00        1966080              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\cc7f05675a5cd8014222be1483d6beaf\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00        1888768              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\41cf95aa4ff5765b515d3252abc6353b\Microsoft.Build.Engine.ni.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        3182592              c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        3182592              c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        2048000              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        2048000              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        5025792              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        5025792              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        5062656              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        5062656              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        5242880              c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        5242880              c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        2933248              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        2933248              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-10-27 15:54 . 2010-10-27 15:54        4550656              c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09        4550656              c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-01-18 08:39 . 2011-04-15 13:02        39828936              c:\windows\system32\MRT.exe
- 2009-03-08 03:39 . 2010-12-21 04:22        11080704              c:\windows\system32\ieframe.dll
+ 2009-03-08 03:39 . 2011-02-22 23:05        11080704              c:\windows\system32\ieframe.dll
+ 2010-02-25 09:45 . 2011-02-22 23:05        11080704              c:\windows\system32\dllcache\ieframe.dll
- 2010-02-25 09:45 . 2010-12-21 04:22        11080704              c:\windows\system32\dllcache\ieframe.dll
+ 2011-02-11 18:47 . 2011-02-11 18:47        12028928              c:\windows\Installer\13aa0f3.msp
+ 2011-02-11 06:43 . 2011-02-11 06:43        10951168              c:\windows\Installer\13aa0e8.msp
+ 2011-04-15 13:10 . 2010-12-21 04:22        11080704              c:\windows\ie8updates\KB2497640-IE8\ieframe.dll
+ 2011-04-15 13:06 . 2011-04-15 13:06        13006336              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\85b61e27d3c08c0c8ff19deb75912e1d\System.Windows.Forms.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03        11917312              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\cbb8ea4c34417e0f8bb28173fa144b15\System.Web.ni.dll
+ 2011-04-15 16:28 . 2011-04-15 16:28        17919488              c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\8964b15d32028ef9dfe776216af8524d\System.ServiceModel.ni.dll
+ 2011-04-15 13:07 . 2011-04-15 13:07        10847744              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\52846d07f7717330921b70d23e36b34c\System.Design.ni.dll
+ 2011-04-15 16:28 . 2011-04-15 16:28        13273600              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\38409bc0ee7cdb9fbc981fefea83ab23\System.Data.Entity.ni.dll
+ 2011-04-15 13:07 . 2011-04-15 13:07        17629184              c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f1e3e74b135fcd61fa30090a2c2596a6\PresentationFramework.ni.dll
+ 2011-04-15 13:07 . 2011-04-15 13:07        11058176              c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\3fe193ac81b9eafd76aafeec99bdbf6a\PresentationCore.ni.dll
+ 2011-04-15 13:06 . 2011-04-15 13:06        14415872              c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\eb4e1e70734f6efb9c7de7ec5f452c9e\mscorlib.ni.dll
+ 2011-04-15 13:46 . 2011-04-15 13:46        12430848              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ed2bf0d86229128c194a872f70fe15ee\System.Windows.Forms.ni.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01        11800576              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d7b7ee04166212533ae21eaeb584fb0d\System.Web.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00        17403904              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\b5f24d96334ea08b99350421450d3ba4\System.ServiceModel.ni.dll
+ 2011-04-15 13:45 . 2011-04-15 13:45        10683392              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\5aeadb9ff9a86f49130de5976a9f1744\System.Design.ni.dll
+ 2011-04-15 13:45 . 2011-04-15 13:45        14328320              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1a5d89d569e2e12842daf4d87c57361a\PresentationFramework.ni.dll
+ 2011-04-15 13:45 . 2011-04-15 13:45        12215808              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\46c57d845e55232a89e98101075cd455\PresentationCore.ni.dll
+ 2011-04-15 13:10 . 2011-04-15 13:10        11490816              c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
.
c:\dokumente und einstellungen\Kilaoa\Startmen\Programme\Autostart\
Stardock ObjectDock.lnk - c:\programme\Stardock\ObjectDockFree\ObjectDock.exe [N/A]
.
c:\dokumente und einstellungen\Kilaoa\Startmen\Programme\Autostart\
Stardock ObjectDock.lnk - c:\programme\Stardock\ObjectDockFree\ObjectDock.exe [N/A]
.
c:\dokumente und einstellungen\Kilaoa\Startmen\Programme\Autostart\
Stardock ObjectDock.lnk - c:\programme\Stardock\ObjectDockFree\ObjectDock.exe [N/A]
.
c:\dokumente und einstellungen\Kilaoa\Startmen\Programme\Autostart\
Stardock ObjectDock.lnk - c:\programme\Stardock\ObjectDockFree\ObjectDock.exe [N/A]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NAUpdate"=2 (0x2)
"SandraAgentSrv"=3 (0x3)
"npggsvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\mIRC\\mirc.exe"=
"c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\NexonEU\\NGM\\NGM.exe"=
"e:\\Spiele\\World of Warcraft\\Launcher.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"e:\\Spiele\\World of Warcraft\\WoW-3.3.2.11403-to-3.3.3.11685-deDE-downloader.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"e:\\Spiele\\World of Warcraft\\WoW-3.2.0-deDE-downloader.exe"=
"e:\\Spiele\\World of Warcraft\\WoW-3.3.3.11685-to-3.3.3.11723-deDE-downloader.exe"=
"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2011.SP1\\RpcAgentSrv.exe"=
"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2011.SP1\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Opera\\opera.exe"=
"c:\\Dokumente und Einstellungen\\Kilaoa\\Lokale Einstellungen\\Apps\\2.0\\NDB1HLDX.2MH\\Z37R629G.YHD\\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\\CurseClient.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"1036:TCP"= 1036:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [17.01.2010 18:15 114768]
R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [17.02.2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [17.02.2010 11:15 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.01.2010 18:15 20560]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [27.06.2010 22:26 17792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 13:16 130384]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\62.tmp --> c:\windows\system32\62.tmp [?]
S3 SASENUM;SASENUM;c:\programme\SUPERAntiSpyware\SASENUM.SYS [17.02.2010 11:15 12872]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [01.12.2009 15:49 34896]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 13:16 753504]
S4 NAUpdate;@c:\programme\Nero\Update\NASvc.exe,-200;c:\programme\Nero\Update\NASvc.exe [04.05.2010 12:07 503080]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1343024091-725345543-1004Core.job
- c:\dokumente und einstellungen\Kilaoa\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2010-11-04 22:24]
.
2011-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1343024091-725345543-1004UA.job
- c:\dokumente und einstellungen\Kilaoa\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2010-11-04 22:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>
FF - ProfilePath - c:\dokumente und einstellungen\Kilaoa\Anwendungsdaten\Mozilla\Firefox\Profiles\f33atzoq.default\
FF - prefs.js: browser.startup.homepage - about:blank
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-15 20:23
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\62.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1454471165-1343024091-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft-Datenträgerkontingent"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
@DACL=(02 0000)
@="Internet Explorer User Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3014"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Softwareinstallation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
@DACL=(02 0000)
@="Internet Explorer Machine Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
@DACL=(02 0000)
"DllName"="c:\\Programme\\SUPERAntiSpyware\\SASWINLO.dll"
"Logon"="SABWINLOLogon"
"Logoff"="SABWINLOLogoff"
"Startup"="SABWINLOStartup"
"Shutdown"="SABWINLOShutdown"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
@DACL=(02 0000)
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
@DACL=(02 0000)
"Asynchronous"=dword:00000001
"DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"
"Startup"="WlDimsStartup"
"Shutdown"="WlDimsShutdown"
"Logon"="WlDimsLogon"
"Logoff"="WlDimsLogoff"
"StartShell"="WlDimsStartShell"
"Lock"="WlDimsLock"
"Unlock"="WlDimsUnlock"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
@DACL=(02 0000)
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=expand:"sclgntfy.dll"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
@DACL=(02 0000)
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"Hilfeassistent"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"HelpAssistant"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(2636)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
Zeit der Fertigstellung: 2011-04-15  20:24:50
ComboFix-quarantined-files.txt  2011-04-15 18:24
ComboFix2.txt  2011-04-14 16:56
.
Vor Suchlauf: 13 Verzeichnis(se), 80.502.054.912 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 80.498.671.616 Bytes frei
.
- - End Of File - - 038B83F79FFCBD47B145D09EB4EECD53

cosinus 15.04.2011 20:51
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

qupapa 15.04.2011 22:30
So und weiter geht's.
GMER lief sauber durch, hat nur fast 1 1/2 Std. gebraucht.
Bei OSAM war mir aufgefallen, dass da irgendwas mit der Logonui.exe war, die hatte ich mal manuell verändert (keine Ahnung ob das relevant ist)

Nun hier die Logs:

Gmer:
Code:
GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-15 23:14:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.1AC0
Running: 5f9ftjlg.exe; Driver: C:\DOKUME~1\Kilaoa\LOKALE~1\Temp\uxtdqpow.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                                          ZwClose [0xA4FC76B8]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                                          ZwCreateKey [0xA4FC7574]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                                          ZwDeleteValueKey [0xA4FC7A52]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                                          ZwDuplicateObject [0xA4FC714C]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                                          ZwOpenKey [0xA4FC764E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                                          ZwOpenProcess [0xA4FC708C]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                                          ZwOpenThread [0xA4FC70F0]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                                          ZwQueryValueKey [0xA4FC776E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                                          ZwRestoreKey [0xA4FC772E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                                          ZwSetValueKey [0xA4FC78AE]

Code            \??\C:\DOKUME~1\Kilaoa\LOKALE~1\Temp\catchme.sys                                                                                                pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

.text          C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                                                        section is writeable [0xB6543380, 0x566465, 0xE8000020]
?              C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                                                                                      Das System kann die angegebene Datei nicht finden. !
?              C:\DOKUME~1\Kilaoa\LOKALE~1\Temp\catchme.sys                                                                                                    Das System kann die angegebene Datei nicht finden. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\WINDOWS\system32\services.exe[916] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]                                    00380002
IAT            C:\WINDOWS\system32\services.exe[916] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW]                                          00380000

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                                          aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                                        aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                                      aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                                      aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                                    aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@                                Microsoft-Datentr?gerkontingent
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoMachinePolicy                  0
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoUserPolicy                    1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoSlowLink                      1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoBackgroundPolicy              1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoGPOListChanges                1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@PerUserLocalSettings            0
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@RequiresSuccessfulRegistry      1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@EnableAsynchronousProcessing    0
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@DllName                          dskquota.dll
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@ProcessGroupPolicy              ProcessGroupPolicy
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@                                Internet Explorer Zonemapping
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@DllName                          C:\WINDOWS\system32\iedkcs32.dll
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@ProcessGroupPolicy              ProcessGroupPolicyForZoneMap
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@NoGPOListChanges                1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@RequiresSucessfulRegistry        1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@DisplayName                      @C:\WINDOWS\system32\iedkcs32.dll.mui,-3051
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@RequiresSuccessfulRegistry      1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@                                Internet Explorer User Accelerators
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@DisplayName                      @C:\WINDOWS\system32\iedkcs32.dll.mui,-3051
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@DllName                          C:\WINDOWS\system32\iedkcs32.dll
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@NoGPOListChanges                1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@ProcessGroupPolicy              ProcessGroupPolicyForActivities
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@ProcessGroupPolicyEx            ProcessGroupPolicyForActivitiesEx
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@RequiresSuccessfulRegistry      1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicy              SceProcessSecurityPolicyGPO
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@GenerateGroupPolicy              SceGenerateGroupPolicy
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ExtensionRsopPlanningDebugLevel  1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicyEx            SceProcessSecurityPolicyGPOEx
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ExtensionDebugLevel              1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@DllName                          scecli.dll
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@                                Security
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@NoUserPolicy                    1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@NoGPOListChanges                1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@EnableAsynchronousProcessing    1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@MaxNoGPOListChangesInterval      960
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ProcessGroupPolicyEx            ProcessGroupPolicyEx
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@GenerateGroupPolicy              GenerateGroupPolicy
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ProcessGroupPolicy              ProcessGroupPolicy
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@DllName                          C:\WINDOWS\system32\iedkcs32.dll
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@                                Internet Explorer Branding
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoSlowLink                      1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoBackgroundPolicy              0
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoGPOListChanges                1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoMachinePolicy                  1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@DisplayName                      @C:\WINDOWS\system32\iedkcs32.dll.mui,-3014
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicy              SceProcessEFSRecoveryGPO
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@DllName                          scecli.dll
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@                                EFS recovery
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@NoUserPolicy                    1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@NoGPOListChanges                1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@RequiresSuccessfulRegistry      1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@                                802.3 Group Policy
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@DisplayName                      @dot3gpclnt.dll,-100
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@ProcessGroupPolicyEx            ProcessLANPolicyEx
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@GenerateGroupPolicy              GenerateLANPolicy
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@DllName                          dot3gpclnt.dll
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@NoUserPolicy                    1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@NoGPOListChanges                1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@                                Microsoft Offline Files
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@DllName                          %SystemRoot%\System32\cscui.dll
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@EnableAsynchronousProcessing    0
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoBackgroundPolicy              0
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoGPOListChanges                0
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoMachinePolicy                  0
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoSlowLink                      0
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoUserPolicy                    1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@PerUserLocalSettings            0
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@ProcessGroupPolicy              ProcessGroupPolicy
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@RequiresSuccessfulRegistry      1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@                                Softwareinstallation
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@DllName                          appmgmts.dll
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@ProcessGroupPolicyEx            ProcessGroupPolicyObjectsEx
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@GenerateGroupPolicy              GenerateGroupPolicy
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@NoBackgroundPolicy              0
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@RequiresSucessfulRegistry        0
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@NoSlowLink                      1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@PerUserLocalSettings            1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@EventSources                    (Application Management,Application)?(MsiInstaller,Application)?
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@                                Internet Explorer Machine Accelerators
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@DisplayName                      @C:\WINDOWS\system32\iedkcs32.dll.mui,-3051
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@DllName                          C:\WINDOWS\system32\iedkcs32.dll
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@NoGPOListChanges                1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@ProcessGroupPolicy              ProcessGroupPolicyForActivities
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@ProcessGroupPolicyEx            ProcessGroupPolicyForActivitiesEx
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@RequiresSuccessfulRegistry      1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@DllName                                                          C:\Programme\SUPERAntiSpyware\SASWINLO.dll
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Logon                                                            SABWINLOLogon
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Logoff                                                          SABWINLOLogoff
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Startup                                                          SABWINLOStartup
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Shutdown                                                        SABWINLOShutdown
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Asynchronous                                                    0
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Impersonate                                                      0
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@Asynchronous                                                    0
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@Impersonate                                                      0
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@DllName                                                          crypt32.dll
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@Logoff                                                          ChainWlxLogoffEvent
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@Asynchronous                                                        0
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@Impersonate                                                          0
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@DllName                                                              cryptnet.dll
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@Logoff                                                              CryptnetWlxLogoffEvent
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@DLLName                                                                cscdll.dll
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Logon                                                                  WinlogonLogonEvent
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Logoff                                                                WinlogonLogoffEvent
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@ScreenSaver                                                            WinlogonScreenSaverEvent
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Startup                                                                WinlogonStartupEvent
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Shutdown                                                              WinlogonShutdownEvent
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@StartShell                                                            WinlogonStartShellEvent
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Impersonate                                                            0
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Asynchronous                                                          1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Asynchronous                                                        1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@DllName                                                              %SystemRoot%\System32\dimsntfy.dll
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Startup                                                              WlDimsStartup
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Shutdown                                                            WlDimsShutdown
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Logon                                                                WlDimsLogon
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Logoff                                                              WlDimsLogoff
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@StartShell                                                          WlDimsStartShell
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Lock                                                                WlDimsLock
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Unlock                                                              WlDimsUnlock
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@DLLName                                                            wlnotify.dll
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Logon                                                              SCardStartCertProp
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Logoff                                                            SCardStopCertProp
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Lock                                                              SCardSuspendCertProp
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Unlock                                                            SCardResumeCertProp
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Enabled                                                            1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Impersonate                                                        1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Asynchronous                                                      1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@Asynchronous                                                        0
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@DllName                                                              wlnotify.dll
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@Impersonate                                                          0
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@StartShell                                                          SchedStartShell
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@Logoff                                                              SchedEventLogOff
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@Logoff                                                              WLEventLogoff
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@Impersonate                                                          0
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@Asynchronous                                                        1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@DllName                                                              sclgntfy.dll
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@DLLName                                                              WlNotify.dll
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Lock                                                                SensLockEvent
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Logon                                                                SensLogonEvent
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Logoff                                                              SensLogoffEvent
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Safe                                                                1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@MaxWait                                                              600
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@StartScreenSaver                                                    SensStartScreenSaverEvent
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@StopScreenSaver                                                      SensStopScreenSaverEvent
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Startup                                                              SensStartupEvent
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Shutdown                                                            SensShutdownEvent
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@StartShell                                                          SensStartShellEvent
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@PostShell                                                            SensPostShellEvent
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Disconnect                                                          SensDisconnectEvent
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Reconnect                                                            SensReconnectEvent
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Unlock                                                              SensUnlockEvent
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Impersonate                                                          1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Asynchronous                                                        1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Asynchronous                                                          0
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@DllName                                                              wlnotify.dll
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Impersonate                                                          0
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Logoff                                                                TSEventLogoff
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Logon                                                                TSEventLogon
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@PostShell                                                            TSEventPostShell
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Shutdown                                                              TSEventShutdown
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@StartShell                                                            TSEventStartShell
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Startup                                                              TSEventStartup
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@MaxWait                                                              600
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Reconnect                                                            TSEventReconnect
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Disconnect                                                            TSEventDisconnect
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@DLLName                                                            wlnotify.dll
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Logon                                                              RegisterTicketExpiredNotificationEvent
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Logoff                                                              UnregisterTicketExpiredNotificationEvent
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Impersonate                                                        1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Asynchronous                                                        1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@Hilfeassistent                                              0
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@TsInternetUser                                              0
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@SQLAgentCmdExec                                            0
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@NetShowServices                                            0
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@HelpAssistant                                              0
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@IWAM_                                                      65536
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@IUSR_                                                      65536
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@VUSR_                                                      65536
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@ASPNET                                                      0

---- EOF - GMER 1.0.15 ----
OSAM:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:34:01 on 15.04.2011

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskUserS-1-5-21-1454471165-1343024091-725345543-1004Core.job" - "Google Inc." - C:\Dokumente und Einstellungen\Kilaoa\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-1454471165-1343024091-725345543-1004UA.job" - "Google Inc." - C:\Dokumente und Einstellungen\Kilaoa\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile USB Driver" (USBAAPL) - ? - C:\WINDOWS\System32\Drivers\usbaapl.sys  (File not found)
"aswFsBlk" (aswFsBlk) - "ALWIL Software" - C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys
"aswRdr" (aswRdr) - "ALWIL Software" - C:\WINDOWS\system32\drivers\aswRdr.sys
"avast! Asynchronous Virus Monitor" (Aavmker4) - "ALWIL Software" - C:\WINDOWS\system32\drivers\Aavmker4.sys
"avast! Network Shield Support" (aswTdi) - "ALWIL Software" - C:\WINDOWS\system32\drivers\aswTdi.sys
"avast! Self Protection" (aswSP) - "ALWIL Software" - C:\WINDOWS\system32\drivers\aswSP.sys
"avast! Standard Shield Support" (aswMon2) - "ALWIL Software" - C:\WINDOWS\system32\drivers\aswMon2.sys
"Avnex Virtual Audio Device (WDM)" (VCSVADHWSer) - "Avnex" - C:\WINDOWS\System32\DRIVERS\vcsvad.sys
"Belkin Wireless G USB Network Adapter(Belkin)" (BLKWGU(Belkin)) - "Belkin Corporation" - C:\WINDOWS\System32\DRIVERS\BLKWGU.sys
"catchme" (catchme) - ? - C:\DOKUME~1\Kilaoa\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"EagleNT" (EagleNT) - ? - C:\WINDOWS\system32\drivers\EagleNT.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"mbr" (mbr) - ? - C:\CoFi\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"MEMSWEEP2" (MEMSWEEP2) - ? - C:\WINDOWS\system32\62.tmp  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"SANDRA" (SANDRA) - ? - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP1\WNt500x86\Sandra.sys  (File not found)
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
"SASENUM" (SASENUM) - " SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASENUM.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File not found)
"uxtdqpow" (uxtdqpow) - ? - C:\DOKUME~1\Kilaoa\LOKALE~1\Temp\uxtdqpow.sys  (Hidden registry entry, rootkit activity | File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"ZDPSp50 NDIS Protocol Driver" (ZDPSp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\System32\Drivers\ZDPSp50.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "ALWIL Software" - C:\Programme\Alwil Software\Avast4\ashShell.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -  (File not found | COM-object registry key not found)
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{1984D045-52CF-49cd-DB77-08F378FEA4DB} "ObjectDockShlExt" - ? -  (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
{1984D045-52CF-49cd-DB77-08F378FEA4DB} {000214e8-0000-0000-c000-000000000046} 0x401 "{1984D045-52CF-49cd-DB77-08F378FEA4DB} {000214e8-0000-0000-c000-000000000046} 0x401" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Programme\Spybot\SDHelper.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Programme\Spybot\SDHelper.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Kilaoa\Startmenü\Programme\Autostart\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avast!" - "ALWIL Software" - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"avast! Antivirus" (avast! Antivirus) - "ALWIL Software" - C:\Programme\Alwil Software\Avast4\ashServ.exe
"avast! iAVS4 Control Service" (aswUpdSv) - "ALWIL Software" - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
"avast! Mail Scanner" (avast! Mail Scanner) - "ALWIL Software" - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
"avast! Web Scanner" (avast! Web Scanner) - "ALWIL Software" - C:\Programme\Alwil Software\Avast4\ashWebSv.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"UIHost" - "Microsoft Corporation" - C:\WINDOWS\system32\logonui.exe
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{B587E2B1-4D59-4e7e-AED9-22B9DF11D053} "802.3 Group Policy" - "Microsoft Corporation" - C:\WINDOWS\system32\dot3gpclnt.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A} "EFS recovery" - "Microsoft Corporation" - C:\WINDOWS\system32\scecli.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B} "Internet Explorer Branding" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} "Internet Explorer Machine Accelerators" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{7B849a69-220F-451E-B3FE-2CB811AF94AE} "Internet Explorer User Accelerators" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3} "Internet Explorer Zonemapping" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{C631DF4C-088F-4156-B058-4375F0853CD8} "Microsoft Offline Files" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{3610eda5-77ef-11d2-8dc5-00c04fa31a66} "Microsoft-Datenträgerkontingent" - "Microsoft Corporation" - C:\WINDOWS\system32\dskquota.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{827D319E-6EAC-11D2-A4EA-00C04F79F83A} "Security" - "Microsoft Corporation" - C:\WINDOWS\system32\scecli.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (Hidden registry entry, rootkit activity | File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.dll  (Hidden registry entry, rootkit activity)
"crypt32chain" - "Microsoft Corporation" - C:\WINDOWS\system32\crypt32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"cryptnet" - "Microsoft Corporation" - C:\WINDOWS\system32\cryptnet.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"cscdll" - "Microsoft Corporation" - C:\WINDOWS\system32\cscdll.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"dimsntfy" - "Microsoft Corporation" - C:\WINDOWS\System32\dimsntfy.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"ScCertProp" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"Schedule" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"sclgntfy" - "Microsoft Corporation" - C:\WINDOWS\system32\sclgntfy.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"SensLogn" - "Microsoft Corporation" - C:\WINDOWS\system32\WlNotify.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"termsrv" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"wlballoon" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
MBRCheck
Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows XP Home Edition
Windows Information:                Service Pack 3 (build 2600)
Logical Drives Mask:                0x0000001d

Kernel Drivers (total 124):
  0x804D7000 \WINDOWS\system32\ntoskrnl.exe
  0x80701000 \WINDOWS\system32\hal.dll
  0xF7987000 \WINDOWS\system32\KDCOM.DLL
  0xF7897000 \WINDOWS\system32\BOOTVID.dll
  0xF75A7000 ACPI.sys
  0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
  0xF7596000 pci.sys
  0xF75F7000 ohci1394.sys
  0xF7607000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
  0xF7617000 isapnp.sys
  0xF7A4F000 pciide.sys
  0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
  0xF7627000 MountMgr.sys
  0xF74D7000 ftdisk.sys
  0xF770F000 PartMgr.sys
  0xF7637000 VolSnap.sys
  0xF74BF000 atapi.sys
  0xF7B1F000 iaStor.sys
  0xF7647000 disk.sys
  0xF7657000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
  0xF749F000 fltmgr.sys
  0xF748D000 sr.sys
  0xF7476000 KSecDD.sys
  0xB8773000 Ntfs.sys
  0xB8746000 NDIS.sys
  0xB872C000 Mup.sys
  0xF76A7000 \SystemRoot\System32\DRIVERS\nic1394.sys
  0xB8233000 \SystemRoot\System32\DRIVERS\intelppm.sys
  0xB6543000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
  0xB652F000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xB6507000 \SystemRoot\System32\DRIVERS\HDAudBus.sys
  0xB64F3000 \SystemRoot\System32\DRIVERS\Rtenicxp.sys
  0xF7757000 \SystemRoot\System32\DRIVERS\usbuhci.sys
  0xB64CF000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
  0xF775F000 \SystemRoot\System32\DRIVERS\usbehci.sys
  0xF7767000 \SystemRoot\System32\DRIVERS\fdc.sys
  0xB64BB000 \SystemRoot\System32\DRIVERS\parport.sys
  0xB8608000 \SystemRoot\System32\DRIVERS\gameenum.sys
  0xB8223000 \SystemRoot\System32\DRIVERS\serial.sys
  0xB8604000 \SystemRoot\System32\DRIVERS\serenum.sys
  0xB8213000 \SystemRoot\System32\DRIVERS\imapi.sys
  0xB8203000 \SystemRoot\System32\DRIVERS\cdrom.sys
  0xB81F3000 \SystemRoot\System32\DRIVERS\redbook.sys
  0xB6498000 \SystemRoot\System32\DRIVERS\ks.sys
  0xF776F000 \SystemRoot\system32\DRIVERS\vcsvad.sys
  0xB6474000 \SystemRoot\system32\DRIVERS\portcls.sys
  0xB81E3000 \SystemRoot\system32\DRIVERS\drmk.sys
  0xF7A9F000 \SystemRoot\System32\DRIVERS\audstub.sys
  0xB81D3000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
  0xB85FC000 \SystemRoot\System32\DRIVERS\ndistapi.sys
  0xB645D000 \SystemRoot\System32\DRIVERS\ndiswan.sys
  0xB81C3000 \SystemRoot\System32\DRIVERS\raspppoe.sys
  0xB81B3000 \SystemRoot\System32\DRIVERS\raspptp.sys
  0xF7777000 \SystemRoot\System32\DRIVERS\TDI.SYS
  0xB644C000 \SystemRoot\System32\DRIVERS\psched.sys
  0xB6F96000 \SystemRoot\System32\DRIVERS\msgpc.sys
  0xF777F000 \SystemRoot\System32\DRIVERS\ptilink.sys
  0xF7787000 \SystemRoot\System32\DRIVERS\raspti.sys
  0xB6F86000 \SystemRoot\System32\DRIVERS\termdd.sys
  0xF778F000 \SystemRoot\System32\DRIVERS\kbdclass.sys
  0xF7797000 \SystemRoot\System32\DRIVERS\mouclass.sys
  0xF79CD000 \SystemRoot\System32\DRIVERS\swenum.sys
  0xB63EE000 \SystemRoot\System32\DRIVERS\update.sys
  0xB85F4000 \SystemRoot\System32\DRIVERS\mssmbios.sys
  0xB863C000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xA6AB0000 \SystemRoot\system32\drivers\RtkHDAud.sys
  0xAA3A3000 \SystemRoot\System32\DRIVERS\usbhub.sys
  0xF79A5000 \SystemRoot\System32\DRIVERS\USBD.SYS
  0xAFCBC000 \SystemRoot\System32\DRIVERS\flpydisk.sys
  0xF79A7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xAEE5B000 \SystemRoot\System32\Drivers\Null.SYS
  0xF79A9000 \SystemRoot\System32\Drivers\Beep.SYS
  0xAFCAC000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
  0xAFCA4000 \SystemRoot\System32\drivers\vga.sys
  0xF79AB000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xF79AD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xAFC9C000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xAFC94000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xB32DE000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0xA6A41000 \SystemRoot\System32\DRIVERS\ipsec.sys
  0xA69E8000 \SystemRoot\System32\DRIVERS\tcpip.sys
  0xA69C2000 \SystemRoot\System32\DRIVERS\ipnat.sys
  0xAA373000 \SystemRoot\System32\Drivers\aswTdi.SYS
  0xAA363000 \SystemRoot\System32\DRIVERS\wanarp.sys
  0xA699A000 \SystemRoot\System32\DRIVERS\netbt.sys
  0xAA353000 \SystemRoot\System32\DRIVERS\arp1394.sys
  0xA6978000 \SystemRoot\System32\drivers\afd.sys
  0xAA343000 \SystemRoot\System32\DRIVERS\netbios.sys
  0xA6956000 \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
  0xAD0DC000 \??\C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
  0xA692B000 \SystemRoot\System32\DRIVERS\rdbss.sys
  0xA68BB000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
  0xA9688000 \SystemRoot\System32\Drivers\Fips.SYS
  0xA4FBF000 \SystemRoot\System32\Drivers\aswSP.SYS
  0xAD094000 \SystemRoot\System32\Drivers\Aavmker4.SYS
  0xA9704000 \SystemRoot\System32\DRIVERS\usbccgp.sys
  0xAFCFC000 \SystemRoot\System32\DRIVERS\hidusb.sys
  0xA8D98000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
  0x9EFA1000 \SystemRoot\System32\DRIVERS\BLKWGU.sys
  0xA14A2000 \SystemRoot\System32\DRIVERS\kbdhid.sys
  0xA1034000 \SystemRoot\System32\DRIVERS\mouhid.sys
  0xA115B000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0x9EEE1000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xA0124000 \SystemRoot\System32\drivers\Dxapi.sys
  0xB35E1000 \SystemRoot\System32\watchdog.sys
  0xBD000000 \SystemRoot\System32\drivers\dxg.sys
  0x9FFD2000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBD012000 \SystemRoot\System32\nv4_disp.dll
  0xBD635000 \SystemRoot\System32\ATMFD.DLL
  0xA57B0000 \SystemRoot\system32\DRIVERS\aswFsBlk.sys
  0xA240D000 \SystemRoot\System32\DRIVERS\ndisuio.sys
  0x9ECCB000 \SystemRoot\System32\Drivers\aswMon2.SYS
  0x9EBC6000 \SystemRoot\system32\drivers\wdmaud.sys
  0xA9628000 \SystemRoot\system32\drivers\sysaudio.sys
  0x9EA09000 \SystemRoot\System32\DRIVERS\mrxdav.sys
  0xB1760000 \SystemRoot\System32\Drivers\ParVdm.SYS
  0x9E989000 \SystemRoot\System32\DRIVERS\srv.sys
  0x9E560000 \SystemRoot\System32\Drivers\HTTP.sys
  0x9E60D000 \SystemRoot\System32\Drivers\aswRdr.SYS
  0xF79D1000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
  0xF77F7000 \??\C:\DOKUME~1\Kilaoa\LOKALE~1\Temp\catchme.sys
  0x9C1B0000 \??\C:\DOKUME~1\Kilaoa\LOKALE~1\Temp\uxtdqpow.sys
  0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 25):
      0 System Idle Process
      4 System
    636 C:\WINDOWS\system32\smss.exe
    848 csrss.exe
    872 C:\WINDOWS\system32\winlogon.exe
    916 C:\WINDOWS\system32\services.exe
    928 C:\WINDOWS\system32\lsass.exe
    1092 C:\WINDOWS\system32\nvsvc32.exe
    1116 C:\WINDOWS\system32\svchost.exe
    1168 svchost.exe
    1208 C:\WINDOWS\system32\svchost.exe
    1328 svchost.exe
    1356 svchost.exe
    1580 C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
    1644 C:\Programme\Alwil Software\Avast4\ashServ.exe
    332 C:\WINDOWS\system32\spoolsv.exe
    1424 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    472 svchost.exe
    3372 alg.exe
    2804 C:\WINDOWS\system32\svchost.exe
    3556 C:\WINDOWS\explorer.exe
    1028 C:\Programme\SRWare Iron\iron.exe
    1436 C:\Programme\SRWare Iron\iron.exe
    2084 C:\Dokumente und Einstellungen\Kilaoa\Desktop\osam.exe
    1836 C:\Dokumente und Einstellungen\Kilaoa\Eigene Dateien\Downloads\MBRCheck (1).exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000018`69e61600  (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD322HJ, Rev: 1AC01118

      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive0  Windows XP MBR code detected
            SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11


Done!

--------------------------------------------------------------------

P.S. hatte zuerst deinen Hinweis überlesen, dass ich die online Abfrage überspringen soll und hatte es so gemacht wie es unter
http://www.trojaner-board.de/84180-a...n-manager.html
stand. Weiss nicht ob das wichtig/anders ist aber vorsichtshalber hier auch noch diese Log:

OSAM:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:22:54 on 15.04.2011

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskUserS-1-5-21-1454471165-1343024091-725345543-1004Core.job" - "Google Inc." - C:\Dokumente und Einstellungen\Kilaoa\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-1454471165-1343024091-725345543-1004UA.job" - "Google Inc." - C:\Dokumente und Einstellungen\Kilaoa\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile USB Driver" (USBAAPL) - ? - C:\WINDOWS\System32\Drivers\usbaapl.sys  (File not found)
"aswFsBlk" (aswFsBlk) - "ALWIL Software" - C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys
"aswRdr" (aswRdr) - "ALWIL Software" - C:\WINDOWS\system32\drivers\aswRdr.sys
"avast! Asynchronous Virus Monitor" (Aavmker4) - "ALWIL Software" - C:\WINDOWS\system32\drivers\Aavmker4.sys
"avast! Network Shield Support" (aswTdi) - "ALWIL Software" - C:\WINDOWS\system32\drivers\aswTdi.sys
"avast! Self Protection" (aswSP) - "ALWIL Software" - C:\WINDOWS\system32\drivers\aswSP.sys
"avast! Standard Shield Support" (aswMon2) - "ALWIL Software" - C:\WINDOWS\system32\drivers\aswMon2.sys
"Avnex Virtual Audio Device (WDM)" (VCSVADHWSer) - "Avnex" - C:\WINDOWS\System32\DRIVERS\vcsvad.sys
"Belkin Wireless G USB Network Adapter(Belkin)" (BLKWGU(Belkin)) - "Belkin Corporation" - C:\WINDOWS\System32\DRIVERS\BLKWGU.sys
"catchme" (catchme) - ? - C:\DOKUME~1\Kilaoa\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"EagleNT" (EagleNT) - ? - C:\WINDOWS\system32\drivers\EagleNT.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"mbr" (mbr) - ? - C:\CoFi\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"MEMSWEEP2" (MEMSWEEP2) - ? - C:\WINDOWS\system32\62.tmp  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"SANDRA" (SANDRA) - ? - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP1\WNt500x86\Sandra.sys  (File not found)
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
"SASENUM" (SASENUM) - " SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASENUM.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File not found)
"uxtdqpow" (uxtdqpow) - ? - C:\DOKUME~1\Kilaoa\LOKALE~1\Temp\uxtdqpow.sys  (Hidden registry entry, rootkit activity | File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"ZDPSp50 NDIS Protocol Driver" (ZDPSp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\System32\Drivers\ZDPSp50.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "ALWIL Software" - C:\Programme\Alwil Software\Avast4\ashShell.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -  (File not found | COM-object registry key not found)
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{1984D045-52CF-49cd-DB77-08F378FEA4DB} "ObjectDockShlExt" - ? -  (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
{1984D045-52CF-49cd-DB77-08F378FEA4DB} {000214e8-0000-0000-c000-000000000046} 0x401 "{1984D045-52CF-49cd-DB77-08F378FEA4DB} {000214e8-0000-0000-c000-000000000046} 0x401" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Programme\Spybot\SDHelper.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Programme\Spybot\SDHelper.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Kilaoa\Startmenü\Programme\Autostart\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avast!" - "ALWIL Software" - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"avast! Antivirus" (avast! Antivirus) - "ALWIL Software" - C:\Programme\Alwil Software\Avast4\ashServ.exe
"avast! iAVS4 Control Service" (aswUpdSv) - "ALWIL Software" - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
"avast! Mail Scanner" (avast! Mail Scanner) - "ALWIL Software" - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
"avast! Web Scanner" (avast! Web Scanner) - "ALWIL Software" - C:\Programme\Alwil Software\Avast4\ashWebSv.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"UIHost" - "Microsoft Corporation" - C:\WINDOWS\system32\logonui.exe
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{B587E2B1-4D59-4e7e-AED9-22B9DF11D053} "802.3 Group Policy" - "Microsoft Corporation" - C:\WINDOWS\system32\dot3gpclnt.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A} "EFS recovery" - "Microsoft Corporation" - C:\WINDOWS\system32\scecli.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B} "Internet Explorer Branding" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} "Internet Explorer Machine Accelerators" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{7B849a69-220F-451E-B3FE-2CB811AF94AE} "Internet Explorer User Accelerators" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3} "Internet Explorer Zonemapping" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{C631DF4C-088F-4156-B058-4375F0853CD8} "Microsoft Offline Files" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{3610eda5-77ef-11d2-8dc5-00c04fa31a66} "Microsoft-Datenträgerkontingent" - "Microsoft Corporation" - C:\WINDOWS\system32\dskquota.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{827D319E-6EAC-11D2-A4EA-00C04F79F83A} "Security" - "Microsoft Corporation" - C:\WINDOWS\system32\scecli.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (Hidden registry entry, rootkit activity | File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.dll  (Hidden registry entry, rootkit activity)
"crypt32chain" - "Microsoft Corporation" - C:\WINDOWS\system32\crypt32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"cryptnet" - "Microsoft Corporation" - C:\WINDOWS\system32\cryptnet.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"cscdll" - "Microsoft Corporation" - C:\WINDOWS\system32\cscdll.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"dimsntfy" - "Microsoft Corporation" - C:\WINDOWS\System32\dimsntfy.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"ScCertProp" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"Schedule" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"sclgntfy" - "Microsoft Corporation" - C:\WINDOWS\system32\sclgntfy.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"SensLogn" - "Microsoft Corporation" - C:\WINDOWS\system32\WlNotify.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"termsrv" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"wlballoon" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus 16.04.2011 11:36
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:19 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55