GVU Trojaner auf Laptop, Wix XP SP3

kabbi · 08.02.2013, 12:02

Hallo!! Mein Vater hat sich auf seinem Laptop mit Win XP Professional SP3 einen GVU Trojaner eingefangen.

Im Abgesicherten Modus zu starten bringt nichts, das Bild erscheint sofort wieder.
Ohne Anleitung will ich lieber nichts selber versuchen und hoffe hier auf Hilfe.
Schonmal Danke.

markusg · 08.02.2013, 12:06

hi
Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.

Lade

OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.

Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
Lege eine leere CD in Deinen Brenner.
ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
Du kannst nun die Fenster des Brennprogramms schließen.

Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD

Bebilderte Anleitung: OTLpe-Scan

Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
Mache einen Doppelklick auf das OTLPE Icon.
Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
OTLpe sollte nun starten.
Drücke Run Scan, um den Scan zu starten.
Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
Bitte poste den Inhalt von C:\OTL.txt und Extras.txt.

kabbi · 08.02.2013, 16:55

Ich hoffe es hat soweit alles fuktioniert.
Das ist bei dem Scan raus gekommen. Falls was falsch war, bitte Bescheid geben.
Vielen Dank!

Code:

ATTFilter

OTL logfile created on: 2/8/2013 4:24:14 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,014.00 Mb Total Physical Memory | 754.00 Mb Available Physical Memory | 74.00% Memory free
902.00 Mb Paging File | 800.00 Mb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74.28 Gb Total Space | 13.05 Gb Free Space | 17.57% Space Free | Partition Type: NTFS
Drive D: | 7.68 Gb Total Space | 7.67 Gb Free Space | 99.95% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (Automatisches LiveUpdate - Scheduler)
SRV - [2013/02/07 10:17:53 | 000,114,688 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Dokumente und Einstellungen\Reith\338359.exe -- (winmgmt)
SRV - [2013/01/12 09:25:51 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/26 13:15:26 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Programme\McAfee Security Scan\3.0.313\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/05/16 07:40:36 | 000,072,704 | ---- | M] (Autodesk) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto] -- C:\Programme\Norton 360\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2011/03/25 08:44:57 | 001,404,008 | ---- | M] () [Auto] -- C:\WINDOWS\System32\ieconfig_1und1_svc.exe -- (serviceIEConfig)
SRV - [2005/04/03 18:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/01/17 18:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2003/07/28 06:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2001/11/12 07:31:48 | 000,020,480 | ---- | M] (X10) [Auto] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (UIUSys)
DRV - File not found [Kernel | On_Demand] --  -- (SYMNDIS)
DRV - File not found [Kernel | On_Demand] --  -- (SYMIDS)
DRV - File not found [Kernel | On_Demand] --  -- (SYMFW)
DRV - File not found [Kernel | System] --  -- (PRAGMApipyycwkid)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - [2013/02/08 04:12:58 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/01/16 11:04:35 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130207.025\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/01/16 11:04:34 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130207.025\NAVENG.SYS -- (NAVENG)
DRV - [2013/01/15 21:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20130116.013\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/11/06 11:22:32 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/11/06 11:22:32 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/08/31 19:27:25 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20130207.002\IDSxpx86.sys -- (IDSxpx86)
DRV - [2011/06/18 07:47:39 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 20:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\System32\Drivers\N360\0502020.003\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/30 22:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | System] -- C:\WINDOWS\System32\Drivers\N360\0502020.003\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\N360\0502020.003\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 21:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\N360\0502020.003\symefa.sys -- (SymEFA)
DRV - [2011/01/27 01:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\N360\0502020.003\symds.sys -- (SymDS)
DRV - [2011/01/27 00:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\N360\0502020.003\Ironx86.SYS -- (SymIRON)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2006/12/24 04:48:36 | 000,034,816 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\SSHDRV5C.sys -- (SSHDRV5C)
DRV - [2006/04/28 10:27:48 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)
DRV - [2006/04/28 10:26:46 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)
DRV - [2006/04/28 10:25:44 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)
DRV - [2006/04/28 10:25:40 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)
DRV - [2006/04/28 10:24:42 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)
DRV - [2006/04/28 10:24:06 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)
DRV - [2006/04/28 10:24:00 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)
DRV - [2006/01/17 10:30:58 | 000,015,744 | R--- | M] (SMSC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HIDSMSC.SYS -- (SMCB000)
DRV - [2006/01/12 10:21:18 | 000,031,872 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\qkbfiltr.sys -- (qkbfiltr)
DRV - [2005/12/29 16:20:38 | 000,561,664 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2005/12/05 03:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/11/30 12:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/11/28 04:45:16 | 000,007,040 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\x10hid.sys -- (X10Hid)
DRV - [2005/11/08 17:12:00 | 000,997,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/11/08 17:11:00 | 000,723,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/11/08 17:11:00 | 000,202,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/09/09 08:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/06/10 23:42:00 | 000,005,504 | ---- | M] (Quanta Computer Corp) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BoiHwSetup.sys -- (BoiHwsetup)
DRV - [2005/05/05 08:27:38 | 000,007,936 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\qmofiltr.sys -- (qmofiltr)
DRV - [2004/08/10 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 08:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/04/19 00:01:00 | 000,006,656 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gflmouhid.sys -- (genmcmnUSB)
DRV - [2003/09/18 19:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/01/29 16:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [1998/10/15 02:02:50 | 000,052,800 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\System32\drivers\HPFECP15.SYS -- (HPFECP15)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\***_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie8_startpage
IE - HKU\***_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKU\***_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\***_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Programme\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Programme\McAfee Security Scan\3.0.313\npMcAfeeMSS.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/02/11 06:27:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_13_2 [2013/02/08 06:28:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/30 09:25:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/03/13 10:50:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/11/30 09:25:59 | 000,000,000 | ---D | M]
 
[2011/12/16 03:35:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012/03/13 10:50:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2009/03/31 15:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Programme\mozilla firefox\components\coFFPlgn.dll
[2012/11/30 09:24:51 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Programme\mozilla firefox\plugins\nprpplugin.dll
[2012/03/13 10:50:06 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/13 10:50:06 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012/03/13 10:50:06 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012/03/13 10:50:06 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/03/13 10:50:06 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/03/13 10:50:06 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004/08/10 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar IE8\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar IE8\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\Reith_ON_C\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\Reith_ON_C\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKU\Reith_ON_C\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar IE8\IE\uitb.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Programme\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [mouseElf] C:\Programme\Navigator\MouseElf.exe ()
O4 - HKLM..\Run: [NDSTray.exe]  File not found
O4 - HKLM..\Run: [OM2_Monitor] C:\Programme\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Toshiba Hotkey Utility] C:\Programme\Toshiba\Windows Utilities\Hotkey.exe (TOSHIBA Inc.)
O4 - HKU\Administrator_ON_C..\Run: [TOSCDSPD] C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\Reith_ON_C..\Run: [1und1Dispatcher] C:\Programme\1und1Softwareaktualisierung\SchedDispatcher.exe (1&1 Mail & Media GmbH)
O4 - HKU\Reith_ON_C..\Run: [OM2_Monitor] C:\Programme\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKU\Reith_ON_C..\Run: [TOSCDSPD] C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\3.0.313\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\Reith\Startmenü\Programme\Autostart\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Reith_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar IE8\IE\uitb.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/01/30 14:27:26 | 000,013,848 | ---- | M] () - D:\Auto zu verkaufen REITH.docx -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {111877A7-D9AB-9F9C-98B9-BCA4579EA650} - Microsoft Windows Media Player
ActiveX: {14F4D1F6-79E4-4256-A10B-3CCD138698C6} - Microsoft .NET Framework 1.0 Hotfix (KB2656378)
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {222FB945-258A-4734-84EA-99E5B4EF4E00} - WEB.DE Browser Add-on
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29A43E48-B726-47B6-9EAC-AA2B7B48E133} - Microsoft .NET Framework 1.0 Security Update (KB2698035)
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {339E9413-F230-4F0F-ADDD-17914D95FD6D} - Microsoft .NET Framework 1.0 Hotfix (KB2604042)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4F00D11B-8327-4C55-B7DA-B8D8C10F28A8} - Microsoft .NET Framework 1.0 Hotfix (KB2572066)
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {507E953C-3D3A-4CD3-8A96-5F0B455F2E3A} - WEB.DE Browser Toolbar
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6C298884-91FD-408C-9D90-5A59D2C29FD1} - Microsoft .NET Framework 1.1 Security Update (KB2742597)
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8BF1B8CD-9A6C-4382-A454-CC769B913F48} - Microsoft .NET Framework 1.0 Hotfix (KB2656378)
ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {DE895E98-54B2-4180-91E1-7A0020EDF577} - Microsoft .NET Framework 1.0 Security Update (KB2742607)
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {F4317265-E6E0-91A7-C5AC-538F48E76E40} - Microsoft Windows Media Player
ActiveX: {F6545DA0-08FF-2F53-A8A2-393B68F5B6A0} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{E9D28A7F-49A0-41E8-95B7-4C699B1D3A6A} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: winmgmt - C:\Dokumente und Einstellungen\Reith\338359.exe (Microsoft Corporation)
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/07 10:17:52 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Reith\338359.exe
[2013/02/04 10:17:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\McAfee Security Scan Plus
[2013/01/25 11:08:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Reith\Anwendungsdaten\TeamViewer
[2013/01/12 09:25:29 | 016,369,160 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2011/10/28 09:31:34 | 002,063,321 | ---- | C] (GraphicRegion.com                                           ) -- C:\Programme\ablerawer_1.4.exe
[2007/03/30 02:25:15 | 014,993,976 | ---- | C] (Macrovision Corporation) -- C:\Programme\GoogleEarthWin_EARE.exe
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Dokumente und Einstellungen\Reith\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Reith\Eigene Dateien\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/08 06:28:12 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3822127138-4128325502-4161374032-1005.job
[2013/02/08 06:27:59 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/08 06:27:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/08 06:27:21 | 1063,440,384 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/08 06:02:10 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\953833.pad
[2013/02/08 05:46:16 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/08 05:46:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/02/08 04:12:58 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/02/07 10:24:24 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/07 10:19:12 | 000,002,772 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\953833.js
[2013/02/07 10:19:12 | 000,000,770 | ---- | M] () -- C:\Dokumente und Einstellungen\Reith\Startmenü\Programme\Autostart\runctf.lnk
[2013/02/07 10:17:53 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Reith\338359.exe
[2013/02/07 09:29:14 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/06 17:56:18 | 002,167,382 | ---- | M] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-3822127138-4128325502-4161374032-1005-0.dat
[2013/02/06 17:56:00 | 000,203,398 | ---- | M] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2013/02/04 16:04:30 | 000,002,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Reith\Desktop\Microsoft Word.lnk
[2013/02/04 14:00:01 | 000,000,494 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Systemprüfung ausführen - Reith.job
[2013/02/04 10:17:26 | 000,001,737 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\McAfee Security Scan Plus.lnk
[2013/02/04 10:17:26 | 000,001,731 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk
[2013/02/04 10:17:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\McAfee Security Scan Plus
[2013/02/04 10:17:11 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
[2013/01/24 09:20:00 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\3953114.pad
[2013/01/18 12:42:03 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3822127138-4128325502-4161374032-1005.job
[2013/01/16 11:26:05 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/01/12 09:25:42 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/01/12 09:25:41 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/01/12 09:25:30 | 016,369,160 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/01/09 16:39:33 | 000,526,500 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013/01/09 16:39:33 | 000,500,416 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/09 16:39:33 | 000,106,504 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013/01/09 16:39:33 | 000,088,422 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/09 16:30:28 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Dokumente und Einstellungen\***\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Reith\Eigene Dateien\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/02/08 05:40:12 | 1063,440,384 | -HS- | C] () -- C:\hiberfil.sys
[2013/02/07 10:19:12 | 000,002,772 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\953833.js
[2013/02/07 10:19:10 | 000,000,770 | ---- | C] () -- C:\Dokumente und Einstellungen\Reith\Startmenü\Programme\Autostart\runctf.lnk
[2013/02/07 10:18:41 | 095,023,320 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\953833.pad
[2013/02/04 10:17:25 | 000,001,737 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\McAfee Security Scan Plus.lnk
[2013/02/04 10:17:11 | 000,001,731 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk
[2013/01/24 09:16:31 | 095,023,320 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\3953114.pad
[2012/09/28 03:47:19 | 000,076,340 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\vdsnfaagtxxyfzx
[2012/05/15 09:06:23 | 000,000,001 | R--- | C] () -- C:\Dokumente und Einstellungen\Reith\serverport
[2012/02/16 01:30:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/24 07:16:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/22 15:14:33 | 002,167,382 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-3822127138-4128325502-4161374032-1005-0.dat
[2011/12/13 16:50:58 | 000,203,398 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2011/06/15 13:11:22 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\Reith\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/06/15 13:06:18 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/03/25 08:44:57 | 001,404,008 | ---- | C] () -- C:\WINDOWS\System32\ieconfig_1und1_svc.exe
[2011/03/25 08:44:55 | 003,406,336 | ---- | C] () -- C:\WINDOWS\System32\WEBDE-DLLUpdate1.exe
[2010/03/27 09:47:50 | 000,001,755 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2009/10/11 04:35:16 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2009/03/29 04:04:10 | 000,000,222 | ---- | C] () -- C:\WINDOWS\HPFTBX15.INI
[2008/04/24 10:17:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\KBHook.dll
[2008/04/24 10:17:42 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\TaskKeyHook.dll
[2008/04/24 10:17:42 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\gflmouhid.sys
[2007/07/14 06:30:50 | 000,001,140 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/07/12 10:17:57 | 000,020,992 | ---- | C] () -- C:\Dokumente und Einstellungen\Reith\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/08 02:01:59 | 000,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/04/08 05:42:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/04/08 05:40:45 | 006,615,712 | ---- | C] () -- C:\Programme\FirefoxGoogleToolbarSetup.exe
[2007/03/12 12:02:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Whoru.dll
[2007/01/29 12:31:51 | 047,250,712 | ---- | C] () -- C:\Programme\NIS071020GE.exe
[2006/12/24 04:48:36 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV5C.sys
[2006/12/07 18:01:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/10/26 09:30:33 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Reith\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006/10/26 09:30:07 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Default User\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006/03/22 04:12:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/22 03:56:06 | 000,000,466 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini
[2006/03/22 03:25:13 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/22 02:05:11 | 000,012,402 | ---- | C] () -- C:\WINDOWS\HWSetupStr.ini
[2006/03/22 02:05:11 | 000,002,182 | R--- | C] () -- C:\WINDOWS\SVPW32Str.ini
[2006/03/22 01:55:00 | 000,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/22 01:49:17 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/03/22 01:49:17 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/03/22 01:49:17 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/03/22 01:49:17 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/03/22 01:49:17 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/03/22 01:49:17 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/03/22 01:47:43 | 000,127,184 | ---- | C] () -- C:\WINDOWS\Unwise.exe
[2006/03/22 01:18:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/03/21 16:06:57 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/03/21 16:06:56 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/03/21 16:06:55 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/03/21 16:06:55 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/03/21 16:06:53 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/03/21 16:06:53 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/03/21 16:06:53 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/03/21 16:06:50 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/03/21 16:06:50 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/03/21 16:06:49 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/03/21 10:04:04 | 000,009,362 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/03/21 10:04:04 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/03/21 10:04:03 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/03/21 10:04:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/03/17 07:09:59 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006/03/17 07:05:33 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/03/17 06:58:42 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/03/17 06:53:09 | 000,004,335 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/03/17 06:52:18 | 000,233,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/03/17 06:46:26 | 000,159,744 | ---- | C] () -- C:\WINDOWS\MakeMrk.exe
[2006/03/17 06:46:26 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2006/03/17 06:46:26 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/03/17 06:46:14 | 000,526,500 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006/03/17 06:46:14 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2006/03/17 06:46:14 | 000,106,504 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006/03/17 06:46:14 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2006/03/17 06:45:42 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/17 06:45:40 | 000,500,416 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/03/17 06:45:40 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/17 06:45:40 | 000,088,422 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/03/17 06:45:40 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/17 06:45:40 | 000,004,631 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/03/17 06:45:38 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/03/17 06:45:37 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/03/17 06:45:29 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/17 06:45:29 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/17 06:45:26 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/17 06:45:18 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/01/26 12:03:32 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/12/08 13:56:50 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\tsbwls.dll
[2005/09/02 08:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/05 08:26:04 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/22 15:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 11:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 08:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[1999/01/22 13:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/10/15 02:52:10 | 000,126,464 | ---- | C] () -- C:\WINDOWS\System32\HPFcfg15.exe
[1998/10/15 02:51:40 | 000,119,808 | ---- | C] () -- C:\WINDOWS\System32\HPFlnk15.exe
[1998/10/15 02:51:40 | 000,003,782 | ---- | C] () -- C:\WINDOWS\System32\HPFlnk15.ini
[1998/10/15 02:49:34 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\HPFtbx15.exe
[1998/10/15 02:45:56 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\HPFhid15.exe
[1998/10/15 02:31:58 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\HPFhrl15.dll
[1998/10/15 02:31:54 | 000,280,576 | ---- | C] () -- C:\WINDOWS\System32\HPFsrl15.dll
[1998/10/15 02:31:46 | 000,683,008 | ---- | C] () -- C:\WINDOWS\System32\HPFmrl15.dll
[1998/10/15 02:31:42 | 001,325,056 | ---- | C] () -- C:\WINDOWS\System32\HPFtrl15.dll
[1998/10/15 02:28:06 | 000,193,536 | ---- | C] () -- C:\WINDOWS\System32\HPFcps15.dll
[1998/10/15 02:27:38 | 000,076,800 | ---- | C] () -- C:\WINDOWS\System32\HPF24r15.dll
[1998/10/15 02:26:28 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\HPFtst15.dll
[1998/10/15 02:24:46 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\HPFpcl15.dll
[1998/10/15 02:17:24 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\HPFui15.dll
[1998/10/15 02:10:58 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\HPFwin15.dll
[1998/10/15 02:07:18 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\HPFmon15.dll
[1998/10/15 02:06:40 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\HPFcbl15.dll
[1998/10/15 02:04:40 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\HPFnet15.dll
[1998/10/15 02:04:26 | 000,033,384 | ---- | C] () -- C:\WINDOWS\System32\HPFiop15.dll
[1998/10/15 02:04:14 | 000,069,284 | ---- | C] () -- C:\WINDOWS\System32\HPFpml15.dll
[1998/10/15 02:04:08 | 000,138,428 | ---- | C] () -- C:\WINDOWS\System32\HPFmlc15.dll
[1998/10/15 02:03:58 | 000,057,240 | ---- | C] () -- C:\WINDOWS\System32\HPFmem15.dll
[1998/10/15 02:03:54 | 000,048,292 | ---- | C] () -- C:\WINDOWS\System32\HPFlpm15.dll
[1998/10/15 02:03:42 | 000,072,368 | ---- | C] () -- C:\WINDOWS\System32\HPFcom15.dll
[1998/10/15 02:02:50 | 000,052,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\HPFecp15.sys
[1998/10/15 02:02:02 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\HPFrsu15.dll
[1998/10/15 02:01:32 | 000,117,760 | ---- | C] () -- C:\WINDOWS\System32\HPFrsa15.dll
[1998/10/15 01:57:08 | 000,849,920 | ---- | C] () -- C:\WINDOWS\System32\HPFimg15.dll
[1998/10/15 01:53:54 | 000,124,928 | ---- | C] () -- C:\WINDOWS\System32\HPFcnt15.dll
[1998/09/24 02:48:54 | 000,035,328 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
 
========== LOP Check ==========
 
[2006/09/01 09:45:45 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\toshiba
[2006/10/26 09:31:50 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\X10 Commander
[2006/09/01 09:45:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\toshiba
[2006/09/01 09:46:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\X10 Commander
[2011/12/16 03:36:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\1&1 Mail & Media GmbH
[2012/05/16 07:43:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Autodesk
[2011/12/12 12:39:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Garmin
[2006/10/26 13:14:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InterVideo
[2012/11/30 09:01:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MPEG Streamclip
[2013/01/25 11:08:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TeamViewer
[2006/11/30 11:42:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Teleca
[2012/09/29 05:52:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Tific
[2006/09/01 09:45:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\toshiba
[2011/07/03 05:20:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1und1InternetExplorerAddon
[2012/05/16 07:49:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Autodesk
[2011/06/06 10:28:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CygniCon
[2011/07/03 05:19:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DesktopIcons
[2011/12/12 12:42:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Garmin
[2011/03/25 08:44:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IEConfiguration1und1
[2009/06/21 13:23:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCSettings
[2012/09/28 03:47:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\szmokjsttikrumb
[2011/10/28 09:32:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer
[2011/12/31 06:36:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UUdb
[2011/01/31 12:35:33 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{06C4B2DE-F57C-40CB-99BF-4F9EE7C645DF}
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2006/12/03 06:46:29 | 000,000,000 | ---D | M] -- C:\53035c5259e96c5a60c526cd
[2009/08/22 15:55:42 | 000,000,000 | ---D | M] -- C:\8040f140198c005600
[2006/09/01 09:45:39 | 000,000,000 | ---D | M] -- C:\CMPNENTS
[2013/01/10 12:09:49 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2006/10/26 09:30:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011/12/23 12:26:25 | 000,000,000 | -HSD | M] -- C:\found.000
[2011/04/04 00:37:10 | 000,000,000 | ---D | M] -- C:\I386
[2006/12/12 05:33:29 | 000,000,000 | ---D | M] -- C:\Meine Downloads
[2006/09/01 09:47:47 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011/01/30 12:29:22 | 000,000,000 | ---D | M] -- C:\N360_BACKUP
[2008/08/26 06:24:01 | 000,000,000 | ---D | M] -- C:\Program Files
[2012/11/30 09:21:03 | 000,000,000 | R--D | M] -- C:\Programme
[2006/10/26 14:44:46 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2006/09/01 09:49:29 | 000,000,000 | ---D | M] -- C:\SUPPORT
[2013/02/07 09:03:09 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2007/05/13 07:25:59 | 000,000,000 | ---D | M] -- C:\Temp
[2006/09/01 09:50:32 | 000,000,000 | ---D | M] -- C:\Toolscd
[2012/09/13 10:52:16 | 000,000,000 | ---D | M] -- C:\VALUEADD
[2007/10/24 13:54:52 | 000,000,000 | ---D | M] -- C:\VOX Bauplaner PRO
[2013/02/08 06:27:49 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
[2011/10/28 09:31:40 | 002,063,321 | ---- | M] (GraphicRegion.com                                           ) -- C:\Programme\ablerawer_1.4.exe
[2007/04/08 05:40:52 | 006,615,712 | ---- | M] () -- C:\Programme\FirefoxGoogleToolbarSetup.exe
[2007/03/30 02:25:31 | 014,993,976 | ---- | M] (Macrovision Corporation) -- C:\Programme\GoogleEarthWin_EARE.exe
[2007/01/29 12:31:53 | 047,250,712 | ---- | M] () -- C:\Programme\NIS071020GE.exe
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2004/08/10 08:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/10 08:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/11/23 08:08:31 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/11/23 08:08:31 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004/08/10 08:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/10 08:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/23 08:08:31 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/11/23 08:08:31 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 16:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/10 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008/04/13 21:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 21:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004/08/10 08:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007/06/13 08:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008/04/13 21:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008/04/13 21:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 08:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008/04/13 21:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 21:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008/04/13 21:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 21:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004/08/10 08:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005/03/02 13:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007/03/08 10:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005/03/02 13:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004/08/10 08:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007/03/08 10:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008/04/13 21:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 21:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008/04/13 21:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 21:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004/08/10 08:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004/08/10 08:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/09/07 10:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 21:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 21:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004/08/10 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006/03/17 07:51:42 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006/03/17 07:51:42 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006/03/17 07:51:42 | 000,434,176 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011/03/03 01:54:43 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2012/11/01 07:17:52 | 011,111,424 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2012/11/01 07:17:52 | 002,000,384 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/13 21:22:18 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 21:22:20 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2012/06/08 09:25:14 | 008,503,808 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >

markusg · 08.02.2013, 17:00

hi
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:

Code:

ATTFilter

:OTL
O4 - Startup: C:\Dokumente und Einstellungen\Reith\Startmenü\Programme\Autostart\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
[2013/02/07 10:17:52 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Reith\338359.exe
[2013/02/08 06:02:10 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\953833.pad
[2013/02/07 10:19:12 | 000,002,772 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\953833.js
[2013/02/07 10:19:12 | 000,000,770 | ---- | M] () -- C:\Dokumente und Einstellungen\Reith\Startmenü\Programme\Autostart\runctf.lnk
:Files
:Commands
[EMPTYFLASH] 
[emptytemp]

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

danach:
folgene Datei laden:
http://download.bleepingcomputer.com...xp/winmgmt.reg
doppelklicken, Nachfrage bestätigen, neustarten, bitte melden, wenn fertig

kabbi · 08.02.2013, 17:13

Der Fix wird übernommen, aber leider kann ich danach nicht mehr Run Fix anwählen. Es reagiert nichts.

Nach mehrmaligem Neustart von OTLPE hat es funktioniert, melde mich wieder.

Hier der log:

Code:

ATTFilter

========== OTL ==========
C:\Dokumente und Einstellungen\Reith\Startmenü\Programme\Autostart\runctf.lnk moved successfully.
File move failed. X:\I386\SYSTEM32\RUNDLL32.EXE scheduled to be moved on reboot.
C:\Dokumente und Einstellungen\Reith\338359.exe moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\953833.pad moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\953833.js moved successfully.
File C:\Dokumente und Einstellungen\Reith\Startmenü\Programme\Autostart\runctf.lnk not found.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: LocalService
->Temp folder emptied: 82513 bytes
->Temporary Internet Files folder emptied: 106116 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Reith
->Temp folder emptied: 232461056 bytes
->Temporary Internet Files folder emptied: 10801315 bytes
->Java cache emptied: 59706255 bytes
->FireFox cache emptied: 73295197 bytes
->Flash cache emptied: 1597 bytes
 
Total Flash Files Cleaned = 359.00 mb
 
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Reith
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 5435271 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4769116 bytes
 
Total Files Cleaned = 10.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 02082013_171530

Files\Folders moved on Reboot...
File\Folder X:\I386\SYSTEM32\RUNDLL32.EXE not found!

Registry entries deleted on Reboot...

Upload hat geklappt, neustart auch!

markusg · 08.02.2013, 17:46

hast du das regfile ausgeführt? falls nein, noch erleidgen bitte.
danach:
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten

kabbi · 08.02.2013, 18:10

Ja, reg hatte ich ausgeführt.

Code:

ATTFilter

18:02:33.0984 3312  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:02:36.0093 3312  ============================================================
18:02:36.0093 3312  Current date / time: 2013/02/08 18:02:36.0093
18:02:36.0093 3312  SystemInfo:
18:02:36.0093 3312  
18:02:36.0125 3312  OS Version: 5.1.2600 ServicePack: 3.0
18:02:36.0125 3312  Product type: Workstation
18:02:36.0125 3312  ComputerName: YOUR-2D1ABB0973
18:02:36.0156 3312  UserName: Reith
18:02:36.0156 3312  Windows directory: C:\WINDOWS
18:02:36.0156 3312  System windows directory: C:\WINDOWS
18:02:36.0156 3312  Processor architecture: Intel x86
18:02:36.0156 3312  Number of processors: 1
18:02:36.0156 3312  Page size: 0x1000
18:02:36.0156 3312  Boot type: Normal boot
18:02:36.0156 3312  ============================================================
18:02:49.0015 3312  Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:02:49.0109 3312  Drive \Device\Harddisk1\DR3 - Size: 0x1EC400000 (7.69 Gb), SectorSize: 0x200, Cylinders: 0x3EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:02:49.0109 3312  ============================================================
18:02:49.0109 3312  \Device\Harddisk0\DR0:
18:02:49.0140 3312  MBR partitions:
18:02:49.0140 3312  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9490C62
18:02:49.0140 3312  \Device\Harddisk1\DR3:
18:02:49.0140 3312  MBR partitions:
18:02:49.0140 3312  \Device\Harddisk1\DR3\Partition1: MBR, Type 0xB, StartLBA 0x4, BlocksNum 0xF61FFC
18:02:49.0140 3312  ============================================================
18:02:49.0250 3312  C: <-> \Device\Harddisk0\DR0\Partition1
18:02:49.0328 3312  ============================================================
18:02:49.0328 3312  Initialize success
18:02:49.0328 3312  ============================================================
18:03:18.0296 0312  ============================================================
18:03:18.0296 0312  Scan started
18:03:18.0296 0312  Mode: Manual; SigCheck; TDLFS; 
18:03:18.0296 0312  ============================================================
18:03:20.0984 0312  ================ Scan system memory ========================
18:03:21.0015 0312  System memory - ok
18:03:21.0015 0312  ================ Scan services =============================
18:03:21.0218 0312  Abiosdsk - ok
18:03:21.0218 0312  abp480n5 - ok
18:03:21.0312 0312  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:03:27.0937 0312  ACPI - ok
18:03:28.0078 0312  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
18:03:28.0578 0312  ACPIEC - ok
18:03:28.0703 0312  [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:03:28.0812 0312  AdobeFlashPlayerUpdateSvc - ok
18:03:28.0828 0312  adpu160m - ok
18:03:28.0906 0312  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
18:03:29.0109 0312  aec - ok
18:03:29.0203 0312  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
18:03:29.0296 0312  AFD - ok
18:03:29.0343 0312  Aha154x - ok
18:03:29.0359 0312  aic78u2 - ok
18:03:29.0359 0312  aic78xx - ok
18:03:29.0468 0312  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
18:03:29.0625 0312  Alerter - ok
18:03:29.0703 0312  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINDOWS\System32\alg.exe
18:03:29.0921 0312  ALG - ok
18:03:29.0921 0312  AliIde - ok
18:03:29.0937 0312  amsint - ok
18:03:30.0031 0312  [ D45960BE52C3C610D361977057F98C54 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
18:03:30.0203 0312  AppMgmt - ok
18:03:30.0281 0312  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:03:30.0453 0312  Arp1394 - ok
18:03:30.0468 0312  asc - ok
18:03:30.0484 0312  asc3350p - ok
18:03:30.0484 0312  asc3550 - ok
18:03:30.0640 0312  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:03:30.0703 0312  aspnet_state - ok
18:03:30.0734 0312  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:03:30.0953 0312  AsyncMac - ok
18:03:30.0984 0312  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
18:03:31.0140 0312  atapi - ok
18:03:31.0140 0312  Atdisk - ok
18:03:31.0171 0312  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:03:31.0359 0312  Atmarpc - ok
18:03:31.0468 0312  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
18:03:31.0609 0312  AudioSrv - ok
18:03:31.0656 0312  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
18:03:31.0796 0312  audstub - ok
18:03:31.0984 0312  [ 98628DFDE86E459CB84EC7AF17B7E4AC ] Autodesk Licensing Service C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
18:03:32.0031 0312  Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - warning
18:03:32.0031 0312  Autodesk Licensing Service - detected UnsignedFile.Multi.Generic (1)
18:03:32.0093 0312  Automatisches LiveUpdate - Scheduler - ok
18:03:32.0171 0312  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
18:03:32.0359 0312  Beep - ok
18:03:32.0718 0312  [ D2A55F5FE6B716913FB573872F2E5944 ] BHDrvx86        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20130116.013\BHDrvx86.sys
18:03:33.0296 0312  BHDrvx86 - ok
18:03:33.0500 0312  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
18:03:34.0125 0312  BITS - ok
18:03:34.0218 0312  [ 141BEFBD4F2A84A66E2F54B9E32E40D1 ] BoiHwsetup      C:\WINDOWS\system32\drivers\BoiHwSetup.sys
18:03:34.0515 0312  BoiHwsetup - ok
18:03:34.0609 0312  [ B71549F23736ADF83A571061C47777FD ] Browser         C:\WINDOWS\System32\browser.dll
18:03:34.0953 0312  Browser - ok
18:03:35.0031 0312  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
18:03:35.0515 0312  cbidf2k - ok
18:03:35.0515 0312  cd20xrnt - ok
18:03:35.0546 0312  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
18:03:35.0921 0312  Cdaudio - ok
18:03:35.0968 0312  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
18:03:36.0390 0312  Cdfs - ok
18:03:36.0437 0312  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:03:36.0843 0312  Cdrom - ok
18:03:37.0031 0312  [ 3CB0CC8879956C187E87E18634EE5164 ] CFSvcs          C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
18:03:37.0140 0312  CFSvcs ( UnsignedFile.Multi.Generic ) - warning
18:03:37.0140 0312  CFSvcs - detected UnsignedFile.Multi.Generic (1)
18:03:37.0140 0312  Changer - ok
18:03:37.0218 0312  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc           C:\WINDOWS\system32\cisvc.exe
18:03:37.0421 0312  CiSvc - ok
18:03:37.0484 0312  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
18:03:37.0656 0312  ClipSrv - ok
18:03:37.0750 0312  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:03:38.0375 0312  clr_optimization_v2.0.50727_32 - ok
18:03:38.0671 0312  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:03:39.0093 0312  clr_optimization_v4.0.30319_32 - ok
18:03:39.0187 0312  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:03:39.0578 0312  CmBatt - ok
18:03:39.0609 0312  CmdIde - ok
18:03:39.0656 0312  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:03:39.0843 0312  Compbatt - ok
18:03:39.0859 0312  COMSysApp - ok
18:03:39.0875 0312  Cpqarray - ok
18:03:39.0984 0312  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
18:03:40.0187 0312  CryptSvc - ok
18:03:40.0218 0312  dac2w2k - ok
18:03:40.0218 0312  dac960nt - ok
18:03:40.0343 0312  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
18:03:40.0640 0312  DcomLaunch - ok
18:03:40.0718 0312  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
18:03:40.0906 0312  Dhcp - ok
18:03:40.0953 0312  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
18:03:41.0203 0312  Disk - ok
18:03:41.0203 0312  dmadmin - ok
18:03:41.0453 0312  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
18:03:41.0937 0312  dmboot - ok
18:03:42.0015 0312  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
18:03:42.0281 0312  dmio - ok
18:03:42.0343 0312  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
18:03:42.0562 0312  dmload - ok
18:03:42.0656 0312  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
18:03:42.0828 0312  dmserver - ok
18:03:42.0921 0312  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
18:03:43.0125 0312  DMusic - ok
18:03:43.0218 0312  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
18:03:43.0546 0312  Dnscache - ok
18:03:43.0671 0312  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
18:03:43.0921 0312  Dot3svc - ok
18:03:43.0921 0312  dpti2o - ok
18:03:43.0953 0312  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
18:03:44.0093 0312  drmkaud - ok
18:03:44.0187 0312  [ 2646883E6DD867CD872D5B51B6036710 ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:03:44.0359 0312  E100B - ok
18:03:44.0437 0312  [ E1FA10ED8F9F700C1BE1EAE05A80EF57 ] e1express       C:\WINDOWS\system32\DRIVERS\e1e5132.sys
18:03:44.0656 0312  e1express - ok
18:03:44.0750 0312  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINDOWS\System32\eapsvc.dll
18:03:44.0937 0312  EapHost - ok
18:03:45.0250 0312  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
18:03:45.0375 0312  eeCtrl - ok
18:03:45.0656 0312  [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr         C:\WINDOWS\eHome\ehRecvr.exe
18:03:46.0078 0312  ehRecvr - ok
18:03:46.0218 0312  [ E774BF24A6CB798DCE67AD1C8E917152 ] ehSched         C:\WINDOWS\eHome\ehSched.exe
18:03:46.0343 0312  ehSched - ok
18:03:46.0453 0312  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:03:46.0640 0312  EraserUtilRebootDrv - ok
18:03:46.0843 0312  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINDOWS\System32\ersvc.dll
18:03:47.0000 0312  ERSvc - ok
18:03:47.0109 0312  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
18:03:47.0156 0312  Eventlog - ok
18:03:47.0312 0312  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem     C:\WINDOWS\system32\es.dll
18:03:47.0515 0312  EventSystem - ok
18:03:47.0578 0312  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
18:03:47.0781 0312  Fastfat - ok
18:03:47.0859 0312  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:03:48.0109 0312  FastUserSwitchingCompatibility - ok
18:03:48.0140 0312  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
18:03:48.0343 0312  Fdc - ok
18:03:48.0390 0312  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
18:03:48.0609 0312  Fips - ok
18:03:48.0640 0312  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
18:03:48.0781 0312  Flpydisk - ok
18:03:48.0843 0312  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
18:03:49.0000 0312  FltMgr - ok
18:03:49.0062 0312  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:03:49.0109 0312  FontCache3.0.0.0 - ok
18:03:49.0156 0312  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:03:49.0296 0312  Fs_Rec - ok
18:03:49.0359 0312  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:03:49.0500 0312  Ftdisk - ok
18:03:49.0546 0312  [ 5AE3A887ECE5BBB72CFAB273C2FD1CFA ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:03:49.0562 0312  GEARAspiWDM - ok
18:03:49.0593 0312  [ 86F732D2995ADA73FD307539EC266D3A ] genmcmnUSB      C:\WINDOWS\system32\DRIVERS\gflmouhid.sys
18:03:51.0687 0312  genmcmnUSB - ok
18:03:51.0796 0312  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:03:51.0937 0312  Gpc - ok
18:03:52.0109 0312  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Programme\Google\Update\GoogleUpdate.exe
18:03:52.0140 0312  gupdate - ok
18:03:52.0140 0312  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Programme\Google\Update\GoogleUpdate.exe
18:03:52.0171 0312  gupdatem - ok
18:03:52.0250 0312  [ A8BCCB6AB8E43C39F4EF1BC4DB8D6165 ] HdAudAddService C:\WINDOWS\system32\drivers\CHDAud.sys
18:03:52.0406 0312  HdAudAddService - ok
18:03:52.0468 0312  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:03:52.0609 0312  HDAudBus - ok
18:03:52.0718 0312  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:03:52.0890 0312  helpsvc - ok
18:03:53.0015 0312  [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ         C:\WINDOWS\System32\hidserv.dll
18:03:53.0218 0312  HidServ - ok
18:03:53.0281 0312  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:03:53.0421 0312  HidUsb - ok
18:03:53.0812 0312  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
18:03:53.0984 0312  hkmsvc - ok
18:03:54.0046 0312  [ 142350F09C99FFED0D839FB58344799C ] HPFECP15        C:\WINDOWS\System32\drivers\HPFECP15.SYS
18:03:54.0078 0312  HPFECP15 ( UnsignedFile.Multi.Generic ) - warning
18:03:54.0078 0312  HPFECP15 - detected UnsignedFile.Multi.Generic (1)
18:03:54.0078 0312  hpn - ok
18:03:54.0156 0312  [ A30D7011C1B80A0BC16602D99218D522 ] HSFHWAZL        C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
18:03:54.0187 0312  HSFHWAZL - ok
18:03:54.0265 0312  [ 5A5A7721D9C62D77FC0FABA9B2CF5BE9 ] HSF_DPV         C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
18:03:54.0359 0312  HSF_DPV - ok
18:03:54.0515 0312  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
18:03:54.0625 0312  HTTP - ok
18:03:54.0734 0312  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
18:03:54.0890 0312  HTTPFilter - ok
18:03:54.0890 0312  i2omgmt - ok
18:03:54.0906 0312  i2omp - ok
18:03:54.0937 0312  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:03:55.0078 0312  i8042prt - ok
18:03:55.0203 0312  [ 81EFE1C5542AFB2570758F39AE3B1151 ] ialm            C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
18:03:55.0375 0312  ialm - ok
18:03:55.0484 0312  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:03:55.0531 0312  IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:03:55.0531 0312  IDriverT - detected UnsignedFile.Multi.Generic (1)
18:03:55.0640 0312  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:03:55.0781 0312  idsvc - ok
18:03:55.0921 0312  [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86        C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20130207.002\IDSxpx86.sys
18:03:55.0968 0312  IDSxpx86 - ok
18:03:56.0015 0312  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
18:03:56.0156 0312  Imapi - ok
18:03:56.0234 0312  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe
18:03:56.0406 0312  ImapiService - ok
18:03:56.0453 0312  ini910u - ok
18:03:56.0453 0312  IntelIde - ok
18:03:56.0515 0312  [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:03:56.0656 0312  intelppm - ok
18:03:56.0671 0312  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
18:03:56.0812 0312  Ip6Fw - ok
18:03:56.0843 0312  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:03:56.0984 0312  IpFilterDriver - ok
18:03:57.0000 0312  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:03:57.0140 0312  IpInIp - ok
18:03:57.0171 0312  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:03:57.0312 0312  IpNat - ok
18:03:57.0343 0312  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:03:57.0468 0312  IPSec - ok
18:03:57.0515 0312  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
18:03:57.0640 0312  IRENUM - ok
18:03:57.0687 0312  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:03:57.0796 0312  isapnp - ok
18:03:57.0828 0312  [ F59C3569A2F2C464BB78CB1BDCDCA55E ] Iviaspi         C:\WINDOWS\system32\drivers\iviaspi.sys
18:03:57.0843 0312  Iviaspi ( UnsignedFile.Multi.Generic ) - warning
18:03:57.0843 0312  Iviaspi - detected UnsignedFile.Multi.Generic (1)
18:03:57.0875 0312  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:03:58.0015 0312  Kbdclass - ok
18:03:58.0046 0312  [ B6D6C117D771C98130497265F26D1882 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:03:58.0203 0312  kbdhid - ok
18:03:58.0250 0312  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
18:03:58.0375 0312  kmixer - ok
18:03:58.0421 0312  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
18:03:58.0578 0312  KSecDD - ok
18:03:58.0687 0312  [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
18:03:58.0843 0312  lanmanserver - ok
18:03:58.0890 0312  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:03:58.0968 0312  lanmanworkstation - ok
18:03:58.0968 0312  lbrtfdc - ok
18:03:59.0015 0312  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
18:03:59.0140 0312  LmHosts - ok
18:03:59.0281 0312  [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
18:03:59.0390 0312  MBAMSwissArmy - ok
18:03:59.0531 0312  [ C58F15CD4EF79210455512CF0C449F39 ] McComponentHostService C:\Programme\McAfee Security Scan\3.0.313\McCHSvc.exe
18:03:59.0593 0312  McComponentHostService - ok
18:03:59.0625 0312  [ 52404CC76E9D53843BDF97564BB16BED ] McrdSvc         C:\WINDOWS\ehome\mcrdsvc.exe
18:03:59.0671 0312  McrdSvc - ok
18:03:59.0718 0312  [ E246A32C445056996074A397DA56E815 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:03:59.0750 0312  mdmxsdk - ok
18:03:59.0781 0312  [ B7550A7107281D170CE85524B1488C98 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
18:03:59.0921 0312  Messenger - ok
18:03:59.0984 0312  [ DED60230E3019C508769EC3C15BCDA44 ] MHN             C:\WINDOWS\System32\mhn.dll
18:04:00.0062 0312  MHN ( UnsignedFile.Multi.Generic ) - warning
18:04:00.0062 0312  MHN - detected UnsignedFile.Multi.Generic (1)
18:04:00.0093 0312  [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV          C:\WINDOWS\system32\DRIVERS\mhndrv.sys
18:04:00.0125 0312  MHNDRV ( UnsignedFile.Multi.Generic ) - warning
18:04:00.0125 0312  MHNDRV - detected UnsignedFile.Multi.Generic (1)
18:04:00.0140 0312  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
18:04:00.0296 0312  mnmdd - ok
18:04:00.0343 0312  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
18:04:00.0500 0312  mnmsrvc - ok
18:04:00.0546 0312  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
18:04:00.0687 0312  Modem - ok
18:04:00.0718 0312  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:04:00.0859 0312  Mouclass - ok
18:04:00.0890 0312  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:04:01.0031 0312  mouhid - ok
18:04:01.0046 0312  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
18:04:01.0171 0312  MountMgr - ok
18:04:01.0187 0312  mraid35x - ok
18:04:01.0218 0312  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:04:01.0359 0312  MRxDAV - ok
18:04:01.0421 0312  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:04:01.0531 0312  MRxSmb - ok
18:04:01.0593 0312  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
18:04:01.0734 0312  MSDTC - ok
18:04:01.0765 0312  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
18:04:01.0890 0312  Msfs - ok
18:04:01.0906 0312  MSIServer - ok
18:04:01.0937 0312  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:04:02.0046 0312  MSKSSRV - ok
18:04:02.0109 0312  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:04:02.0265 0312  MSPCLOCK - ok
18:04:02.0296 0312  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
18:04:02.0437 0312  MSPQM - ok
18:04:02.0468 0312  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:04:02.0609 0312  mssmbios - ok
18:04:02.0671 0312  MSSQL$INVENTORCONTENT - ok
18:04:02.0781 0312  [ CB7524C21727404BD3140DCA32DEB7DE ] MSSQLServerADHelper C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
18:04:02.0828 0312  MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - warning
18:04:02.0828 0312  MSSQLServerADHelper - detected UnsignedFile.Multi.Generic (1)
18:04:02.0890 0312  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
18:04:02.0984 0312  Mup - ok
18:04:03.0078 0312  [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360            C:\Programme\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
18:04:03.0125 0312  N360 - ok
18:04:03.0187 0312  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
18:04:03.0437 0312  napagent - ok
18:04:03.0546 0312  [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG          C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130207.025\NAVENG.SYS
18:04:03.0562 0312  NAVENG - ok
18:04:03.0687 0312  [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15         C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130207.025\NAVEX15.SYS
18:04:03.0796 0312  NAVEX15 - ok
18:04:03.0859 0312  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
18:04:04.0109 0312  NDIS - ok
18:04:04.0187 0312  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:04:04.0375 0312  NdisTapi - ok
18:04:04.0468 0312  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:04:04.0625 0312  Ndisuio - ok
18:04:04.0671 0312  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:04:04.0843 0312  NdisWan - ok
18:04:04.0921 0312  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
18:04:05.0765 0312  NDProxy - ok
18:04:05.0859 0312  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
18:04:06.0093 0312  NetBIOS - ok
18:04:06.0140 0312  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
18:04:06.0328 0312  NetBT - ok
18:04:06.0375 0312  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
18:04:06.0625 0312  NetDDE - ok
18:04:06.0625 0312  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
18:04:06.0750 0312  NetDDEdsdm - ok
18:04:06.0796 0312  [ 1265EB253ED4EBE4ACB3BD5F548FF796 ] Netdevio        C:\WINDOWS\system32\DRIVERS\netdevio.sys
18:04:06.0828 0312  Netdevio ( UnsignedFile.Multi.Generic ) - warning
18:04:06.0828 0312  Netdevio - detected UnsignedFile.Multi.Generic (1)
18:04:06.0875 0312  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\system32\lsass.exe
18:04:06.0984 0312  Netlogon - ok
18:04:07.0015 0312  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
18:04:07.0187 0312  Netman - ok
18:04:07.0250 0312  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:04:07.0265 0312  NetTcpPortSharing - ok
18:04:07.0296 0312  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:04:07.0437 0312  NIC1394 - ok
18:04:07.0484 0312  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla             C:\WINDOWS\System32\mswsock.dll
18:04:07.0515 0312  Nla - ok
18:04:07.0578 0312  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
18:04:07.0703 0312  Npfs - ok
18:04:07.0765 0312  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
18:04:07.0953 0312  Ntfs - ok
18:04:08.0000 0312  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
18:04:08.0109 0312  NtLmSsp - ok
18:04:08.0187 0312  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
18:04:08.0375 0312  NtmsSvc - ok
18:04:08.0421 0312  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
18:04:08.0562 0312  Null - ok
18:04:08.0765 0312  [ E955C80EEB77E809263B9C4443A1D188 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:04:09.0156 0312  nv - ok
18:04:09.0250 0312  [ 5ECB80F1A9E530AEE7574DCAC7068796 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
18:04:09.0296 0312  NVSvc - ok
18:04:09.0343 0312  [ C34A6A72DEC2C317D67355DC18F87090 ] NWCWorkstation  C:\WINDOWS\System32\nwwks.dll
18:04:09.0484 0312  NWCWorkstation - ok
18:04:09.0500 0312  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:04:09.0625 0312  NwlnkFlt - ok
18:04:09.0656 0312  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:04:09.0796 0312  NwlnkFwd - ok
18:04:09.0828 0312  [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx        C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
18:04:09.0968 0312  NwlnkIpx - ok
18:04:10.0015 0312  [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb         C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
18:04:10.0156 0312  NwlnkNb - ok
18:04:10.0203 0312  [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx        C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
18:04:10.0390 0312  NwlnkSpx - ok
18:04:10.0437 0312  [ 36B9B950E3D2E100970A48D8BAD86740 ] NWRDR           C:\WINDOWS\system32\DRIVERS\nwrdr.sys
18:04:10.0578 0312  NWRDR - ok
18:04:10.0609 0312  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:04:10.0734 0312  ohci1394 - ok
18:04:10.0796 0312  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
18:04:10.0843 0312  ose - ok
18:04:10.0906 0312  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
18:04:11.0031 0312  Parport - ok
18:04:11.0046 0312  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
18:04:11.0187 0312  PartMgr - ok
18:04:11.0218 0312  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
18:04:11.0375 0312  ParVdm - ok
18:04:11.0375 0312  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
18:04:11.0546 0312  PCI - ok
18:04:11.0562 0312  PCIDump - ok
18:04:11.0578 0312  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
18:04:11.0703 0312  PCIIde - ok
18:04:11.0796 0312  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
18:04:11.0968 0312  Pcmcia - ok
18:04:11.0968 0312  PDCOMP - ok
18:04:11.0984 0312  PDFRAME - ok
18:04:11.0984 0312  PDRELI - ok
18:04:12.0000 0312  PDRFRAME - ok
18:04:12.0000 0312  perc2 - ok
18:04:12.0015 0312  perc2hib - ok
18:04:12.0046 0312  [ 444F122E68DB44C0589227781F3C8B3F ] Pfc             C:\WINDOWS\system32\drivers\pfc.sys
18:04:12.0078 0312  Pfc ( UnsignedFile.Multi.Generic ) - warning
18:04:12.0078 0312  Pfc - detected UnsignedFile.Multi.Generic (1)
18:04:12.0109 0312  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
18:04:12.0140 0312  PlugPlay - ok
18:04:12.0171 0312  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
18:04:12.0281 0312  PolicyAgent - ok
18:04:12.0296 0312  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:04:12.0421 0312  PptpMiniport - ok
18:04:12.0421 0312  PRAGMApipyycwkid - ok
18:04:12.0437 0312  PRAGMApipyycwkid - ok
18:04:12.0468 0312  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:04:12.0578 0312  ProtectedStorage - ok
18:04:12.0625 0312  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
18:04:12.0781 0312  PSched - ok
18:04:12.0812 0312  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:04:12.0984 0312  Ptilink - ok
18:04:13.0031 0312  [ FEFFCFDC528764A04C8ED63D5FA6E711 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:04:13.0062 0312  PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
18:04:13.0062 0312  PxHelp20 - detected UnsignedFile.Multi.Generic (1)
18:04:13.0093 0312  [ 7DC7ACA4E775E9D823F5773A2F47A2AC ] qkbfiltr        C:\WINDOWS\system32\drivers\qkbfiltr.sys
18:04:13.0109 0312  qkbfiltr ( UnsignedFile.Multi.Generic ) - warning
18:04:13.0109 0312  qkbfiltr - detected UnsignedFile.Multi.Generic (1)
18:04:13.0125 0312  ql1080 - ok
18:04:13.0125 0312  Ql10wnt - ok
18:04:13.0140 0312  ql12160 - ok
18:04:13.0140 0312  ql1240 - ok
18:04:13.0156 0312  ql1280 - ok
18:04:13.0187 0312  [ 8652B9E134C3478BE948BF089DF8ED5E ] qmofiltr        C:\WINDOWS\system32\drivers\qmofiltr.sys
18:04:13.0203 0312  qmofiltr ( UnsignedFile.Multi.Generic ) - warning
18:04:13.0203 0312  qmofiltr - detected UnsignedFile.Multi.Generic (1)
18:04:13.0234 0312  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:04:13.0375 0312  RasAcd - ok
18:04:13.0437 0312  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
18:04:13.0578 0312  RasAuto - ok
18:04:13.0593 0312  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:04:13.0718 0312  Rasl2tp - ok
18:04:13.0812 0312  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
18:04:13.0968 0312  RasMan - ok
18:04:13.0984 0312  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:04:14.0109 0312  RasPppoe - ok
18:04:14.0171 0312  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
18:04:14.0375 0312  Raspti - ok
18:04:14.0484 0312  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:04:14.0656 0312  Rdbss - ok
18:04:14.0671 0312  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:04:14.0843 0312  RDPCDD - ok
18:04:14.0890 0312  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:04:15.0062 0312  rdpdr - ok
18:04:15.0125 0312  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
18:04:15.0281 0312  RDPWD - ok
18:04:15.0312 0312  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
18:04:15.0437 0312  RDSessMgr - ok
18:04:15.0468 0312  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
18:04:15.0625 0312  redbook - ok
18:04:15.0656 0312  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
18:04:15.0812 0312  RemoteAccess - ok
18:04:15.0875 0312  [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
18:04:16.0187 0312  RemoteRegistry - ok
18:04:16.0203 0312  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\system32\locator.exe
18:04:16.0343 0312  RpcLocator - ok
18:04:16.0390 0312  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs           C:\WINDOWS\system32\rpcss.dll
18:04:16.0500 0312  RpcSs - ok
18:04:16.0546 0312  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
18:04:16.0671 0312  RSVP - ok
18:04:16.0703 0312  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINDOWS\system32\lsass.exe
18:04:16.0828 0312  SamSs - ok
18:04:16.0843 0312  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
18:04:16.0984 0312  SCardSvr - ok
18:04:17.0015 0312  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
18:04:17.0140 0312  Schedule - ok
18:04:17.0203 0312  [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
18:04:17.0328 0312  sdbus - ok
18:04:17.0375 0312  [ 59A9EB4073A39895AF314780D0A032FA ] SE27bus         C:\WINDOWS\system32\DRIVERS\SE27bus.sys
18:04:17.0421 0312  SE27bus ( UnsignedFile.Multi.Generic ) - warning
18:04:17.0421 0312  SE27bus - detected UnsignedFile.Multi.Generic (1)
18:04:17.0468 0312  [ D53E7E53107D1796825540129F8FE89F ] SE27mdfl        C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys
18:04:17.0515 0312  SE27mdfl ( UnsignedFile.Multi.Generic ) - warning
18:04:17.0515 0312  SE27mdfl - detected UnsignedFile.Multi.Generic (1)
18:04:17.0578 0312  [ 2AFA2F65A6E91DA5B5070E734769827E ] SE27mdm         C:\WINDOWS\system32\DRIVERS\SE27mdm.sys
18:04:17.0625 0312  SE27mdm ( UnsignedFile.Multi.Generic ) - warning
18:04:17.0625 0312  SE27mdm - detected UnsignedFile.Multi.Generic (1)
18:04:17.0656 0312  [ 5A33A8D7B44C7BD8ABE248B4DCD1FF3C ] SE27mgmt        C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys
18:04:17.0656 0312  SE27mgmt ( UnsignedFile.Multi.Generic ) - warning
18:04:17.0656 0312  SE27mgmt - detected UnsignedFile.Multi.Generic (1)
18:04:17.0687 0312  [ BB30139683BBF3EE89EC931393D9335C ] se27nd5         C:\WINDOWS\system32\DRIVERS\se27nd5.sys
18:04:17.0765 0312  se27nd5 ( UnsignedFile.Multi.Generic ) - warning
18:04:17.0765 0312  se27nd5 - detected UnsignedFile.Multi.Generic (1)
18:04:17.0781 0312  [ 5DA6FF71E94B9134DDD094EBB09F05E6 ] SE27obex        C:\WINDOWS\system32\DRIVERS\SE27obex.sys
18:04:17.0812 0312  SE27obex ( UnsignedFile.Multi.Generic ) - warning
18:04:17.0812 0312  SE27obex - detected UnsignedFile.Multi.Generic (1)
18:04:17.0859 0312  [ 4D54A9D7C22157AB3D2442E8BCF5ECD2 ] se27unic        C:\WINDOWS\system32\DRIVERS\se27unic.sys
18:04:17.0890 0312  se27unic ( UnsignedFile.Multi.Generic ) - warning
18:04:17.0890 0312  se27unic - detected UnsignedFile.Multi.Generic (1)
18:04:17.0921 0312  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:04:18.0078 0312  Secdrv - ok
18:04:18.0125 0312  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
18:04:18.0250 0312  seclogon - ok
18:04:18.0281 0312  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
18:04:18.0484 0312  SENS - ok
18:04:18.0531 0312  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
18:04:18.0687 0312  Serial - ok
18:04:18.0703 0312  serviceIEConfig - ok
18:04:18.0812 0312  [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk         C:\WINDOWS\system32\DRIVERS\sffdisk.sys
18:04:18.0937 0312  sffdisk - ok
18:04:18.0968 0312  [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd         C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
18:04:19.0109 0312  sffp_sd - ok
18:04:19.0156 0312  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
18:04:19.0328 0312  Sfloppy - ok
18:04:19.0406 0312  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
18:04:19.0578 0312  SharedAccess - ok
18:04:19.0625 0312  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:04:19.0656 0312  ShellHWDetection - ok
18:04:19.0671 0312  Simbad - ok
18:04:19.0718 0312  [ 6C7F2B518F8A7ABE1C145F26AA48C633 ] SMCB000         C:\WINDOWS\system32\DRIVERS\hidsmsc.sys
18:04:19.0781 0312  SMCB000 - ok
18:04:19.0828 0312  Sparrow - ok
18:04:19.0843 0312  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
18:04:19.0968 0312  splitter - ok
18:04:20.0031 0312  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
18:04:20.0078 0312  Spooler - ok
18:04:20.0109 0312  SQLAgent$INVENTORCONTENT - ok
18:04:20.0156 0312  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
18:04:20.0312 0312  sr - ok
18:04:20.0375 0312  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINDOWS\system32\srsvc.dll
18:04:20.0562 0312  srservice - ok
18:04:20.0765 0312  [ 83726CF02ECED69138948083E06B6EAC ] SRTSP           C:\WINDOWS\System32\Drivers\N360\0502020.003\SRTSP.SYS
18:04:20.0812 0312  SRTSP - ok
18:04:20.0859 0312  [ 4E7EAB2E5615D39CF1F1DF9C71E5E225 ] SRTSPX          C:\WINDOWS\system32\drivers\N360\0502020.003\SRTSPX.SYS
18:04:20.0859 0312  SRTSPX - ok
18:04:20.0937 0312  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
18:04:21.0046 0312  Srv - ok
18:04:21.0093 0312  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
18:04:21.0250 0312  SSDPSRV - ok
18:04:21.0312 0312  [ EA8925B4FF94B307D9A9B20FD664D543 ] SSHDRV5C        C:\WINDOWS\system32\drivers\SSHDRV5C.sys
18:04:21.0328 0312  SSHDRV5C ( UnsignedFile.Multi.Generic ) - warning
18:04:21.0328 0312  SSHDRV5C - detected UnsignedFile.Multi.Generic (1)
18:04:21.0406 0312  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
18:04:21.0515 0312  stisvc - ok
18:04:21.0546 0312  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
18:04:21.0687 0312  swenum - ok
18:04:21.0734 0312  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
18:04:21.0859 0312  swmidi - ok
18:04:21.0875 0312  SwPrv - ok
18:04:21.0875 0312  symc810 - ok
18:04:21.0890 0312  symc8xx - ok
18:04:21.0953 0312  [ 9BBEB8C6258E72D62E7560E6667AAD39 ] SymDS           C:\WINDOWS\system32\drivers\N360\0502020.003\SYMDS.SYS
18:04:21.0968 0312  SymDS - ok
18:04:22.0031 0312  [ D5C02629C02A820A7E71BCA3D44294A3 ] SymEFA          C:\WINDOWS\system32\drivers\N360\0502020.003\SYMEFA.SYS
18:04:22.0093 0312  SymEFA - ok
18:04:22.0140 0312  [ AB33C3B196197CA467CBDDA717860DBA ] SymEvent        C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
18:04:22.0156 0312  SymEvent - ok
18:04:22.0156 0312  SYMFW - ok
18:04:22.0171 0312  SYMIDS - ok
18:04:22.0203 0312  [ A73399804D5D4A8B20BA60FCF70C9F1F ] SymIRON         C:\WINDOWS\system32\drivers\N360\0502020.003\Ironx86.SYS
18:04:22.0218 0312  SymIRON - ok
18:04:22.0234 0312  SYMNDIS - ok
18:04:22.0281 0312  [ 336CACE58F0359D5CBB1AE6B8A2FB205 ] SYMTDI          C:\WINDOWS\System32\Drivers\N360\0502020.003\SYMTDI.SYS
18:04:22.0328 0312  SYMTDI - ok
18:04:22.0343 0312  sym_hi - ok
18:04:22.0343 0312  sym_u3 - ok
18:04:22.0406 0312  [ A6CC8C28D5AAD4179EF32F05BED55E91 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
18:04:22.0562 0312  SynTP - ok
18:04:22.0593 0312  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
18:04:22.0734 0312  sysaudio - ok
18:04:22.0765 0312  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
18:04:22.0921 0312  SysmonLog - ok
18:04:22.0984 0312  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
18:04:23.0125 0312  TapiSrv - ok
18:04:23.0203 0312  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:04:23.0281 0312  Tcpip - ok
18:04:23.0328 0312  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
18:04:23.0484 0312  TDPIPE - ok
18:04:23.0515 0312  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
18:04:23.0625 0312  TDTCP - ok
18:04:23.0656 0312  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
18:04:23.0781 0312  TermDD - ok
18:04:23.0859 0312  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINDOWS\System32\termsrv.dll
18:04:24.0000 0312  TermService - ok
18:04:24.0015 0312  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
18:04:24.0031 0312  Themes - ok
18:04:24.0093 0312  [ 244CFBFFDEFB77F3DF571A8CD108FC06 ] tifm21          C:\WINDOWS\system32\drivers\tifm21.sys
18:04:24.0140 0312  tifm21 - ok
18:04:24.0187 0312  [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
18:04:24.0328 0312  TlntSvr - ok
18:04:24.0328 0312  TosIde - ok
18:04:24.0359 0312  [ CC069342EE0EAE55B32A0AE99CF6185C ] tosrfec         C:\WINDOWS\system32\DRIVERS\tosrfec.sys
18:04:24.0359 0312  tosrfec ( UnsignedFile.Multi.Generic ) - warning
18:04:24.0359 0312  tosrfec - detected UnsignedFile.Multi.Generic (1)
18:04:24.0406 0312  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
18:04:24.0515 0312  TrkWks - ok
18:04:24.0546 0312  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
18:04:24.0687 0312  Udfs - ok
18:04:24.0687 0312  UIUSys - ok
18:04:24.0703 0312  ultra - ok
18:04:24.0781 0312  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
18:04:24.0937 0312  Update - ok
18:04:24.0984 0312  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
18:04:25.0156 0312  upnphost - ok
18:04:25.0203 0312  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINDOWS\System32\ups.exe
18:04:25.0343 0312  UPS - ok
18:04:25.0375 0312  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:04:25.0515 0312  usbccgp - ok
18:04:25.0531 0312  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:04:25.0671 0312  usbehci - ok
18:04:25.0703 0312  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:04:25.0828 0312  usbhub - ok
18:04:25.0843 0312  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:04:25.0984 0312  usbprint - ok
18:04:26.0000 0312  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:04:26.0125 0312  USBSTOR - ok
18:04:26.0156 0312  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:04:26.0281 0312  usbuhci - ok
18:04:26.0328 0312  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
18:04:26.0453 0312  VgaSave - ok
18:04:26.0453 0312  ViaIde - ok
18:04:26.0484 0312  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
18:04:26.0625 0312  VolSnap - ok
18:04:26.0687 0312  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINDOWS\System32\vssvc.exe
18:04:26.0828 0312  VSS - ok
18:04:26.0859 0312  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time         C:\WINDOWS\system32\w32time.dll
18:04:27.0000 0312  W32Time - ok
18:04:27.0140 0312  [ B1F126E7E28877106D60E6FF3998D033 ] w39n51          C:\WINDOWS\system32\DRIVERS\w39n51.sys
18:04:27.0421 0312  w39n51 - ok
18:04:27.0515 0312  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:04:27.0656 0312  Wanarp - ok
18:04:27.0656 0312  WDICA - ok
18:04:27.0703 0312  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
18:04:27.0843 0312  wdmaud - ok
18:04:27.0921 0312  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINDOWS\System32\webclnt.dll
18:04:28.0046 0312  WebClient - ok
18:04:28.0109 0312  [ E0A00B06EA067C84E124B407DFFA1AF1 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
18:04:28.0171 0312  winachsf - ok
18:04:28.0296 0312  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
18:04:28.0437 0312  winmgmt - ok
18:04:28.0484 0312  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
18:04:28.0562 0312  WmdmPmSN - ok
18:04:28.0640 0312  [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi             C:\WINDOWS\System32\advapi32.dll
18:04:28.0765 0312  Wmi - ok
18:04:28.0796 0312  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:04:28.0906 0312  WmiAcpi - ok
18:04:28.0937 0312  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:04:29.0078 0312  WmiApSrv - ok
18:04:29.0171 0312  [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc   C:\Programme\Windows Media Player\WMPNetwk.exe
18:04:29.0265 0312  WMPNetworkSvc - ok
18:04:29.0343 0312  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:04:29.0375 0312  WpdUsb - ok
18:04:29.0578 0312  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:04:29.0656 0312  WPFFontCache_v0400 - ok
18:04:29.0703 0312  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
18:04:29.0921 0312  wscsvc - ok
18:04:29.0937 0312  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
18:04:30.0078 0312  wuauserv - ok
18:04:30.0156 0312  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:04:30.0359 0312  WudfPf - ok
18:04:30.0421 0312  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WUDFRd          C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
18:04:30.0468 0312  WUDFRd - ok
18:04:30.0562 0312  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
18:04:30.0593 0312  WudfSvc - ok
18:04:30.0671 0312  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
18:04:30.0859 0312  WZCSVC - ok
18:04:30.0906 0312  [ 81E8DA36CE70858898D5EB81E28A47D2 ] X10Hid          C:\WINDOWS\system32\Drivers\x10hid.sys
18:04:30.0953 0312  X10Hid - ok
18:04:31.0015 0312  [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets         C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
18:04:31.0031 0312  x10nets ( UnsignedFile.Multi.Generic ) - warning
18:04:31.0031 0312  x10nets - detected UnsignedFile.Multi.Generic (1)
18:04:31.0109 0312  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
18:04:31.0312 0312  xmlprov - ok
18:04:31.0328 0312  ================ Scan global ===============================
18:04:31.0453 0312  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
18:04:31.0515 0312  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
18:04:31.0531 0312  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
18:04:31.0578 0312  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
18:04:31.0578 0312  [Global] - ok
18:04:31.0593 0312  ================ Scan MBR ==================================
18:04:31.0609 0312  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
18:04:31.0906 0312  \Device\Harddisk0\DR0 - ok
18:04:31.0921 0312  [ 66D0B28C8B44E531D0C19F436252ABAA ] \Device\Harddisk1\DR3
18:04:32.0218 0312  \Device\Harddisk1\DR3 - ok
18:04:32.0218 0312  ================ Scan VBR ==================================
18:04:32.0218 0312  [ 8FCA8178B401C18B3568F18ECF8CAE18 ] \Device\Harddisk0\DR0\Partition1
18:04:32.0234 0312  \Device\Harddisk0\DR0\Partition1 - ok
18:04:32.0234 0312  [ 11B58DD26267398AC6AAD3867631BF1E ] \Device\Harddisk1\DR3\Partition1
18:04:32.0234 0312  \Device\Harddisk1\DR3\Partition1 - ok
18:04:32.0234 0312  ============================================================
18:04:32.0234 0312  Scan finished
18:04:32.0234 0312  ============================================================
18:04:32.0375 3096  Detected object count: 23
18:04:32.0375 3096  Actual detected object count: 23
18:04:54.0953 3096  Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:04:54.0953 3096  Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:04:54.0953 3096  CFSvcs ( UnsignedFile.Multi.Generic ) - skipped by user
18:04:54.0953 3096  CFSvcs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:04:54.0968 3096  HPFECP15 ( UnsignedFile.Multi.Generic ) - skipped by user
18:04:54.0968 3096  HPFECP15 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:04:54.0968 3096  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:04:54.0968 3096  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:04:54.0968 3096  Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user
18:04:54.0968 3096  Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:04:54.0968 3096  MHN ( UnsignedFile.Multi.Generic ) - skipped by user
18:04:54.0968 3096  MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:04:54.0968 3096  MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
18:04:54.0968 3096  MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:04:54.0968 3096  MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - skipped by user
18:04:54.0968 3096  MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:04:54.0968 3096  Netdevio ( UnsignedFile.Multi.Generic ) - skipped by user
18:04:54.0968 3096  Netdevio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:04:54.0968 3096  Pfc ( UnsignedFile.Multi.Generic ) - skipped by user
18:04:54.0968 3096  Pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:04:54.0968 3096  PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
18:04:54.0968 3096  PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:04:54.0968 3096  qkbfiltr ( UnsignedFile.Multi.Generic ) - skipped by user
18:04:54.0968 3096  qkbfiltr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:04:54.0968 3096  qmofiltr ( UnsignedFile.Multi.Generic ) - skipped by user
18:04:54.0968 3096  qmofiltr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:04:54.0968 3096  SE27bus ( UnsignedFile.Multi.Generic ) - skipped by user
18:04:54.0968 3096  SE27bus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:04:54.0984 3096  SE27mdfl ( UnsignedFile.Multi.Generic ) - skipped by user
18:04:54.0984 3096  SE27mdfl ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:04:54.0984 3096  SE27mdm ( UnsignedFile.Multi.Generic ) - skipped by user
18:04:54.0984 3096  SE27mdm ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:04:54.0984 3096  SE27mgmt ( UnsignedFile.Multi.Generic ) - skipped by user
18:04:54.0984 3096  SE27mgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:04:54.0984 3096  se27nd5 ( UnsignedFile.Multi.Generic ) - skipped by user
18:04:54.0984 3096  se27nd5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:04:54.0984 3096  SE27obex ( UnsignedFile.Multi.Generic ) - skipped by user
18:04:54.0984 3096  SE27obex ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:04:54.0984 3096  se27unic ( UnsignedFile.Multi.Generic ) - skipped by user
18:04:54.0984 3096  se27unic ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:04:54.0984 3096  SSHDRV5C ( UnsignedFile.Multi.Generic ) - skipped by user
18:04:54.0984 3096  SSHDRV5C ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:04:54.0984 3096  tosrfec ( UnsignedFile.Multi.Generic ) - skipped by user
18:04:54.0984 3096  tosrfec ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:04:54.0984 3096  x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
18:04:54.0984 3096  x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip

Das kam bei tdsskiller raus.

markusg · 08.02.2013, 18:12

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

kabbi · 09.02.2013, 12:27

Hier ist die Logfile von Combofix:

Code:

ATTFilter

ComboFix 13-02-07.02 - *** 08.02.2013  18:39:42.1.1 - x86
ausgeführt von:: C:\Dokumente und Einstellungen\***\Desktop\ComboFix.exe


((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))


C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\3953114.pad
C:\Dokumente und Einstellungen\***\4.0
C:\Dokumente und Einstellungen\***\Eigene Dateien\~WRL2346.tmp
C:\Dokumente und Einstellungen\***\Eigene Dateien\~WRL3217.tmp
C:\Dokumente und Einstellungen\***\Eigene Dateien\Internet Explorer.lnk
C:\Programme\NIS071020GE.exe
C:\WINDOWS\dasetup.log
C:\WINDOWS\EventSystem.log
C:\WINDOWS\IsUn0407.exe
C:\WINDOWS\system32\PRAGMAerrors.log
C:\WINDOWS\system32\URTTemp
C:\WINDOWS\system32\URTTemp\fusion.dll
C:\WINDOWS\system32\URTTemp\mscoree.dll
C:\WINDOWS\system32\URTTemp\mscoree.dll.local
C:\WINDOWS\system32\URTTemp\mscorsn.dll
C:\WINDOWS\system32\URTTemp\mscorwks.dll
C:\WINDOWS\system32\URTTemp\msvcr71.dll
C:\WINDOWS\system32\URTTemp\regtlib.exe
C:\WINDOWS\wininit.ini


(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PRAGMApipyycwkid
-------\Service_PRAGMApipyycwkid


(((((((((((((((((((((((   Dateien erstellt von 2013-01-09 bis 2013-02-09  ))))))))))))))))))))))))))))))


2013-02-08 22:15:34 . 2011-07-13 02:55:05	2237440	----a-r-	C:\OTLPE.exe
2013-02-08 22:15:30 . 2013-02-08 16:24:36	--------	d-----w-	C:\_OTL
2013-01-25 16:08:46 . 2013-01-25 16:08:46	--------	d-----w-	C:\Dokumente und Einstellungen\Reith\Anwendungsdaten\TeamViewer
.


((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-02-08 16:26:07 . 2012-04-12 07:21:23	697712	----a-w-	C:\WINDOWS\system32\FlashPlayerApp.exe
2013-02-08 16:26:06 . 2011-05-21 11:04:48	74096	----a-w-	C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-02-08 09:12:58 . 2012-09-29 12:26:57	40776	----a-w-	C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2012-12-16 12:23:59 . 2006-03-17 11:45:17	290560	----a-w-	C:\WINDOWS\system32\atmfd.dll
2012-11-13 11:55:38 . 2006-03-17 11:45:48	1866496	----a-w-	C:\WINDOWS\system32\win32k.sys
2011-10-28 14:31:40 . 2011-10-28 14:31:34	2063321	----a-w-	C:\Programme\ablerawer_1.4.exe
2007-04-08 10:40:52 . 2007-04-08 10:40:45	6615712	----a-w-	C:\Programme\FirefoxGoogleToolbarSetup.exe
2007-03-30 07:25:31 . 2007-03-30 07:25:15	14993976	----a-w-	C:\Programme\GoogleEarthWin_EARE.exe
2012-03-13 15:50:10 . 2011-07-03 10:23:17	134104	----a-w-	C:\Programme\mozilla firefox\components\browsercomps.dll
2009-03-31 20:47:26 . 2008-07-21 14:34:31	324976	----a-w-	C:\Programme\mozilla firefox\components\coFFPlgn.dll


------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.

[7] 2008-04-13 18:40:30 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[7] 2008-04-13 18:40:30 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\drivers\atapi.sys
[7] 2004-08-10 13:00:00 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[7] 2004-08-03 21:59:44 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[7] 2008-04-13 18:57:27 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\asyncmac.sys
[7] 2008-04-13 18:57:27 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\drivers\asyncmac.sys
[-] 2004-08-10 13:00:00 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\asyncmac.sys

[7] 2004-08-10 13:00:00 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0 (XPClient.010817-1148)] . . C:\WINDOWS\system32\drivers\beep.sys

[7] 2008-04-14 01:58:36 . 1704D8C4C8807B889E43C649B478A452 . 25216 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\kbdclass.sys
[7] 2008-04-14 01:58:36 . 1704D8C4C8807B889E43C649B478A452 . 25216 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\drivers\kbdclass.sys
[7] 2004-08-10 13:00:00 . B128FC0A5CD83F669D5DE4B58F77C7D6 . 25216 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\kbdclass.sys

[7] 2008-04-13 19:20:37 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[7] 2008-04-13 19:20:37 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\drivers\ndis.sys
[-] 2004-08-10 13:00:00 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

[7] 2008-04-13 19:15:53 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[7] 2008-04-13 19:15:53 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\drivers\ntfs.sys
[-] 2007-02-09 11:23:36 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081 (xpsp_sp2_qfe.070209-0034)] . . C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 11:10:35 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081 (xpsp_sp2_gdr.070209-0028)] . . C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-10 13:00:00 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB930916$\ntfs.sys

[7] 2004-08-10 13:00:00 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0 (XPClient.010817-1148)] . . C:\WINDOWS\system32\drivers\null.sys

[7] 2008-06-20 11:59:02 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625 (xpsp_sp3_qfe.080620-1309)] . . C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 11:59:02 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625 (xpsp_sp3_qfe.080620-1309)] . . C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 11:51:12 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:51:12 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\system32\dllcache\tcpip.sys
[7] 2008-06-20 11:51:12 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\system32\drivers\tcpip.sys
[7] 2008-06-20 10:45:13 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394 (xpsp_sp2_gdr.080620-1245)] . . C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 10:44:42 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394 (xpsp_sp2_qfe.080620-1259)] . . C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 19:20:16 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 19:20:16 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 17:20:55 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244 (xpsp_sp2_gdr.071030-1259)] . . C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 16:53:32 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244 (xpsp_sp2_qfe.071030-1255)] . . C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18:35 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892 (xpsp.060420-0256)] . . C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 11:51:50 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892 (xpsp_sp2_gdr.060420-0254)] . . C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[-] 2005-05-25 19:07:12 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685 (xpsp.050525-1029)] . . C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-05-25 19:04:02 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685 (xpsp_sp2_gdr.050525-1028)] . . C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[-] 2004-08-10 13:00:00 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys

[7] 2012-07-06 13:59:07 . B71549F23736ADF83A571061C47777FD . 78336 . . [5.1.2600.6260 (xpsp_sp3_gdr.120706-1619)] . . C:\WINDOWS\system32\browser.dll
[7] 2012-07-06 13:59:07 . B71549F23736ADF83A571061C47777FD . 78336 . . [5.1.2600.6260 (xpsp_sp3_gdr.120706-1619)] . . C:\WINDOWS\system32\dllcache\browser.dll
[7] 2012-07-06 13:58:27 . B2CC8D85D27BF10C5FAF5B98C335978E . 78336 . . [5.1.2600.6260 (xpsp_sp3_qfe.120706-1617)] . . C:\WINDOWS\$hf_mig$\KB2705219\SP3QFE\browser.dll
[7] 2008-04-14 02:22:07 . B42057F06BBB98B31876C0B3F2B54E33 . 77824 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\$NtUninstallKB2705219$\browser.dll
[7] 2008-04-14 02:22:07 . B42057F06BBB98B31876C0B3F2B54E33 . 77824 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\browser.dll
[-] 2004-08-10 13:00:00 . D8653DCD80CF2EBB333FC4FCC43A7DEF . 77312 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\browser.dll

[7] 2008-04-14 02:22:51 . AFB8261B56CBA0D86AEB6DF682AF9785 . 13312 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[7] 2008-04-14 02:22:51 . AFB8261B56CBA0D86AEB6DF682AF9785 . 13312 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\lsass.exe
[-] 2004-08-10 13:00:00 . 183805EB05BCA5A1E4AAAED4D2BE3690 . 13312 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\lsass.exe

[7] 2008-04-14 02:22:19 . E6D88F1F6745BF00B57E7855A2AB696C . 198144 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\netman.dll
[7] 2008-04-14 02:22:19 . E6D88F1F6745BF00B57E7855A2AB696C . 198144 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\netman.dll
[-] 2005-08-22 18:31:48 . 1E5218FBE323C375B488318950E10FB4 . 197632 . . [5.1.2600.2743 (xpsp_sp2_gdr.050819-1525)] . . C:\WINDOWS\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 18:24:55 . 19D9B6B139F09A72AE71758BDF28308E . 197632 . . [5.1.2600.2743 (xpsp.050819-1528)] . . C:\WINDOWS\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-10 13:00:00 . CDF4DA6B518105343FE9E8AFBBF8FBF4 . 198144 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB905414$\netman.dll

[7] 2008-04-14 02:22:08 . D0DE8A2EC95184E5193BB4B3112E29DF . 846848 . . [2001.12.4414.700] . . C:\WINDOWS\ServicePackFiles\i386\comres.dll
[7] 2008-04-14 02:22:08 . D0DE8A2EC95184E5193BB4B3112E29DF . 846848 . . [2001.12.4414.700] . . C:\WINDOWS\system32\comres.dll
[-] 2004-08-10 13:00:00 . 4B9D9E2708019763C5A72DA776DB1158 . 846848 . . [2001.12.4414.258] . . C:\WINDOWS\$NtServicePackUninstall$\comres.dll

[7] 2008-04-14 02:22:23 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[7] 2008-04-14 02:22:23 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\qmgr.dll
[7] 2008-04-14 02:22:23 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\bits\qmgr.dll
[-] 2004-08-10 13:00:00 . 3A5E54A9AB96EF2D273B58136FB58EFE . 382464 . . [6.6.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll

[7] 2009-02-09 10:54:50 . D3D765E8455A961AE567B408F767D4F9 . 401408 . . [5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)] . . C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[7] 2009-02-09 10:51:45 . 3127AFBF2C1ED0AB14A1BBB7AAECB85B . 401408 . . [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] . . C:\WINDOWS\system32\rpcss.dll
[7] 2009-02-09 10:51:45 . 3127AFBF2C1ED0AB14A1BBB7AAECB85B . 401408 . . [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] . . C:\WINDOWS\system32\dllcache\rpcss.dll
[7] 2008-04-14 02:22:23 . E970C2296916BF4A2F958680016FE312 . 399360 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll
[7] 2008-04-14 02:22:23 . E970C2296916BF4A2F958680016FE312 . 399360 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 04:29:19 . DBA9F9C00A7A2B45EB8E451C2B6D10E9 . 398336 . . [5.1.2600.2726 (xpsp.050725-1531)] . . C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll
[-] 2005-04-28 19:35:39 . 434A27912D53BF3FB6C1CE37BAFA5CF6 . 396288 . . [5.1.2600.2665 (xpsp.050427-1553)] . . C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 19:35:39 . 434A27912D53BF3FB6C1CE37BAFA5CF6 . 396288 . . [5.1.2600.2665 (xpsp.050427-1553)] . . C:\WINDOWS\$NtUninstallKB902400$\rpcss.dll
[-] 2005-04-28 19:31:44 . A9219270CA2E5DDB52828E7AB7268B82 . 395776 . . [5.1.2600.2665 (xpsp_sp2_gdr.050427-1553)] . . C:\WINDOWS\$NtUninstallKB894391$\rpcss.dll
[-] 2005-01-14 08:57:03 . C4E4A6514DC7AA4981B09E1A55B3EE56 . 395776 . . [5.1.2600.2595 (xpsp_sp2_gdr.041130-1729)] . . C:\WINDOWS\$NtUninstallKB894391_0$\rpcss.dll
[-] 2005-01-14 05:08:03 . 64F7E6B27B790365A910ECE21134A680 . 395776 . . [5.1.2600.2595 (xpsp.041130-1728)] . . C:\WINDOWS\$hf_mig$\KB873333\SP2QFE\rpcss.dll
[-] 2004-08-10 13:00:00 . 9F28FF58D6D67B123272869D89D14004 . 395776 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB873333$\rpcss.dll

[7] 2009-02-09 11:21:35 . A3EDBE9053889FB24AB22492472B39DC . 111104 . . [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] . . C:\WINDOWS\system32\services.exe
[7] 2009-02-09 11:21:35 . A3EDBE9053889FB24AB22492472B39DC . 111104 . . [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] . . C:\WINDOWS\system32\dllcache\services.exe
[7] 2009-02-09 11:14:22 . F0A7D59AF279326528715B206669B86C . 111104 . . [5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)] . . C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2008-04-14 02:22:59 . 4BB6A83640F1D1792AD21CE767B621C6 . 109056 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\$NtUninstallKB956572$\services.exe
[7] 2008-04-14 02:22:59 . 4BB6A83640F1D1792AD21CE767B621C6 . 109056 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\services.exe
[-] 2004-08-10 13:00:00 . EDB6B81761BD60F32F740BBC40AFB676 . 108544 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\services.exe

[7] 2010-08-17 13:19:36 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024 (xpsp_sp3_qfe.100817-1627)] . . C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[7] 2010-08-17 13:17:06 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024 (xpsp_sp3_gdr.100817-1626)] . . C:\WINDOWS\system32\spoolsv.exe
[7] 2010-08-17 13:17:06 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024 (xpsp_sp3_gdr.100817-1626)] . . C:\WINDOWS\system32\dllcache\spoolsv.exe
[7] 2008-04-14 02:23:02 . 39356A9CDB6753A6D13A4072A9F5A4BB . 57856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe
[7] 2008-04-14 02:23:02 . 39356A9CDB6753A6D13A4072A9F5A4BB . 57856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 00:17:13 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696 (xpsp.050610-1527)] . . C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53:32 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] . . C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-10 13:00:00 . 54E7113A4BD696E430919BCAF5C65E06 . 57856 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe

[7] 2008-04-14 02:23:05 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[7] 2008-04-14 02:23:05 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\winlogon.exe
[-] 2004-08-10 13:00:00 . 2B6A0BAF33A9918F09442D873848FF72 . 507392 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[7] 2012-06-02 13:19:34 . 2E0B0A051FFAA86E358465BB0880D453 . 53784 . . [7.6.7600.256 (winmain_wtr_wsus3sp2(oobla).120602-1459)] . . C:\WINDOWS\system32\wuauclt.exe
[7] 2012-06-02 13:19:34 . 2E0B0A051FFAA86E358465BB0880D453 . 53784 . . [7.6.7600.256 (winmain_wtr_wsus3sp2(oobla).120602-1459)] . . C:\WINDOWS\system32\dllcache\wuauclt.exe
[7] 2008-04-14 02:23:06 . 65E60C18DDB0215C201FF75E32D564C8 . 111616 . . [5.4.3790.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe

[7] 2008-04-13 19:19:42 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[7] 2008-04-13 19:19:42 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\drivers\ipsec.sys
[-] 2004-08-10 13:00:00 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys

[7] 2010-08-23 16:11:49 . 1438703F3D9FFE111DA3869E4F3EEE73 . 617472 . . [5.82 (xpsp_sp3_qfe.100823-1643)] . . C:\WINDOWS\system32\comctl32.dll
[7] 2010-08-23 16:11:49 . 1438703F3D9FFE111DA3869E4F3EEE73 . 617472 . . [5.82 (xpsp_sp3_qfe.100823-1643)] . . C:\WINDOWS\system32\dllcache\comctl32.dll
[7] 2010-08-23 16:11:46 . 2B6ADE29F8D00EEFA5FA2250CBE094AD . 1054208 . . [6.0 (xpsp_sp3_qfe.100823-1643)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[7] 2008-04-14 02:22:08 . AD28671D1B83A386B070DC451A113C13 . 617472 . . [5.82 (xpsp.080413-2105)] . . C:\WINDOWS\$NtUninstallKB2296011$\comctl32.dll
[7] 2008-04-14 02:22:08 . AD28671D1B83A386B070DC451A113C13 . 617472 . . [5.82 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\comctl32.dll
[7] 2008-04-14 02:20:11 . 3C93CE6C6985C55952B7BE6673E9FD15 . 1054208 . . [6.0 (xpsp.080413-2105)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2006-08-25 15:46:47 . EE82D1393169AC6BDF6016F4EA8D2B79 . 617472 . . [5.82 (xpsp.060825-0040)] . . C:\WINDOWS\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 15:46:44 . F64451D07B9368B46AB31172D56D1804 . 1054208 . . [6.0 (xpsp.060825-0040)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2004-08-10 13:00:00 . 2CF914215226B3F7FA1AE4A47E4D261C . 611328 . . [5.82 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB923191$\comctl32.dll
[7] 2004-08-10 13:00:00 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0 (xpclient.010817-1148)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-10 13:00:00 . 9D0F57B9C65BF8A07DB655A9ED6EB2EE . 1050624 . . [6.0 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[7] 2008-04-14 02:22:08 . 611F824E5C703A5A899F84C5F1699E4D . 62464 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[7] 2008-04-14 02:22:08 . 611F824E5C703A5A899F84C5F1699E4D . 62464 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\cryptsvc.dll
[-] 2004-08-10 13:00:00 . 1A5F9DB98DF7955B4C7CBDBF2C638238 . 60416 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll

[7] 2008-07-07 20:26:58 . AF4F6B5739D18CA7972AB53E091CBC74 . 253952 . . [2001.12.4414.706] . . C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll
[7] 2008-07-07 20:26:58 . AF4F6B5739D18CA7972AB53E091CBC74 . 253952 . . [2001.12.4414.706] . . C:\WINDOWS\system32\es.dll
[7] 2008-07-07 20:26:58 . AF4F6B5739D18CA7972AB53E091CBC74 . 253952 . . [2001.12.4414.706] . . C:\WINDOWS\system32\dllcache\es.dll
[7] 2008-07-07 20:23:19 . ADA7241C16F3F42C7F210539FAD5F3AA . 253952 . . [2001.12.4414.706] . . C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll
[7] 2008-07-07 20:16:43 . 3912BEF896D1D687B6053409E5F5F2A6 . 253952 . . [2001.12.4414.320] . . C:\WINDOWS\$NtServicePackUninstall$\es.dll
[7] 2008-04-14 02:22:10 . 0F3EDAEE1EF97CF3DB2BE23A7289B78C . 246272 . . [2001.12.4414.701] . . C:\WINDOWS\$NtUninstallKB950974$\es.dll
[7] 2008-04-14 02:22:10 . 0F3EDAEE1EF97CF3DB2BE23A7289B78C . 246272 . . [2001.12.4414.701] . . C:\WINDOWS\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:29:04 . 0D0F85237E32538F58278D673032676A . 243200 . . [2001.12.4414.308] . . C:\WINDOWS\$NtUninstallKB950974_0$\es.dll
[-] 2005-03-09 17:20:30 . 7C2BB552922CBCF2C05C689CA8122CD6 . 243200 . . [2001.12.4414.301] . . C:\WINDOWS\$NtUninstallKB902400$\es.dll
[-] 2004-08-10 13:00:00 . 4E1A8645EE77CB9454FFE53C59620A25 . 243200 . . [2001.12.4414.258] . . C:\WINDOWS\$NtUninstallKB895200$\es.dll

[7] 2008-04-14 02:22:12 . F9954695D246B33A5BF105029A4C6AB6 . 110080 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\imm32.dll
[7] 2008-04-14 02:22:12 . F9954695D246B33A5BF105029A4C6AB6 . 110080 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\imm32.dll
[-] 2004-08-10 13:00:00 . 94101D13A1818A9D08337EEC12ED277A . 110080 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\imm32.dll

[7] 2012-10-03 04:58:00 . 8214D49147FBB2CD5CF896CBE021D339 . 1063936 . . [5.1.2600.6293 (xpsp_sp3_gdr.121001-1622)] . . C:\WINDOWS\system32\kernel32.dll
[7] 2012-10-03 04:58:00 . 8214D49147FBB2CD5CF896CBE021D339 . 1063936 . . [5.1.2600.6293 (xpsp_sp3_gdr.121001-1622)] . . C:\WINDOWS\system32\dllcache\kernel32.dll
[7] 2012-10-03 04:57:21 . A9D5CAF09ABD70F1CA28891ECED7B9E4 . 1065472 . . [5.1.2600.6293 (xpsp_sp3_qfe.121001-1624)] . . C:\WINDOWS\$hf_mig$\KB2758857\SP3QFE\kernel32.dll
[7] 2009-03-21 14:06:58 . B055C64AABC1A3E3DE57EC8025CAD283 . 1063424 . . [5.1.2600.5781 (xpsp_sp3_gdr.090321-1317)] . . C:\WINDOWS\$NtUninstallKB2758857$\kernel32.dll
[7] 2009-03-21 13:59:24 . 3EB703BFC2ED26A3D8ACB8626AB2C006 . 1065472 . . [5.1.2600.5781 (xpsp_sp3_qfe.090321-1341)] . . C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2008-04-14 02:22:13 . 4C897C69754D88F496339B1A666907C1 . 1063424 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[7] 2008-04-14 02:22:13 . 4C897C69754D88F496339B1A666907C1 . 1063424 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 16:09:38 . 5D0974BD58808FACA5D2C437B6FC8D85 . 1059840 . . [5.1.2600.3119 (xpsp_sp2_qfe.070416-1259)] . . C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 15:53:05 . 8EEA8280A1E0E794EDFCCAD3721C7CAB . 1058304 . . [5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)] . . C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[-] 2006-07-05 10:57:19 . 0BEFE0BF274818EC0785B7B842967313 . 1058816 . . [5.1.2600.2945 (xpsp.060704-2357)] . . C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2006-07-05 10:55:21 . E42795D2E7725D378EE2A4BFA6FE9DB3 . 1057792 . . [5.1.2600.2945 (xpsp_sp2_gdr.060704-2349)] . . C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll
[-] 2004-08-10 13:00:00 . E6CD85D0D37416CF138F01F4BB0FC872 . 1057280 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB917422$\kernel32.dll

[7] 2008-04-14 02:22:13 . 5543A9D4A1D0F9F84092482A9373A024 . 19968 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\linkinfo.dll
[7] 2008-04-14 02:22:13 . 5543A9D4A1D0F9F84092482A9373A024 . 19968 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\linkinfo.dll
[-] 2005-09-01 01:46:10 . F2AFE60F01040B23207D8EB7DC26EC96 . 19968 . . [5.1.2600.2751 (xpsp.050831-1531)] . . C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 01:44:41 . 0E2B88912BF78549D5177A84A3375D52 . 19968 . . [5.1.2600.2751 (xpsp_sp2_gdr.050831-1520)] . . C:\WINDOWS\$NtServicePackUninstall$\linkinfo.dll
[-] 2004-08-10 13:00:00 . 3898FFF548E2968CB3AC5A71D7F4E425 . 18944 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB900725$\linkinfo.dll

[7] 2008-04-14 02:22:14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\lpk.dll
[7] 2008-04-14 02:22:14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\lpk.dll
[-] 2004-08-10 13:00:00 . B4AD65C79F85C61D32C015B11E03CAAD . 22016 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\lpk.dll

[7] 2013-01-06 05:33:34 . 736266D91BA396EE6D17F4DA20B35317 . 6009856 . . [8.00.6001.19394 (longhorn_ie8_gdr_escrow.130103-0930)] . . C:\WINDOWS\system32\mshtml.dll
[7] 2013-01-06 05:33:34 . 736266D91BA396EE6D17F4DA20B35317 . 6009856 . . [8.00.6001.19394 (longhorn_ie8_gdr_escrow.130103-0930)] . . C:\WINDOWS\system32\dllcache\mshtml.dll
[7] 2013-01-06 05:32:24 . 7E7AD1122829366ABFFD99282AA5E387 . 6011392 . . [8.00.6001.23462 (longhorn_ie8_ldr_escrow.130103-0945)] . . C:\WINDOWS\$hf_mig$\KB2799329-IE8\SP3QFE\mshtml.dll
[7] 2012-11-13 00:24:16 . 9EE11942F73A9CEB7AF2EC2316488F1E . 6010880 . . [8.00.6001.23461 (longhorn_ie8_ldr.121108-1645)] . . C:\WINDOWS\$hf_mig$\KB2761465-IE8\SP3QFE\mshtml.dll
[7] 2012-11-12 19:55:23 . 8382463AD283ED95C83436988A5467E8 . 6008832 . . [8.00.6001.19393 (longhorn_ie8_gdr.121108-1615)] . . C:\WINDOWS\ie8updates\KB2799329-IE8\mshtml.dll
[7] 2012-08-28 15:05:48 . 685AC6F538B3D4EBE03F19877187B4DF . 6008832 . . [8.00.6001.19328 (longhorn_ie8_gdr.120824-1715)] . . C:\WINDOWS\ie8updates\KB2761465-IE8\mshtml.dll
[7] 2012-08-28 15:04:43 . 871C7E18BC56164496CE97DE5C95E569 . 6010368 . . [8.00.6001.23415 (longhorn_ie8_ldr.120824-1815)] . . C:\WINDOWS\$hf_mig$\KB2744842-IE8\SP3QFE\mshtml.dll
[7] 2012-07-02 17:39:29 . A73EF51CB4D047AC0831D3BDB9036149 . 6008320 . . [8.00.6001.19298 (longhorn_ie8_gdr.120627-1715)] . . C:\WINDOWS\ie8updates\KB2744842-IE8\mshtml.dll
[7] 2012-07-02 17:38:22 . 4D2499E11D9F907ACD817CA76DD78024 . 6010368 . . [8.00.6001.23385 (longhorn_ie8_ldr.120627-1815)] . . C:\WINDOWS\$hf_mig$\KB2722913-IE8\SP3QFE\mshtml.dll
[7] 2012-05-11 14:40:24 . 610AFC1D924512EEB7797ADD9E5F9455 . 6007808 . . [8.00.6001.19258 (longhorn_ie8_gdr.120423-1946)] . . C:\WINDOWS\ie8updates\KB2722913-IE8\mshtml.dll
[7] 2012-05-11 14:39:19 . E3C9C5F75F06CECD02E0BE32E0BE7463 . 6009344 . . [8.00.6001.23345 (longhorn_ie8_ldr.120423-2015)] . . C:\WINDOWS\$hf_mig$\KB2699988-IE8\SP3QFE\mshtml.dll
[7] 2012-03-01 11:00:08 . C34FC3162FE56D908A7285B5983D03FF . 5978624 . . [8.00.6001.19222 (longhorn_ie8_gdr.120227-1715)] . . C:\WINDOWS\ie8updates\KB2699988-IE8\mshtml.dll
[7] 2012-03-01 10:57:59 . AFF12544647103F756962F43BF60C238 . 5980672 . . [8.00.6001.23318 (longhorn_ie8_ldr.120227-1815)] . . C:\WINDOWS\$hf_mig$\KB2675157-IE8\SP3QFE\mshtml.dll
[7] 2011-12-17 19:43:23 . ED2A6223A232E6463E6168A0A7A6EA93 . 5979136 . . [8.00.6001.19190 (longhorn_ie8_gdr.111214-1715)] . . C:\WINDOWS\ie8updates\KB2675157-IE8\mshtml.dll
[7] 2011-12-17 19:42:28 . 384D5CD1286CA3364EE2DAA991CF4726 . 5980160 . . [8.00.6001.23286 (longhorn_ie8_ldr.111214-1815)] . . C:\WINDOWS\$hf_mig$\KB2647516-IE8\SP3QFE\mshtml.dll
[7] 2011-11-04 19:13:35 . 4823271E3A5F3A3D2229EACA01D849F1 . 5978112 . . [8.00.6001.19170 (longhorn_ie8_gdr.111102-1715)] . . C:\WINDOWS\ie8updates\KB2647516-IE8\mshtml.dll
[7] 2011-11-04 19:12:25 . CD31B8FA968485999C4B02802D8C482C . 5978624 . . [8.00.6001.23266 (longhorn_ie8_ldr.111102-1815)] . . C:\WINDOWS\$hf_mig$\KB2618444-IE8\SP3QFE\mshtml.dll
[7] 2011-10-03 08:34:11 . F591C3C571E547DDED6624EB3DCAB7C9 . 5971456 . . [8.00.6001.19154 (longhorn_ie8_gdr.110930-1002)] . . C:\WINDOWS\ie8updates\KB2618444-IE8\mshtml.dll
[7] 2011-10-03 08:33:08 . CC43AB1B8E1C5244B7F354307A3C9A77 . 5972992 . . [8.00.6001.23250 (longhorn_ie8_ldr.110930-1035)] . . C:\WINDOWS\$hf_mig$\KB2586448-IE8\SP3QFE\mshtml.dll
[7] 2011-07-25 15:09:56 . 9316AF4E14DC9C85A86A1A14A675F160 . 5969920 . . [8.00.6001.19120 (longhorn_ie8_gdr.110722-2155)] . . C:\WINDOWS\ie8updates\KB2586448-IE8\mshtml.dll
[7] 2011-07-25 15:08:12 . 1D96C20A4B27E16481C3E774EFC87E09 . 5971456 . . [8.00.6001.23216 (longhorn_ie8_ldr.110722-2225)] . . C:\WINDOWS\$hf_mig$\KB2559049-IE8\SP3QFE\mshtml.dll
[7] 2011-05-30 22:12:59 . 930A3ED33CD772EA8A2C4BB226A81CAF . 5964800 . . [8.00.6001.19088 (longhorn_ie8_gdr.110527-1700)] . . C:\WINDOWS\ie8updates\KB2559049-IE8\mshtml.dll
[7] 2011-05-30 22:11:36 . F439589BF8C2B1B07DAED345CD2F710D . 5967360 . . [8.00.6001.23181 (longhorn_ie8_ldr.110527-1800)] . . C:\WINDOWS\$hf_mig$\KB2530548-IE8\SP3QFE\mshtml.dll
[7] 2011-02-22 23:25:19 . 581142E0B30A2457893EDCF11479BB6C . 5964800 . . [8.00.6001.23141 (longhorn_ie8_ldr.110216-1756)] . . C:\WINDOWS\$hf_mig$\KB2497640-IE8\SP3QFE\mshtml.dll
[7] 2010-12-20 23:51:52 . BE8A4C7BFF06DC3BCCBCE689FAC751F7 . 5962240 . . [8.00.6001.23111 (longhorn_ie8_ldr.101217-1800)] . . C:\WINDOWS\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll
[7] 2010-11-06 00:23:48 . 40627E7D2717A6DD38337A54FDA03F34 . 5960704 . . [8.00.6001.23091 (longhorn_ie8_ldr.101101-1800)] . . C:\WINDOWS\$hf_mig$\KB2416400-IE8\SP3QFE\mshtml.dll
[7] 2010-11-05 05:04:19 . 2C3E77752C51A46772C0CCF79424F597 . 3097088 . . [6.00.2900.6049 (xpsp_sp3_gdr.101103-1638)] . . C:\WINDOWS\ie8\mshtml.dll
[7] 2010-11-05 05:03:34 . A5EE3A64FD74A664184795292BBC04A1 . 3097600 . . [6.00.2900.6049 (xpsp_sp3_qfe.101103-1636)] . . C:\WINDOWS\$hf_mig$\KB2416400\SP3QFE\mshtml.dll
[7] 2010-09-10 05:46:14 . FC277C347BBAAE912A5B0748B3504483 . 5958656 . . [8.00.6001.23067 (longhorn_ie8_ldr.100907-1730)] . . C:\WINDOWS\$hf_mig$\KB2360131-IE8\SP3QFE\mshtml.dll
[7] 2010-09-09 14:24:26 . 56B6CC1FA73E53AA82A7DA7C6D25C964 . 3095552 . . [6.00.2900.6036 (xpsp_sp3_qfe.100908-2019)] . . C:\WINDOWS\$hf_mig$\KB2360131\SP3QFE\mshtml.dll
[7] 2010-09-09 14:17:08 . 2A83D776FACF39D209343CF5FA64C77A . 3094528 . . [6.00.2900.6036 (xpsp_sp3_gdr.100908-2023)] . . C:\WINDOWS\$NtUninstallKB2416400$\mshtml.dll
[7] 2010-06-24 12:11:29 . C4C8BC6C389840C48B3DF94C6F993779 . 3094528 . . [6.00.2900.6003 (xpsp_sp3_qfe.100623-1636)] . . C:\WINDOWS\$hf_mig$\KB2183461\SP3QFE\mshtml.dll
[7] 2010-06-24 12:10:50 . A04FB9FEE8218806B15549ACFFAA2BFF . 3094016 . . [6.00.2900.6003 (xpsp_sp3_gdr.100623-1635)] . . C:\WINDOWS\$NtUninstallKB2360131$\mshtml.dll
[7] 2010-05-06 10:31:21 . 91A9BB7F22F7D21E9C07E995C4E31F74 . 5950976 . . [8.00.6001.18928 (longhorn_ie8_gdr.100503-1700)] . . C:\WINDOWS\ie8updates\KB2530548-IE8\mshtml.dll
[7] 2010-05-06 10:26:55 . A0091E83B21A4C2627D1DD1A64C1B4B9 . 5953024 . . [8.00.6001.23019 (longhorn_ie8_ldr.100503-1800)] . . C:\WINDOWS\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[7] 2010-04-16 16:06:42 . 164B4195439F7A0919A6CA7BDEC238AC . 3094016 . . [6.00.2900.5969 (xpsp_sp3_gdr.100416-1716)] . . C:\WINDOWS\$NtUninstallKB2183461$\mshtml.dll
[7] 2010-04-16 16:00:02 . 65E4FEB30D4307C1425F8635EE75200D . 3094528 . . [6.00.2900.5969 (xpsp_sp3_qfe.100416-1736)] . . C:\WINDOWS\$hf_mig$\KB982381\SP3QFE\mshtml.dll
[7] 2010-02-26 05:41:09 . E2CA735504A1D90EC8FAB02858A62996 . 3094016 . . [6.00.2900.5945 (xpsp_sp3_gdr.100225-1251)] . . C:\WINDOWS\$NtUninstallKB982381$\mshtml.dll
[7] 2010-02-26 05:37:54 . A8662879AC1BC243664C7331B8F0E74D . 3094528 . . [6.00.2900.5945 (xpsp_sp3_qfe.100225-1321)] . . C:\WINDOWS\$hf_mig$\KB980182\SP3QFE\mshtml.dll
[7] 2009-12-22 05:07:56 . 25EDB39CE3473A734476100AB8DE6A15 . 3092480 . . [6.00.2900.5921 (xpsp_sp3_gdr.091221-1718)] . . C:\WINDOWS\$NtUninstallKB980182$\mshtml.dll
[7] 2009-12-22 05:05:19 . 55EBD086581CA985DFB63736ED42629E . 3094528 . . [6.00.2900.5921 (xpsp_sp3_qfe.091221-1752)] . . C:\WINDOWS\$hf_mig$\KB978207\SP3QFE\mshtml.dll
[7] 2009-10-29 18:54:34 . D473C3526B86547643858E40FD096422 . 3091968 . . [6.00.2900.5897 (xpsp_sp3_gdr.091028-1650)] . . C:\WINDOWS\$NtUninstallKB978207$\mshtml.dll
[7] 2009-10-29 05:22:18 . 0B59B93A2524462E02EB2084FEA2E9C1 . 3094016 . . [6.00.2900.5897 (xpsp_sp3_qfe.091028-1717)] . . C:\WINDOWS\$hf_mig$\KB976325\SP3QFE\mshtml.dll
[7] 2009-10-19 23:51:39 . 711368E3637EC8F2F04CCA1168324B8C . 3091968 . . [6.00.2900.5890 (xpsp_sp3_gdr.091019-1504)] . . C:\WINDOWS\$NtUninstallKB976325$\mshtml.dll
[7] 2009-10-19 23:44:41 . 4AB194D8CDD5167674FD7E2F1DC1CD00 . 3093504 . . [6.00.2900.5890 (xpsp_sp3_qfe.091019-1531)] . . C:\WINDOWS\$hf_mig$\KB976749\SP3QFE\mshtml.dll
[7] 2009-09-25 05:35:25 . 848FD0FC3725E859C7512047BF447510 . 3091968 . . [6.00.2900.5880 (xpsp_sp3_gdr.090924-1438)] . . C:\WINDOWS\$NtUninstallKB976749$\mshtml.dll
[7] 2009-09-25 05:32:46 . CB479559434C766DCC26D0489BA84EF1 . 3093504 . . [6.00.2900.5880 (xpsp_sp3_qfe.090924-1448)] . . C:\WINDOWS\$hf_mig$\KB974455\SP3QFE\mshtml.dll
[7] 2009-07-18 16:03:12 . 455DE0E849F09CC58CD4B614020B753F . 3090432 . . [6.00.2900.5848 (xpsp_sp3_gdr.090718-1251)] . . C:\WINDOWS\$NtUninstallKB974455$\mshtml.dll
[7] 2009-07-18 15:32:14 . 26FD9945DF52F824888631CE09C77CB0 . 3090944 . . [6.00.2900.5848 (xpsp_sp3_qfe.090718-1313)] . . C:\WINDOWS\$hf_mig$\KB972260\SP3QFE\mshtml.dll
[7] 2009-04-29 04:33:27 . 2AAFE1C8A23843A40D3D5192CC93CC51 . 3089920 . . [6.00.2900.5803 (xpsp_sp3_gdr.090428-1325)] . . C:\WINDOWS\$NtUninstallKB972260$\mshtml.dll
[7] 2009-04-29 04:28:35 . 5D79A59F2AE282734E9A228B33314ACE . 3090432 . . [6.00.2900.5803 (xpsp_sp3_qfe.090428-1347)] . . C:\WINDOWS\$hf_mig$\KB969897\SP3QFE\mshtml.dll
[7] 2009-03-08 02:41:16 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)] . . C:\WINDOWS\ie8updates\KB982381-IE8\mshtml.dll
[7] 2009-02-20 08:09:50 . E4160ECABB1F61BFA54A9366B50C3CA8 . 3089408 . . [6.00.2900.5764 (xpsp_sp3_gdr.090219-1240)] . . C:\WINDOWS\$NtUninstallKB969897$\mshtml.dll
[7] 2009-02-20 07:51:27 . 272906D8E5499462A4201C3596031EDF . 3089408 . . [6.00.2900.5764 (xpsp_sp3_qfe.090219-1311)] . . C:\WINDOWS\$hf_mig$\KB963027\SP3QFE\mshtml.dll
[7] 2008-12-12 17:14:50 . D3BC95D72D732C2F05CB24E56EC5D7D3 . 3088896 . . [6.00.2900.5726 (xpsp_sp3_qfe.081212-1451)] . . C:\WINDOWS\$hf_mig$\KB960714\SP3QFE\mshtml.dll
[7] 2008-12-12 17:01:03 . E8002EA2A6DB0FC061D7E6436C9AFF58 . 3088896 . . [6.00.2900.5726 (xpsp_sp3_gdr.081212-1450)] . . C:\WINDOWS\$NtUninstallKB963027$\mshtml.dll
[7] 2008-10-16 05:33:14 . C25684D7A6272BE0ECF749BFD7EF83F9 . 3088896 . . [6.00.2900.5694 (xpsp_sp3_qfe.081015-1409)] . . C:\WINDOWS\$hf_mig$\KB958215\SP3QFE\mshtml.dll
[7] 2008-10-16 01:00:26 . 2F6089996C26EE36DE46A2CC90A9996C . 3088896 . . [6.00.2900.5694 (xpsp_sp3_gdr.081015-1312)] . . C:\WINDOWS\$NtUninstallKB960714$\mshtml.dll
[7] 2008-08-20 05:33:12 . 921840757FDDD0DCF947EBBF5D8C6FE9 . 3088384 . . [6.00.2900.3429 (xpsp_sp2_qfe.080819-1244)] . . C:\WINDOWS\$NtServicePackUninstall$\mshtml.dll
[7] 2008-08-20 05:08:58 . 9F3A80616E64425D2E22DB8C689C98E8 . 3088896 . . [6.00.2900.5659 (xpsp_sp3_gdr.080819-1237)] . . C:\WINDOWS\$hf_mig$\KB956390\SP3GDR\mshtml.dll
[7] 2008-08-20 05:08:58 . 9F3A80616E64425D2E22DB8C689C98E8 . 3088896 . . [6.00.2900.5659 (xpsp_sp3_gdr.080819-1237)] . . C:\WINDOWS\$NtUninstallKB958215$\mshtml.dll
[7] 2008-08-20 05:06:50 . F10BD57696EF088685D8548AE2A23572 . 3088896 . . [6.00.2900.5659 (xpsp_sp3_qfe.080819-1352)] . . C:\WINDOWS\$hf_mig$\KB956390\SP3QFE\mshtml.dll
[7] 2008-06-25 04:25:06 . F9F693A6E17EC05CDDA3949789710F5D . 3088896 . . [6.00.2900.5626 (xpsp_sp3_qfe.080623-1331)] . . C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\mshtml.dll
[7] 2008-06-23 16:14:28 . 1C95CFF9357A5E39D57F340D0891EA53 . 3088384 . . [6.00.2900.3395 (xpsp_sp2_qfe.080623-1318)] . . C:\WINDOWS\$NtUninstallKB956390_0$\mshtml.dll
[7] 2008-06-23 15:10:11 . 8B13E2409FE52E03A9AF548E20505EDC . 3088384 . . [6.00.2900.5626 (xpsp_sp3_gdr.080623-1315)] . . C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\mshtml.dll
[7] 2008-06-23 15:10:11 . 8B13E2409FE52E03A9AF548E20505EDC . 3088384 . . [6.00.2900.5626 (xpsp_sp3_gdr.080623-1315)] . . C:\WINDOWS\$NtUninstallKB956390$\mshtml.dll
[7] 2008-04-21 06:56:25 . 97F3A3011FEFD8EC231365767B6203D6 . 3087872 . . [6.00.2900.3354 (xpsp_sp2_qfe.080417-1416)] . . C:\WINDOWS\$NtUninstallKB953838_0$\mshtml.dll
[7] 2008-04-21 06:42:36 . 324308768813C0518F677DDD631A94A0 . 3087872 . . [6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)] . . C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\mshtml.dll
[7] 2008-04-21 06:42:36 . 324308768813C0518F677DDD631A94A0 . 3087872 . . [6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)] . . C:\WINDOWS\$NtUninstallKB953838$\mshtml.dll
[7] 2008-04-21 06:24:15 . 031FF37B530D76C23BCC2E21B709DB7F . 3088384 . . [6.00.2900.5583 (xpsp_sp3_qfe.080417-1431)] . . C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\mshtml.dll
[7] 2008-04-14 02:22:16 . 72AE55A9FFBC60650339CB12E35C7DD5 . 3066880 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\$NtUninstallKB950759$\mshtml.dll
[7] 2008-04-14 02:22:16 . 72AE55A9FFBC60650339CB12E35C7DD5 . 3066880 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\mshtml.dll
[-] 2008-02-16 09:30:55 . DDAD436E163284C7115F5C5A429A9D6A . 3087872 . . [6.00.2900.3314 (xpsp_sp2_qfe.080215-1242)] . . C:\WINDOWS\$NtUninstallKB950759_0$\mshtml.dll
[-] 2007-12-07 00:46:28 . 35161A288701DCCF7951D9BA647A9F52 . 3087360 . . [6.00.2900.3268 (xpsp_sp2_qfe.071206-1251)] . . C:\WINDOWS\$NtUninstallKB947864$\mshtml.dll
[-] 2007-10-30 09:56:44 . 7E44238B71A821276EEA8D704191D848 . 3086848 . . [6.00.2900.3243 (xpsp_sp2_qfe.071029-1244)] . . C:\WINDOWS\$NtUninstallKB944533$\mshtml.dll
[-] 2007-08-22 12:56:36 . A9AC1654BE9D4081A824DC22CAF63092 . 3085824 . . [6.00.2900.3199 (xpsp_sp2_qfe.070821-1250)] . . C:\WINDOWS\$NtUninstallKB942615$\mshtml.dll
[-] 2007-06-15 08:13:56 . E5F541C10D5331D423AD393C30C1A778 . 3085312 . . [6.00.2900.3157 (xpsp_sp2_qfe.070614-1244)] . . C:\WINDOWS\$NtUninstallKB939653$\mshtml.dll
[-] 2007-05-04 12:59:23 . 8F87BE2AA266298CA99EE74FE3A0C8C6 . 3085312 . . [6.00.2900.3132 (xpsp_sp2_qfe.070504-1301)] . . C:\WINDOWS\$NtUninstallKB937143$\mshtml.dll
[-] 2007-02-19 05:22:00 . F47848CC1F6776FB28C69958DCFADDF8 . 3084288 . . [6.00.2900.3086 (xpsp_sp2_qfe.070218-2342)] . . C:\WINDOWS\$NtUninstallKB933566$\mshtml.dll
[-] 2007-01-04 14:02:06 . 02F001F5EEA6D5C85806D39CA6578E45 . 3083264 . . [6.00.2900.3059 (xpsp_sp2_qfe.070104-0040)] . . C:\WINDOWS\$NtUninstallKB931768$\mshtml.dll
[-] 2006-10-23 15:34:38 . 436E162A6965F7EF0F2A868E1E1A21B2 . 3082240 . . [6.00.2900.3020 (xpsp.061023-0222)] . . C:\WINDOWS\$NtUninstallKB928090$\mshtml.dll
[-] 2006-09-14 08:36:16 . A09E8EEAE6D29E90BC292631528EFCDB . 3079680 . . [6.00.2900.2995 (xpsp.060913-0019)] . . C:\WINDOWS\$NtUninstallKB925454$\mshtml.dll
[-] 2006-07-28 11:30:00 . A395AD5E6C72F198C8E507BC2B27BC6B . 3079168 . . [6.00.2900.2963 (xpsp.060728-0003)] . . C:\WINDOWS\$NtUninstallKB922760$\mshtml.dll
[-] 2006-02-01 02:52:12 . E8526A66802AC6213762D97BD0FA334C . 3035648 . . [6.00.2900.2838 (xpsp.060131-1525)] . . C:\WINDOWS\$NtUninstallKB918899$\mshtml.dll
[-] 2005-07-20 02:05:07 . 2068C163B1FE8BF48FC6174234D0F237 . 3014144 . . [6.00.2900.2722 (xpsp.050719-1521)] . . C:\WINDOWS\$hf_mig$\KB896727\SP2QFE\mshtml.dll
[-] 2005-07-19 18:04:36 . 39CB13F39A04531EE57C4D44A5E996E4 . 3012096 . . [6.00.2900.2722 (xpsp_sp2_gdr.050719-1518)] . . C:\WINDOWS\$NtUninstallKB912945$\mshtml.dll
[-] 2004-08-10 13:00:00 . CAC51AD576713E5F0CE2251ED3A7FE82 . 3003392 . . [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB896727$\mshtml.dll

[7] 2008-04-14 02:22:18 . C6A6E53A0C34EC87883137A6CB87AE5E . 343040 . . [7.0.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\msvcrt.dll
[7] 2008-04-14 02:22:18 . C6A6E53A0C34EC87883137A6CB87AE5E . 343040 . . [7.0.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\msvcrt.dll
[7] 2008-04-14 02:20:11 . C536AAD8A71608FE33CD956214EDD366 . 343040 . . [7.0.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2004-08-10 13:00:00 . B30BAA48E5063E71C76280E34E7E4802 . 343040 . . [7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\msvcrt.dll
[7] 2004-08-10 13:00:00 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0 (xpclient.010817-1148)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-08-10 13:00:00 . 365B3C43810E1CF41B3BE1E7180F583B . 343040 . . [7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll

[7] 2008-06-20 17:46:10 . ACD8BD448A74F344D46FCAF21BAB92AF . 247296 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[7] 2008-06-20 17:46:10 . ACD8BD448A74F344D46FCAF21BAB92AF . 247296 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll
[7] 2008-06-20 17:43:49 . 4AA50627B01C0E9C6B4C6BD3AF648F12 . 247296 . . [5.1.2600.5625 (xpsp_sp3_qfe.080620-1309)] . . C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[7] 2008-06-20 17:43:49 . 4AA50627B01C0E9C6B4C6BD3AF648F12 . 247296 . . [5.1.2600.5625 (xpsp_sp3_qfe.080620-1309)] . . C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[7] 2008-06-20 17:39:48 . 774274C487493452DF3B0126DBE7FF3B . 247296 . . [5.1.2600.3394 (xpsp_sp2_gdr.080620-1245)] . . C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[7] 2008-06-20 17:36:12 . EB55B1D9978B61E9913EDCD27EEC4C7C . 247296 . . [5.1.2600.3394 (xpsp_sp2_qfe.080620-1259)] . . C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[7] 2008-06-20 16:02:46 . F1B67B6B0751AE0E6E964B02821206A3 . 247296 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\system32\mswsock.dll
[7] 2008-06-20 16:02:46 . F1B67B6B0751AE0E6E964B02821206A3 . 247296 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\system32\dllcache\mswsock.dll
[7] 2008-04-14 02:22:18 . F12B9D9A069331877D006CC81B4735F9 . 247296 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[7] 2008-04-14 02:22:18 . F12B9D9A069331877D006CC81B4735F9 . 247296 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-10 13:00:00 . B36E08F680BAE4DFC5C24D00A2DFC9E7 . 247296 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll

[7] 2008-04-14 02:22:19 . 0098D35F91DEAB9C127360A877F2CF84 . 407040 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[7] 2008-04-14 02:22:19 . 0098D35F91DEAB9C127360A877F2CF84 . 407040 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\netlogon.dll
[-] 2004-08-10 13:00:00 . D27395EDCD3416AFD125A9370DCB585C . 407040 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[7] 2008-04-14 02:22:23 . C8C0BDABC966B6C24D337DF0A0A399E1 . 17408 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\powrprof.dll
[7] 2008-04-14 02:22:23 . C8C0BDABC966B6C24D337DF0A0A399E1 . 17408 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\powrprof.dll
[-] 2004-08-10 13:00:00 . 5604574D490B798BD9A946B021A766AD . 17408 . . [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\powrprof.dll

[7] 2008-04-14 02:22:23 . 5132443DF6FC3771A17AB4AE55DCBC28 . 187904 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[7] 2008-04-14 02:22:23 . 5132443DF6FC3771A17AB4AE55DCBC28 . 187904 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\scecli.dll
[-] 2004-08-10 13:00:00 . 64DC26B3CF7BCCAD431CE360A4C625D5 . 186880 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[7] 2008-04-14 02:22:24 . 44161A59DC33AC2EA9C95438ADFFFB7F . 5120 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\sfc.dll
[7] 2008-04-14 02:22:24 . 44161A59DC33AC2EA9C95438ADFFFB7F . 5120 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfc.dll
[-] 2004-08-10 13:00:00 . F62934BC94299083EBFC8810242D8640 . 5120 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\sfc.dll

[7] 2008-04-14 02:23:02 . 4FBC75B74479C7A6F829E0CA19DF3366 . 14336 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[7] 2008-04-14 02:23:02 . 4FBC75B74479C7A6F829E0CA19DF3366 . 14336 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\svchost.exe
[-] 2004-08-10 13:00:00 . 65A819B121EB6FDAB4400EA42BDFFE64 . 14336 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

[7] 2008-04-14 02:22:30 . 05903CAC4B98908D55EA5774775B382E . 249856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\tapisrv.dll
[7] 2008-04-14 02:22:30 . 05903CAC4B98908D55EA5774775B382E . 249856 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\tapisrv.dll
[-] 2005-07-08 16:29:45 . F07061E18613F336A3120229097F7635 . 249344 . . [5.1.2600.2716 (xpsp.050707-1657)] . . C:\WINDOWS\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 16:28:23 . 427D7EB3B453347082C8F4B370065D60 . 249344 . . [5.1.2600.2716 (xpsp_sp2_gdr.050707-1657)] . . C:\WINDOWS\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-10 13:00:00 . 4584E2A5FE662AB3E7C32936E1449043 . 246272 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB893756$\tapisrv.dll

[7] 2008-04-14 02:22:31 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\user32.dll
[7] 2008-04-14 02:22:31 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\user32.dll
[-] 2007-03-08 15:48:39 . 78785EFF8CB90CEC1862A4CCFD9A3C3A . 579584 . . [5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)] . . C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:36:30 . 492E166CFD26A50FB9160DB536FF7D2B . 579072 . . [5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)] . . C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 18:19:56 . 4C90159A69A5FD3EB39C71411F28FCFF . 578560 . . [5.1.2600.2622 (xpsp.050301-1521)] . . C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 18:09:46 . 3751D7CF0E0A113D84414992146BCE6A . 578560 . . [5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)] . . C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[-] 2004-08-10 13:00:00 . 56785FD5236D7B22CF471A6DA9DB46D8 . 578560 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB890859$\user32.dll

[7] 2008-04-14 02:23:03 . 788F95312E26389D596C0FA55834E106 . 26624 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[7] 2008-04-14 02:23:03 . 788F95312E26389D596C0FA55834E106 . 26624 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\userinit.exe
[-] 2004-08-10 13:00:00 . D1E53DC57143F2584B1DD53B036C0633 . 25088 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

[7] 2012-11-01 12:17:52 . 2EDCBEBCAC154808D4BED260D1CC5B3E . 916992 . . [8.00.6001.19389 (longhorn_ie8_gdr.121026-1559)] . . C:\WINDOWS\system32\wininet.dll
[7] 2012-11-01 12:17:52 . 2EDCBEBCAC154808D4BED260D1CC5B3E . 916992 . . [8.00.6001.19389 (longhorn_ie8_gdr.121026-1559)] . . C:\WINDOWS\system32\dllcache\wininet.dll
[7] 2012-11-01 12:15:39 . 55DA1F687D28274A8257B78F72907300 . 920064 . . [8.00.6001.23458 (longhorn_ie8_ldr.121026-1635)] . . C:\WINDOWS\$hf_mig$\KB2761465-IE8\SP3QFE\wininet.dll
[7] 2012-08-28 15:05:49 . 8DA5C02D2CA9C2266C6E1ED1628388FF . 916992 . . [8.00.6001.19328 (longhorn_ie8_gdr.120824-1715)] . . C:\WINDOWS\ie8updates\KB2761465-IE8\wininet.dll
[7] 2012-08-28 15:04:44 . E51889F140ED2B32E986611E69DE148B . 920064 . . [8.00.6001.23415 (longhorn_ie8_ldr.120824-1815)] . . C:\WINDOWS\$hf_mig$\KB2744842-IE8\SP3QFE\wininet.dll
[7] 2012-07-02 17:39:30 . 0085D5288271FA641F95A5A1845C6512 . 916992 . . [8.00.6001.19298 (longhorn_ie8_gdr.120627-1715)] . . C:\WINDOWS\ie8updates\KB2744842-IE8\wininet.dll
[7] 2012-07-02 17:38:22 . 002E8799A0D811A9F611FFA72B0A405D . 920064 . . [8.00.6001.23385 (longhorn_ie8_ldr.120627-1815)] . . C:\WINDOWS\$hf_mig$\KB2722913-IE8\SP3QFE\wininet.dll
[7] 2012-05-16 15:07:03 . CB1B69A4306EAE327DE46277CA3BA9C9 . 916992 . . [8.00.6001.19272 (longhorn_ie8_gdr.120514-1250)] . . C:\WINDOWS\ie8updates\KB2722913-IE8\wininet.dll
[7] 2012-05-16 15:04:52 . FA932FB2522C5B8436DF9D2290F56A98 . 920064 . . [8.00.6001.23359 (longhorn_ie8_ldr.120514-1345)] . . C:\WINDOWS\$hf_mig$\KB2699988-IE8\SP3QFE\wininet.dll
[7] 2012-03-01 11:00:09 . 9C4ABC4869FB2EB0E6F38E27A536B325 . 916992 . . [8.00.6001.19222 (longhorn_ie8_gdr.120227-1715)] . . C:\WINDOWS\ie8updates\KB2699988-IE8\wininet.dll
[7] 2012-03-01 10:57:59 . 4CF6DBF445D93CAB7986F8EB90F27DEC . 919552 . . [8.00.6001.23318 (longhorn_ie8_ldr.120227-1815)] . . C:\WINDOWS\$hf_mig$\KB2675157-IE8\SP3QFE\wininet.dll
[7] 2011-12-17 19:43:23 . 4C4FA27D15C83B59B16CED7DED66E33D . 916992 . . [8.00.6001.19190 (longhorn_ie8_gdr.111214-1715)] . . C:\WINDOWS\ie8updates\KB2675157-IE8\wininet.dll
[7] 2011-12-17 19:42:28 . 48F111BC456924B4F131E9FF11B4925E . 919552 . . [8.00.6001.23286 (longhorn_ie8_ldr.111214-1815)] . . C:\WINDOWS\$hf_mig$\KB2647516-IE8\SP3QFE\wininet.dll
[7] 2011-11-04 19:13:36 . 0BB4286D73CE2CF106F21C7D38C9F85A . 916992 . . [8.00.6001.19165 (longhorn_ie8_gdr.111021-1715)] . . C:\WINDOWS\ie8updates\KB2647516-IE8\wininet.dll
[7] 2011-11-04 19:12:26 . C87AFD199FB2BAA77BADC2974815A7A4 . 919552 . . [8.00.6001.23261 (longhorn_ie8_ldr.111021-1815)] . . C:\WINDOWS\$hf_mig$\KB2618444-IE8\SP3QFE\wininet.dll
[7] 2011-08-22 23:41:33 . 5F841994DB0F2B3A3303F8E6ADFDB13E . 916480 . . [8.00.6001.19131 (longhorn_ie8_gdr.110815-1715)] . . C:\WINDOWS\ie8updates\KB2618444-IE8\wininet.dll
[7] 2011-08-22 23:40:24 . 15F8399C03B9717AC8F5722649CB017D . 919552 . . [8.00.6001.23227 (longhorn_ie8_ldr.110815-1815)] . . C:\WINDOWS\$hf_mig$\KB2586448-IE8\SP3QFE\wininet.dll
[7] 2011-06-23 18:31:31 . 0BF4985026EF2B7F22B91B3A4A56E222 . 916480 . . [8.00.6001.19098 (longhorn_ie8_gdr.110617-1715)] . . C:\WINDOWS\ie8updates\KB2586448-IE8\wininet.dll
[7] 2011-06-23 18:29:26 . 11C398190972B60689CA0E61FEC75C42 . 919552 . . [8.00.6001.23192 (longhorn_ie8_ldr.110617-1815)] . . C:\WINDOWS\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll
[7] 2011-04-25 16:05:35 . 64F49D76DBEDDC28C676AF86A8613575 . 916480 . . [8.00.6001.19072 (longhorn_ie8_gdr.110420-1700)] . . C:\WINDOWS\ie8updates\KB2559049-IE8\wininet.dll
[7] 2011-04-25 16:04:06 . 69E2C6E3430C34698F72E735646B346E . 919552 . . [8.00.6001.23165 (longhorn_ie8_ldr.110420-1800)] . . C:\WINDOWS\$hf_mig$\KB2530548-IE8\SP3QFE\wininet.dll
[7] 2011-02-22 23:25:20 . 0E05446F197207A173E06A27C70A1DF7 . 919552 . . [8.00.6001.23139 (longhorn_ie8_ldr.110211-1800)] . . C:\WINDOWS\$hf_mig$\KB2497640-IE8\SP3QFE\wininet.dll
[7] 2010-12-20 23:51:53 . B5FF24B723725959D6AE0904F53F74BC . 919552 . . [8.00.6001.23111 (longhorn_ie8_ldr.101217-1800)] . . C:\WINDOWS\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll
[7] 2010-11-06 00:23:48 . 628696B409200762C12C5140C434CBFA . 919552 . . [8.00.6001.23084 (longhorn_ie8_ldr.101015-1800)] . . C:\WINDOWS\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll
[7] 2010-11-05 05:04:20 . 456BD079E05B46937DE4A11FE38F865F . 672768 . . [6.00.2900.6049 (xpsp_sp3_gdr.101103-1638)] . . C:\WINDOWS\ie8\wininet.dll
[7] 2010-11-05 05:03:36 . 444EA3DA0167298CF03B0C85A561D9C8 . 674304 . . [6.00.2900.6049 (xpsp_sp3_qfe.101103-1636)] . . C:\WINDOWS\$hf_mig$\KB2416400\SP3QFE\wininet.dll
[7] 2010-09-10 05:46:18 . 7B7028B726053782DD9B98B729515567 . 919552 . . [8.00.6001.23060 (longhorn_ie8_ldr.100824-1900)] . . C:\WINDOWS\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll
[7] 2010-09-09 14:24:27 . 733D929C7D9BC60CEA86B375FD10D49C . 674304 . . [6.00.2900.6036 (xpsp_sp3_qfe.100908-2019)] . . C:\WINDOWS\$hf_mig$\KB2360131\SP3QFE\wininet.dll
[7] 2010-09-09 14:17:09 . 118371098ACBE078901488FD179B3B09 . 672768 . . [6.00.2900.6036 (xpsp_sp3_gdr.100908-2023)] . . C:\WINDOWS\$NtUninstallKB2416400$\wininet.dll
[7] 2010-06-24 12:11:29 . 5C69BD3D833BE9A589F336DE839649B0 . 674304 . . [6.00.2900.6003 (xpsp_sp3_qfe.100623-1636)] . . C:\WINDOWS\$hf_mig$\KB2183461\SP3QFE\wininet.dll
[7] 2010-06-24 12:10:51 . 35A0387364E0AFA7D4FF76302E63AB57 . 672768 . . [6.00.2900.6003 (xpsp_sp3_gdr.100623-1635)] . . C:\WINDOWS\$NtUninstallKB2360131$\wininet.dll
[7] 2010-05-06 10:31:23 . 12C5EEBBC10DB644B44131EE3ECBC430 . 916480 . . [8.00.6001.18923 (longhorn_ie8_gdr.100419-1241)] . . C:\WINDOWS\ie8updates\KB2530548-IE8\wininet.dll
[7] 2010-05-06 10:26:57 . B5B9887088B8168D52CB28020CF05498 . 919040 . . [8.00.6001.23014 (longhorn_ie8_ldr.100419-1507)] . . C:\WINDOWS\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[7] 2010-04-16 16:06:44 . 0CC0A30F7F06C6A5A40911616CA35085 . 672768 . . [6.00.2900.5969 (xpsp_sp3_gdr.100416-1716)] . . C:\WINDOWS\$NtUninstallKB2183461$\wininet.dll
[7] 2010-04-16 16:00:04 . 68B82A22151D41988B3BCB7C881E2B0E . 674304 . . [6.00.2900.5969 (xpsp_sp3_qfe.100416-1736)] . . C:\WINDOWS\$hf_mig$\KB982381\SP3QFE\wininet.dll
[7] 2010-02-26 05:41:12 . 8A54A1EFAF25D51AF0AF6C16A3632F44 . 672768 . . [6.00.2900.5945 (xpsp_sp3_gdr.100225-1251)] . . C:\WINDOWS\$NtUninstallKB982381$\wininet.dll
[7] 2010-02-26 05:37:58 . D9B4109E317F25D5342DB8EC39446A1C . 674304 . . [6.00.2900.5945 (xpsp_sp3_qfe.100225-1321)] . . C:\WINDOWS\$hf_mig$\KB980182\SP3QFE\wininet.dll
[7] 2009-12-22 05:07:58 . 352E386B17F08786A7F0D9D9D909E1FA . 672768 . . [6.00.2900.5921 (xpsp_sp3_gdr.091221-1718)] . . C:\WINDOWS\$NtUninstallKB980182$\wininet.dll
[7] 2009-12-22 05:05:22 . 7F7A6BC378B622FDFC90C5A5575A83D0 . 674304 . . [6.00.2900.5921 (xpsp_sp3_qfe.091221-1752)] . . C:\WINDOWS\$hf_mig$\KB978207\SP3QFE\wininet.dll
[7] 2009-10-29 05:24:35 . 547B7FF3C91C09E7EE82760DA4323706 . 672768 . . [6.00.2900.5897 (xpsp_sp3_gdr.091028-1650)] . . C:\WINDOWS\$NtUninstallKB978207$\wininet.dll
[7] 2009-10-29 05:22:19 . 132C1D9C2DDCDFF55746D73508250362 . 674304 . . [6.00.2900.5897 (xpsp_sp3_qfe.091028-1717)] . . C:\WINDOWS\$hf_mig$\KB976325\SP3QFE\wininet.dll
[7] 2009-09-25 05:35:27 . C9ACEFE3BE286B40A84D47498CF73CB8 . 672768 . . [6.00.2900.5880 (xpsp_sp3_gdr.090924-1438)] . . C:\WINDOWS\$NtUninstallKB976325$\wininet.dll
[7] 2009-09-25 05:32:48 . 8DA0021A5283AFC13EF3932EDD5D1CDA . 674304 . . [6.00.2900.5880 (xpsp_sp3_qfe.090924-1448)] . . C:\WINDOWS\$hf_mig$\KB974455\SP3QFE\wininet.dll
[7] 2009-06-26 16:49:34 . 6988F148A06D085A49553F3E00E0D062 . 672256 . . [6.00.2900.5835 (xpsp_sp3_gdr.090626-1535)] . . C:\WINDOWS\$NtUninstallKB974455$\wininet.dll
[7] 2009-06-26 16:42:20 . F39EB4C85244526E442AC1C55297C918 . 673792 . . [6.00.2900.5835 (xpsp_sp3_qfe.090626-1600)] . . C:\WINDOWS\$hf_mig$\KB972260\SP3QFE\wininet.dll
[7] 2009-04-29 04:33:24 . 7A9E3F9ED0B2772F352571D26D0A164E . 672256 . . [6.00.2900.5803 (xpsp_sp3_gdr.090428-1325)] . . C:\WINDOWS\$NtUninstallKB972260$\wininet.dll
[7] 2009-04-29 04:28:29 . 4926F4F45F9400B8F535E5F5443A54BA . 673792 . . [6.00.2900.5803 (xpsp_sp3_qfe.090428-1347)] . . C:\WINDOWS\$hf_mig$\KB969897\SP3QFE\wininet.dll
[7] 2009-03-08 02:34:58 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)] . . C:\WINDOWS\ie8updates\KB982381-IE8\wininet.dll
[7] 2009-02-20 08:09:45 . 34D8090A7B1AE7975FAE5259BF840849 . 671744 . . [6.00.2900.5764 (xpsp_sp3_gdr.090219-1240)] . . C:\WINDOWS\$NtUninstallKB969897$\wininet.dll
[7] 2009-02-20 07:51:25 . DE271547E700E38226FB0DE0BA34D37A . 673280 . . [6.00.2900.5764 (xpsp_sp3_qfe.090219-1311)] . . C:\WINDOWS\$hf_mig$\KB963027\SP3QFE\wininet.dll
[7] 2008-10-16 01:03:12 . 7DBE34DA22CAB4BE922638540048379F . 672768 . . [6.00.2900.5694 (xpsp_sp3_qfe.081015-1409)] . . C:\WINDOWS\$hf_mig$\KB958215\SP3QFE\wininet.dll
[7] 2008-10-16 01:00:25 . 10A2C485838D5B95CCF7905E21E9A80A . 671744 . . [6.00.2900.5694 (xpsp_sp3_gdr.081015-1312)] . . C:\WINDOWS\$NtUninstallKB963027$\wininet.dll
[7] 2008-08-20 05:33:08 . 66AF60C255953898C67993CD665A2D22 . 673280 . . [6.00.2900.3429 (xpsp_sp2_qfe.080819-1244)] . . C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
[7] 2008-08-20 05:08:55 . C5326257F4FEE83E24B06CD4BC08EBA2 . 671744 . . [6.00.2900.5659 (xpsp_sp3_gdr.080819-1237)] . . C:\WINDOWS\$hf_mig$\KB956390\SP3GDR\wininet.dll
[7] 2008-08-20 05:08:55 . C5326257F4FEE83E24B06CD4BC08EBA2 . 671744 . . [6.00.2900.5659 (xpsp_sp3_gdr.080819-1237)] . . C:\WINDOWS\$NtUninstallKB958215$\wininet.dll
[7] 2008-08-20 05:06:47 . 503D9BE987B9A3964816FED082F45771 . 672256 . . [6.00.2900.5659 (xpsp_sp3_qfe.080819-1352)] . . C:\WINDOWS\$hf_mig$\KB956390\SP3QFE\wininet.dll
[7] 2008-06-23 16:14:31 . 878F506D7F69E06BCCDC86C2A4D17633 . 672768 . . [6.00.2900.3395 (xpsp_sp2_qfe.080623-1318)] . . C:\WINDOWS\$NtUninstallKB956390_0$\wininet.dll
[7] 2008-06-23 15:10:12 . 978542595CF09A86E2EF60552A35C937 . 671744 . . [6.00.2900.5626 (xpsp_sp3_gdr.080623-1315)] . . C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\wininet.dll
[7] 2008-06-23 15:10:12 . 978542595CF09A86E2EF60552A35C937 . 671744 . . [6.00.2900.5626 (xpsp_sp3_gdr.080623-1315)] . . C:\WINDOWS\$NtUninstallKB956390$\wininet.dll
[7] 2008-06-23 14:55:04 . 6432638B5CE374D912C0C4F2A9F03DAE . 672256 . . [6.00.2900.5626 (xpsp_sp3_qfe.080623-1331)] . . C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\wininet.dll
[7] 2008-04-21 06:56:30 . 018ADED93507A4AEA4F55741863DBC9E . 672256 . . [6.00.2900.3354 (xpsp_sp2_qfe.080417-1416)] . . C:\WINDOWS\$NtUninstallKB953838_0$\wininet.dll
[7] 2008-04-21 06:42:36 . 11D26D87E041000EA4C0128CD0010F7A . 671744 . . [6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)] . . C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll
[7] 2008-04-21 06:42:36 . 11D26D87E041000EA4C0128CD0010F7A . 671744 . . [6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)] . . C:\WINDOWS\$NtUninstallKB953838$\wininet.dll
[7] 2008-04-21 06:24:15 . 645A4A4884EB5EB8453C01531FCBEC3A . 672256 . . [6.00.2900.5583 (xpsp_sp3_qfe.080417-1431)] . . C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll
[7] 2008-04-14 02:22:32 . B4AEE98A48917B274FACFB78BBE0BC84 . 671744 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\$NtUninstallKB950759$\wininet.dll
[7] 2008-04-14 02:22:32 . B4AEE98A48917B274FACFB78BBE0BC84 . 671744 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\wininet.dll
[-] 2008-02-16 09:30:57 . 6C49192217DF0509BC6A576535545529 . 671744 . . [6.00.2900.3314 (xpsp_sp2_qfe.080215-1242)] . . C:\WINDOWS\$NtUninstallKB950759_0$\wininet.dll
[-] 2007-12-07 00:46:31 . 273F4B37B80C8D398713A88B788FE59B . 671744 . . [6.00.2900.3268 (xpsp_sp2_qfe.071206-1251)] . . C:\WINDOWS\$NtUninstallKB947864$\wininet.dll
[-] 2007-10-11 05:58:24 . 6BE2CDDC28610D9E73E54678A131B253 . 671744 . . [6.00.2900.3231 (xpsp_sp2_qfe.071010-1316)] . . C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
[-] 2007-08-22 12:56:40 . D6140D5095E62BD609DF3201C7B854AC . 671232 . . [6.00.2900.3199 (xpsp_sp2_qfe.070821-1250)] . . C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
[-] 2007-06-26 14:39:14 . 8FFB79A006666912364801AE679E618E . 671232 . . [6.00.2900.3164 (xpsp_sp2_qfe.070626-1258)] . . C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
[-] 2007-04-18 12:44:36 . AF95C8D19C4391550DBB9FB78D078FA2 . 671232 . . [6.00.2900.3121 (xpsp_sp2_qfe.070418-1302)] . . C:\WINDOWS\$NtUninstallKB937143$\wininet.dll
[-] 2007-02-19 15:22:00 . E2CB4D46FF3638BFF234AE4253BC6430 . 671232 . . [6.00.2900.3086 (xpsp_sp2_qfe.070218-2342)] . . C:\WINDOWS\$NtUninstallKB933566$\wininet.dll
[-] 2007-01-04 14:02:18 . 04A670155A6D86DFBF562F45544E1908 . 670720 . . [6.00.2900.3059 (xpsp_sp2_qfe.070104-0040)] . . C:\WINDOWS\$NtUninstallKB931768$\wininet.dll
[-] 2006-10-23 15:34:37 . 47BBFEB4909D45064A992C3068610B06 . 670208 . . [6.00.2900.3020 (xpsp.061023-0222)] . . C:\WINDOWS\$NtUninstallKB928090$\wininet.dll
[-] 2006-09-14 08:36:16 . C98F3024049AAEAFAE1340D94C16FDC8 . 670208 . . [6.00.2900.2995 (xpsp.060913-0019)] . . C:\WINDOWS\$NtUninstallKB925454$\wininet.dll
[-] 2006-06-23 11:25:32 . 05E47EA6708BD99DF2D8E4ABD55DF079 . 670208 . . [6.00.2900.2937 (xpsp.060623-0011)] . . C:\WINDOWS\$NtUninstallKB922760$\wininet.dll
[-] 2006-01-09 18:00:36 . 957B39EFDAAFC58F43FB233933265F95 . 667648 . . [6.00.2900.2823 (xpsp.060106-1527)] . . C:\WINDOWS\$NtUninstallKB918899$\wininet.dll
[-] 2005-07-03 02:15:28 . 9AD1C82368BBEC1C1414A3F8820C7CF9 . 664064 . . [6.00.2900.2713 (xpsp_sp2_gdr.050702-1513)] . . C:\WINDOWS\$NtUninstallKB912945$\wininet.dll
[-] 2005-07-03 02:11:25 . E992695B2D5628154B65FE8DFB0F3CCA . 665088 . . [6.00.2900.2713 (xpsp.050702-1518)] . . C:\WINDOWS\$hf_mig$\KB896727\SP2QFE\wininet.dll
[-] 2004-08-10 13:00:00 . B1A1DA99C4A6EBFD59F86A453BF02F39 . 662016 . . [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB896727$\wininet.dll

[7] 2008-04-14 02:22:32 . 6A35E2D6F5F052C84EC2CEB296389439 . 82432 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[7] 2008-04-14 02:22:32 . 6A35E2D6F5F052C84EC2CEB296389439 . 82432 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\ws2_32.dll
[-] 2004-08-10 13:00:00 . D569240A22421D5F670BB6FB6DD522B5 . 82944 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

[7] 2008-04-14 02:22:32 . C7D8A0517CBF16B84F657DE87EBE9D4B . 19968 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ws2help.dll
[7] 2008-04-14 02:22:32 . C7D8A0517CBF16B84F657DE87EBE9D4B . 19968 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\ws2help.dll
[-] 2004-08-10 13:00:00 . B3ADA72D1E3E10A8F6430669DFC38ED0 . 19968 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ws2help.dll

[7] 2008-04-14 02:22:45 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\explorer.exe
[7] 2008-04-14 02:22:45 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 13:21:45 . 64D320C0E301EEDC5A4ADBBDC5024F7F . 1036288 . . [6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] . . C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[-] 2007-06-13 13:10:08 . 331ED93570BAF3CFE30340298762CD56 . 1036288 . . [6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)] . . C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2004-08-10 13:00:00 . 22FE1BE02EADDE1632E478E4125639E0 . 1035264 . . [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

[7] 2008-04-14 02:22:58 . AD9226BF3CED13636083BB9C76E9D2A2 . 153600 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\regedit.exe
[7] 2008-04-14 02:22:58 . AD9226BF3CED13636083BB9C76E9D2A2 . 153600 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\regedit.exe
[-] 2004-08-10 13:00:00 . 8193CE5FB09E83F2699FD65BBCBE2FD2 . 153600 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\regedit.exe

[7] 2011-11-01 16:07:05 . 6AD6619E7523E27B771569C26F408F0A . 1288704 . . [5.1.2600.6168 (xpsp_sp3_gdr.111101-1829)] . . C:\WINDOWS\system32\ole32.dll
[7] 2011-11-01 16:07:05 . 6AD6619E7523E27B771569C26F408F0A . 1288704 . . [5.1.2600.6168 (xpsp_sp3_gdr.111101-1829)] . . C:\WINDOWS\system32\dllcache\ole32.dll
[7] 2011-11-01 16:05:36 . D684C601EC79D9543D50EB2DB124FE78 . 1289216 . . [5.1.2600.6168 (xpsp_sp3_qfe.111101-1828)] . . C:\WINDOWS\$hf_mig$\KB2624667\SP3QFE\ole32.dll
[7] 2010-07-16 12:05:01 . B28AF7976F2D8109C0DC2CF2460BEDC2 . 1288192 . . [5.1.2600.6010 (xpsp_sp3_gdr.100712-1633)] . . C:\WINDOWS\$NtUninstallKB2624667$\ole32.dll
[7] 2010-07-16 12:03:47 . B3D7633CF83B09042A49810A7A72ADED . 1289216 . . [5.1.2600.6010 (xpsp_sp3_qfe.100712-1633)] . . C:\WINDOWS\$hf_mig$\KB979687\SP3QFE\ole32.dll
[7] 2008-04-14 02:22:23 . E08D638BA3D3DD6DF6E31216AB66AE0B . 1287680 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\$NtUninstallKB979687$\ole32.dll
[7] 2008-04-14 02:22:23 . E08D638BA3D3DD6DF6E31216AB66AE0B . 1287680 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\ole32.dll
[-] 2005-07-26 04:29:16 . 24EDF93FD04CA1A98D32F092DD4F9953 . 1286144 . . [5.1.2600.2726 (xpsp.050725-1531)] . . C:\WINDOWS\$NtServicePackUninstall$\ole32.dll
[-] 2005-04-28 19:31:43 . 9752FA23CE81D3A2BD2125F40C24A723 . 1285120 . . [5.1.2600.2665 (xpsp_sp2_gdr.050427-1553)] . . C:\WINDOWS\$NtUninstallKB894391$\ole32.dll
[-] 2005-04-28 11:35:40 . D3653209882B5645223B1EA958EEE3A6 . 1286656 . . [5.1.2600.2665 (xpsp.050427-1553)] . . C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\ole32.dll
[-] 2005-04-28 11:35:40 . D3653209882B5645223B1EA958EEE3A6 . 1286656 . . [5.1.2600.2665 (xpsp.050427-1553)] . . C:\WINDOWS\$NtUninstallKB902400$\ole32.dll
[-] 2005-01-14 05:08:03 . 11565070406B8892149C360A4FB23731 . 1285120 . . [5.1.2600.2595 (xpsp.041130-1728)] . . C:\WINDOWS\$hf_mig$\KB873333\SP2QFE\ole32.dll
[-] 2005-01-13 23:57:04 . B84D629E121F94FB0844EAD65C823E6A . 1285120 . . [5.1.2600.2595 (xpsp_sp2_gdr.041130-1729)] . . C:\WINDOWS\$NtUninstallKB894391_0$\ole32.dll
[-] 2004-08-10 13:00:00 . D700449AD3045E81680C25A79620A171 . 1281536 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB873333$\ole32.dll

[7] 2010-04-16 15:36:58 . 45954AFB7AE6E29B23C56B830C820A11 . 406016 . . [1.0420.2600.5969 (xpsp_sp3_gdr.100416-1716)] . . C:\WINDOWS\system32\usp10.dll
[7] 2010-04-16 15:36:58 . 45954AFB7AE6E29B23C56B830C820A11 . 406016 . . [1.0420.2600.5969 (xpsp_sp3_gdr.100416-1716)] . . C:\WINDOWS\system32\dllcache\usp10.dll
[7] 2010-04-16 15:29:51 . EB2AD9C7DADE6C63F5F933881BA2A430 . 406016 . . [1.0420.2600.5969 (xpsp_sp3_qfe.100416-1736)] . . C:\WINDOWS\$hf_mig$\KB981322\SP3QFE\usp10.dll
[7] 2008-04-14 02:22:31 . 052F968390A85D37D5EE8BE3AB2A83A2 . 406016 . . [1.0420.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\$NtUninstallKB981322$\usp10.dll
[7] 2008-04-14 02:22:31 . 052F968390A85D37D5EE8BE3AB2A83A2 . 406016 . . [1.0420.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\usp10.dll
[-] 2004-08-10 13:00:00 . E4E40EAFF464EBE7752BAD3D82AF1715 . 406528 . . [1.0420.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\usp10.dll

[7] 2008-04-14 02:22:13 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\ServicePackFiles\i386\ksuser.dll
[7] 2008-04-14 02:22:13 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\system32\ksuser.dll
[7] 2004-08-03 23:57:24 . 4721744CE11F385073F6F9F7831752C7 . 4096 . . [5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ksuser.dll

[7] 2008-04-14 02:22:40 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 02:22:40 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\ctfmon.exe
[-] 2004-08-10 13:00:00 . 7CE20569925DF6789C31799F0C538F29 . 15360 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe

[7] 2009-07-27 23:16:05 . 2DB7D303C36DDD055215052F118E8E75 . 135680 . . [6.00.2900.5853 (xpsp_sp3_gdr.090727-1736)] . . C:\WINDOWS\system32\shsvcs.dll
[7] 2009-07-27 23:16:05 . 2DB7D303C36DDD055215052F118E8E75 . 135680 . . [6.00.2900.5853 (xpsp_sp3_gdr.090727-1736)] . . C:\WINDOWS\system32\dllcache\shsvcs.dll
[7] 2009-07-27 22:09:53 . 927666F4228E3FBBC3D1171581DC8BDC . 135680 . . [6.00.2900.5853 (xpsp_sp3_qfe.090727-1747)] . . C:\WINDOWS\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[7] 2008-04-14 02:22:25 . 40602EBFBE06AA075C8E4560743F6883 . 135168 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\$NtUninstallKB971029$\shsvcs.dll
[7] 2008-04-14 02:22:25 . 40602EBFBE06AA075C8E4560743F6883 . 135168 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\shsvcs.dll
[-] 2006-12-19 21:49:41 . 521A4CB71CC419FDF60DB83E7308AE2B . 135168 . . [6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)] . . C:\WINDOWS\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 21:48:12 . B5B37E7C51A551F60A1254E63C878FA9 . 135680 . . [6.00.2900.3051 (xpsp_sp2_qfe.061219-0311)] . . C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2004-08-10 13:00:00 . BAC5F7F0C2B8C1B9832594851E0F9914 . 135168 . . [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB928255$\shsvcs.dll

[7] 2008-04-14 02:22:17 . DC4E223F5813150073FB5CC63D13293B . 4608 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\msimg32.dll
[7] 2008-04-14 02:22:17 . DC4E223F5813150073FB5CC63D13293B . 4608 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\msimg32.dll
[-] 2004-08-10 13:00:00 . 3B8A9C87027BF8D6D156BE5FA6E8EBC6 . 4608 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\msimg32.dll

[7] 2008-04-14 02:22:30 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[7] 2008-04-14 02:22:30 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\srsvc.dll
[-] 2004-08-10 13:00:00 . 015F302C4CF961F20C3F98F3A7CA7917 . 171008 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

[7] 2008-04-14 02:23:06 . EDAFBE25FB6480CE68F688BA691890DC . 13824 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\wscntfy.exe
[7] 2008-04-14 02:23:06 . EDAFBE25FB6480CE68F688BA691890DC . 13824 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\wscntfy.exe
[-] 2004-08-10 13:00:00 . 7D3E0BEB62799112F5C9FF717D72BF29 . 13824 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\wscntfy.exe

[7] 2008-04-14 02:22:33 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[7] 2008-04-14 02:22:33 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\xmlprov.dll
[-] 2004-08-10 13:00:00 . 8302DE1C64618D72346DD0034DBC5D9B . 129536 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll

[7] 2010-12-09 15:15:46 . 0314B25236E38383DACD4527C40156E8 . 743936 . . [5.1.2600.6055 (xpsp_sp3_qfe.101209-1646)] . . C:\WINDOWS\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
[7] 2010-12-09 15:15:07 . E3BDD71DA7EAB0A503129D4D127AF1CB . 743936 . . [5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)] . . C:\WINDOWS\system32\ntdll.dll
[7] 2010-12-09 15:15:07 . E3BDD71DA7EAB0A503129D4D127AF1CB . 743936 . . [5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)] . . C:\WINDOWS\system32\dllcache\ntdll.dll
[7] 2009-02-09 10:54:49 . 06DA2C9091606174BFC6F46037AAFFF8 . 740864 . . [5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)] . . C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntdll.dll
[7] 2009-02-09 10:51:43 . 1392B1FB3CD232D4439418DB91DB57A1 . 740352 . . [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] . . C:\WINDOWS\$NtUninstallKB2393802$\ntdll.dll
[7] 2008-04-14 02:21:52 . 95092EFBE367A108ECDD5D6E439754C3 . 731648 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\$NtUninstallKB956572$\ntdll.dll
[7] 2008-04-14 02:21:52 . 95092EFBE367A108ECDD5D6E439754C3 . 731648 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\ntdll.dll
[-] 2004-08-10 13:00:00 . 00E9FF65CC5C4F965ABB0C7BBDAE8309 . 733696 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ntdll.dll

[7] 2008-04-14 02:20:58 . 275CAC40038A2643833B5F48FB474857 . 177152 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\msctfime.ime
[7] 2008-04-14 02:20:58 . 275CAC40038A2643833B5F48FB474857 . 177152 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\msctfime.ime
[-] 2004-08-10 13:00:00 . C7329927E2C73450323565DCFE17D78E . 177152 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\msctfime.ime

[7] 2008-04-14 02:22:10 . 04955AA695448C181B367D964AF158AA . 56320 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[7] 2008-04-14 02:22:10 . 04955AA695448C181B367D964AF158AA . 56320 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\eventlog.dll
[-] 2004-08-10 13:00:00 . B932C077D5A65B71B4512544AC404CB4 . 55808 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[7] 2008-04-14 02:22:25 . 5251425B86EA4A3532B8BB8D14044E61 . 1571840 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[7] 2008-04-14 02:22:25 . 5251425B86EA4A3532B8BB8D14044E61 . 1571840 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfcfiles.dll
[-] 2004-08-10 13:00:00 . 80F7B7198B869C07C98627AF812D68B6 . 1548288 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll

[7] 2008-04-13 19:19:42 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[7] 2008-04-13 19:19:42 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\drivers\ipsec.sys
[-] 2004-08-10 13:00:00 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys

[7] 2008-04-14 02:22:23 . E4CD1F3D84E1C2CA0B8CF7501E201593 . 59904 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\regsvc.dll
[7] 2008-04-14 02:22:23 . E4CD1F3D84E1C2CA0B8CF7501E201593 . 59904 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\regsvc.dll
[-] 2004-08-10 13:00:00 . AE81CF7D7CFA79CD03E8FB99788A7E09 . 59904 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\regsvc.dll

[7] 2008-04-14 02:22:23 . A050194A44D7FA8D7186ED2F4E8367AE . 193536 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\schedsvc.dll
[7] 2008-04-14 02:22:23 . A050194A44D7FA8D7186ED2F4E8367AE . 193536 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\schedsvc.dll
[-] 2004-08-10 13:00:00 . D5E73842F38E24457C63FEF8CEFFBE19 . 192000 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\schedsvc.dll

[7] 2008-04-14 02:22:30 . 4DF5B05DFAEC29E13E1ED6F6EE12C500 . 71680 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ssdpsrv.dll
[7] 2008-04-14 02:22:30 . 4DF5B05DFAEC29E13E1ED6F6EE12C500 . 71680 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\ssdpsrv.dll
[-] 2004-08-10 13:00:00 . 6FA03B462B2FFFE2627171B7FE73EE29 . 71680 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ssdpsrv.dll

[7] 2008-04-14 02:22:30 . B7DE02C863D8F5A005A7BF375375A6A4 . 297472 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[7] 2008-04-14 02:22:30 . B7DE02C863D8F5A005A7BF375375A6A4 . 297472 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\termsrv.dll
[-] 2005-03-10 07:49:53 . A0E72E14B0E12B9AA3648FDB31BDE332 . 297472 . . [5.1.2600.2627 (xpsp.050309-1716)] . . C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
[-] 2004-08-10 13:00:00 . 1850BC10DE5DCCCEDE063FC2D0F2CEDA . 297472 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB895961$\termsrv.dll

[7] 2008-04-14 02:22:11 . 0DAF0705D7B39C94E287913226688804 . 348672 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\hnetcfg.dll
[7] 2008-04-14 02:22:11 . 0DAF0705D7B39C94E287913226688804 . 348672 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\hnetcfg.dll
[-] 2004-08-10 13:00:00 . AE93E415220A4C0112768A0DEE36D28D . 348672 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\hnetcfg.dll

[7] 2008-04-14 02:22:07 . D45960BE52C3C610D361977057F98C54 . 175616 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\appmgmts.dll
[7] 2008-04-14 02:22:07 . D45960BE52C3C610D361977057F98C54 . 175616 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\appmgmts.dll
[-] 2004-08-10 13:00:00 . BECD5328E7869807D6557BE4FE60C72F . 175616 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\appmgmts.dll

[7] 2004-08-10 13:00:00 . 9E1CA3160DAFB159CA14F83B1E317F75 . 12160 . . [5.1.2600.0 (xpclient.010817-1148)] . . C:\WINDOWS\system32\drivers\acpiec.sys

[7] 2008-04-13 16:39:23 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . C:\WINDOWS\ServicePackFiles\i386\aec.sys
[7] 2008-04-13 16:39:23 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . C:\WINDOWS\system32\drivers\aec.sys
[-] 2006-02-15 00:30:07 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . C:\WINDOWS\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22:26 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . C:\WINDOWS\$NtServicePackUninstall$\aec.sys
[7] 2004-08-03 21:39:38 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . C:\WINDOWS\$NtUninstallKB900485$\aec.sys

[7] 2008-04-13 18:36:38 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[7] 2008-04-13 18:36:38 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\drivers\agp440.sys

[7] 2008-04-13 18:53:34 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
[7] 2008-04-13 18:53:34 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\drivers\ip6fw.sys
[-] 2004-08-10 13:00:00 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ip6fw.sys

[7] 2010-09-18 07:18:09 . 4891FCDAE77486BFB56999AA217651FA . 953856 . . [4.1.6151] . . C:\WINDOWS\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[7] 2010-09-18 06:52:56 . 1614669828A32BCD06E1BE6F334BB888 . 953856 . . [4.1.6151] . . C:\WINDOWS\system32\mfc40u.dll
[7] 2010-09-18 06:52:56 . 1614669828A32BCD06E1BE6F334BB888 . 953856 . . [4.1.6151] . . C:\WINDOWS\system32\dllcache\mfc40u.dll
[7] 2008-04-14 02:22:14 . ACC19BA6876AF18768EE87931CAD14E2 . 927504 . . [4.1.0.61] . . C:\WINDOWS\$NtUninstallKB2387149$\mfc40u.dll
[7] 2008-04-14 02:22:14 . ACC19BA6876AF18768EE87931CAD14E2 . 927504 . . [4.1.0.61] . . C:\WINDOWS\ServicePackFiles\i386\mfc40u.dll
[-] 2006-11-01 19:17:41 . B80F1D82969BD31392F1867936E96448 . 927504 . . [4.1.0.61] . . C:\WINDOWS\$NtServicePackUninstall$\mfc40u.dll
[-] 2004-08-10 13:00:00 . 31DD27AB47F62D383505F35CA972748B . 924432 . . [4.1.6140] . . C:\WINDOWS\$NtUninstallKB924667$\mfc40u.dll

[7] 2008-04-14 02:22:16 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\msgsvc.dll
[7] 2008-04-14 02:22:16 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\msgsvc.dll
[-] 2004-08-10 13:00:00 . E5215AB942C5AC5F7EB0E54871D7A27C . 33792 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\msgsvc.dll

[7] 2006-10-18 20:47:16 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . C:\WINDOWS\system32\mspmsnsv.dll
[7] 2005-08-03 17:29:52 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . C:\WINDOWS\$NtUninstallWMFDist11$\mspmsnsv.dll
[7] 2005-08-03 17:29:52 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-10 13:00:00 . 5FDCCC838CD95F61097D8A637F842AA8 . 25600 . . [10.0.3790.3646] . . C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

[7] 2012-08-23 06:26:57 . 683CCEEF613AB24D24C9A764C79A80F2 . 2071936 . . [5.1.2600.6284 (xpsp_sp3_gdr.120821-1629)] . . C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
[7] 2012-08-23 06:26:57 . 683CCEEF613AB24D24C9A764C79A80F2 . 2071936 . . [5.1.2600.6284 (xpsp_sp3_gdr.120821-1629)] . . C:\WINDOWS\system32\ntkrnlpa.exe
[7] 2012-08-23 06:26:57 . 683CCEEF613AB24D24C9A764C79A80F2 . 2071936 . . [5.1.2600.6284 (xpsp_sp3_gdr.120821-1629)] . . C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
[7] 2012-08-23 06:26:13 . 3E6F700819774FD290FA8A79465E41DA . 2071936 . . [5.1.2600.6284 (xpsp_sp3_qfe.120821-1630)] . . C:\WINDOWS\$hf_mig$\KB2724197\SP3QFE\ntkrnlpa.exe
[7] 2012-05-05 03:14:34 . 0A7BFA15D9F9432DB882CD2A174E7F7F . 2071424 . . [5.1.2600.6223 (xpsp_sp3_gdr.120504-1619)] . . C:\WINDOWS\$NtUninstallKB2724197$\ntkrnlpa.exe
[7] 2012-05-05 03:14:13 . 339D9DA45F631C9D9D7132D9F6957943 . 2071424 . . [5.1.2600.6223 (xpsp_sp3_qfe.120504-1617)] . . C:\WINDOWS\$hf_mig$\KB2707511\SP3QFE\ntkrnlpa.exe
[7] 2012-04-11 13:51:20 . FCDFEE91E13E7A2433B053A53645EB39 . 2071424 . . [5.1.2600.6206 (xpsp_sp3_gdr.120411-1615)] . . C:\WINDOWS\$NtUninstallKB2707511$\ntkrnlpa.exe
[7] 2012-04-11 13:50:29 . C3124524EDDDA49504AE558352440F65 . 2071424 . . [5.1.2600.6206 (xpsp_sp3_qfe.120411-1615)] . . C:\WINDOWS\$hf_mig$\KB2676562\SP3QFE\ntkrnlpa.exe
[7] 2011-10-26 10:49:49 . 525C18123E6FAF032E3853A4B9D8F255 . 2071680 . . [5.1.2600.6165 (xpsp_sp3_gdr.111025-1629)] . . C:\WINDOWS\$NtUninstallKB2676562$\ntkrnlpa.exe
[7] 2011-10-26 10:49:08 . ADD968B4D4A095407FD5B915F89BA8B5 . 2071680 . . [5.1.2600.6165 (xpsp_sp3_qfe.111025-1623)] . . C:\WINDOWS\$hf_mig$\KB2633171\SP3QFE\ntkrnlpa.exe
[7] 2010-12-09 19:44:32 . 7B1CA0A6C042E4B90A18B49ED73CBA76 . 2071680 . . [5.1.2600.6055 (xpsp_sp3_qfe.101209-1646)] . . C:\WINDOWS\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[7] 2010-12-09 15:13:53 . 59BCD807F5FC0AB291E9EA1E2CB598B1 . 2071680 . . [5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)] . . C:\WINDOWS\$NtUninstallKB2633171$\ntkrnlpa.exe
[7] 2010-04-28 21:15:34 . 4EACA49489EB3C4A2E83C5546EB5884C . 2069248 . . [5.1.2600.5973 (xpsp_sp3_qfe.100427-1650)] . . C:\WINDOWS\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[7] 2010-04-28 05:41:29 . 989290FBD9A7E90CD8B8E9C96817804D . 2069120 . . [5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)] . . C:\WINDOWS\$NtUninstallKB2393802$\ntkrnlpa.exe
[7] 2010-02-16 19:04:25 . 9F24D01B6027FED0423FD28F1055E3DD . 2069120 . . [5.1.2600.5938 (xpsp_sp3_gdr.100216-1514)] . . C:\WINDOWS\$NtUninstallKB981852$\ntkrnlpa.exe
[7] 2010-02-16 18:58:40 . CEE28C8C47E52F185F9F8F3A2E31880C . 2069248 . . [5.1.2600.5938 (xpsp_sp3_qfe.100216-1510)] . . C:\WINDOWS\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[7] 2009-12-09 14:29:14 . 2E72317A93EF61138E43DCF7CD423EDF . 2068480 . . [5.1.2600.5913 (xpsp_sp3_qfe.091208-2029)] . . C:\WINDOWS\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[7] 2009-12-09 10:06:03 . ADB6D671931D876CD7D53A5E2C147DBB . 2068352 . . [5.1.2600.5913 (xpsp_sp3_gdr.091208-2036)] . . C:\WINDOWS\$NtUninstallKB979683$\ntkrnlpa.exe
[7] 2009-08-04 20:50:20 . C50ED62BB5CDC5AD4F3985ED39C6AE87 . 2068480 . . [5.1.2600.5857 (xpsp_sp3_qfe.090804-1456)] . . C:\WINDOWS\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[7] 2009-08-04 17:26:06 . 602A85B23E5D9E6402D7205AFBE6FEB4 . 2068352 . . [5.1.2600.5857 (xpsp_sp3_gdr.090804-1435)] . . C:\WINDOWS\$NtUninstallKB977165$\ntkrnlpa.exe
[7] 2009-02-10 17:03:46 . 321917CFF934663C48C1E91A930E5D71 . 2068352 . . [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] . . C:\WINDOWS\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-09 11:14:44 . 1F9DA92672B8B5720C5FB1E87D8F249F . 2068480 . . [5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)] . . C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 17:22:14 . C789B5AEA9AB71C5BEF6DD568F744842 . 2068352 . . [5.1.2600.5657 (xpsp_sp3_qfe.080814-1300)] . . C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 13:36:00 . 8F54D426024BC7E45A6F32253BBB572E . 2065280 . . [5.1.2600.3427 (xpsp_sp2_qfe.080814-1242)] . . C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2008-08-14 13:19:48 . 326C258774EB791E78FEA8A9E14D5C3E . 2068352 . . [5.1.2600.5657 (xpsp_sp3_gdr.080814-1236)] . . C:\WINDOWS\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[7] 2008-08-14 13:19:48 . 326C258774EB791E78FEA8A9E14D5C3E . 2068352 . . [5.1.2600.5657 (xpsp_sp3_gdr.080814-1236)] . . C:\WINDOWS\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-04-14 02:00:00 . E51980EF65CED4490A7395A06C08DA34 . 2068224 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2008-04-14 02:00:00 . E51980EF65CED4490A7395A06C08DA34 . 2068224 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2007-02-28 16:06:12 . 9B9CA27AD315C02B71510238574894B2 . 2061696 . . [5.1.2600.3093 (xpsp_sp2_qfe.070227-2300)] . . C:\WINDOWS\$NtUninstallKB956841_0$\ntkrnlpa.exe
[-] 2006-12-19 18:43:40 . D3767E1A7E6674CE671A8A8254945C29 . 2061696 . . [5.1.2600.3051 (xpsp_sp2_qfe.061219-0311)] . . C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2005-09-29 18:28:16 . 85C9D9BC2EBA2821668D80599960BBBD . 2059776 . . [5.1.2600.2765 (xpsp.050928-1517)] . . C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
[-] 2005-03-02 18:06:16 . BDFF8FFA77EE7DF9758EF8C1E0DA8EFF . 2059136 . . [5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)] . . C:\WINDOWS\$NtUninstallKB896256$\ntkrnlpa.exe
[-] 2005-03-02 09:11:32 . AE8364004BBFD70461D2EF34888D3360 . 2059264 . . [5.1.2600.2622 (xpsp.050301-1521)] . . C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[7] 2004-08-10 13:00:00 . CE41FC4C06499A389D39B301879535FB . 2059136 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe

[7] 2008-04-14 02:22:20 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[7] 2008-04-14 02:22:20 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . C:\WINDOWS\system32\ntmssvc.dll
[-] 2004-08-10 13:00:00 . 428AA946A8D9F32DBB4260C8E6E13377 . 438272 . . [5.1.2400.2180] . . C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

[7] 2008-04-14 02:22:31 . 1DFD8975D8C89214B98D9387C1125B49 . 186880 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\upnphost.dll
[7] 2008-04-14 02:22:31 . 1DFD8975D8C89214B98D9387C1125B49 . 186880 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\upnphost.dll
[-] 2007-02-05 20:19:54 . 5C686B95470AC24E133AB4DAC4639A6C . 185856 . . [5.1.2600.3077 (xpsp_sp2_qfe.070205-0007)] . . C:\WINDOWS\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 20:18:44 . 855790C1BACED245A6B210AF430ED17B . 185856 . . [5.1.2600.3077 (xpsp_sp2_gdr.070204-2255)] . . C:\WINDOWS\$NtServicePackUninstall$\upnphost.dll
[-] 2004-08-10 13:00:00 . 09D4A2D7C5A8ABEC227D118765FAADDF . 185856 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB931261$\upnphost.dll

[7] 2008-04-14 02:22:09 . 9236E736EDB57BE7D1EF6274410E3BAC . 367616 . . [5.3.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\ServicePackFiles\i386\dsound.dll
[7] 2008-04-14 02:22:09 . 9236E736EDB57BE7D1EF6274410E3BAC . 367616 . . [5.3.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\system32\dsound.dll
[-] 2004-08-10 13:00:00 . 7DB3393F98E4211F5CE8F003DE0615CF . 367616 . . [5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\dsound.dll

[7] 2008-04-14 02:22:08 . 36969CF86E51EC8ED202B40F2FA80AA6 . 1689088 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\ServicePackFiles\i386\d3d9.dll
[7] 2008-04-14 02:22:08 . 36969CF86E51EC8ED202B40F2FA80AA6 . 1689088 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\system32\d3d9.dll
[-] 2004-08-10 13:00:00 . 20AE7889467887B869F30308EEED9A2A . 1689088 . . [5.03.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\d3d9.dll

[7] 2008-04-14 02:22:08 . 4A37188B83B00DD9CFBA049687AD0DAF . 279552 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\ServicePackFiles\i386\ddraw.dll
[7] 2008-04-14 02:22:08 . 4A37188B83B00DD9CFBA049687AD0DAF . 279552 . . [5.03.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\system32\ddraw.dll
[-] 2004-08-10 13:00:00 . CAC545A56482DE01640E6B791DE19944 . 266240 . . [5.03.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\ddraw.dll

[7] 2008-04-14 02:22:23 . 5D7F5A46975D2E59A6FECB6C231D200F . 84992 . . [5.1.2600.5512] . . C:\WINDOWS\ServicePackFiles\i386\olepro32.dll
[7] 2008-04-14 02:22:23 . 5D7F5A46975D2E59A6FECB6C231D200F . 84992 . . [5.1.2600.5512] . . C:\WINDOWS\system32\olepro32.dll
[-] 2004-08-10 13:00:00 . 1404D3DD4ED4F5E2A938B43794049A81 . 83456 . . [5.1.2600.2180] . . C:\WINDOWS\$NtServicePackUninstall$\olepro32.dll

[7] 2008-04-14 02:22:23 . C47FD93010649AC0D79022D9B69ADBE4 . 41984 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\perfctrs.dll
[7] 2008-04-14 02:22:23 . C47FD93010649AC0D79022D9B69ADBE4 . 41984 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\perfctrs.dll
[-] 2004-08-10 13:00:00 . 007BFD01772B5202C5CE4F208A2F3F46 . 41984 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\perfctrs.dll

[7] 2008-04-14 02:22:31 . F86000634319F71535BCE6B06995EE99 . 18944 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\version.dll
[7] 2008-04-14 02:22:31 . F86000634319F71535BCE6B06995EE99 . 18944 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\version.dll
[-] 2004-08-10 13:00:00 . 4EF2FDC0A085C8339ED4D9C59CE8FC60 . 18944 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\version.dll

[7] 2009-03-08 12:09:26 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)] . . C:\WINDOWS\system32\dllcache\iexplore.exe
[7] 2008-04-14 02:22:48 . 3BFE49B4CDFAC83B0F3C79412895A179 . 93184 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ie8\iexplore.exe
[7] 2008-04-14 02:22:48 . 3BFE49B4CDFAC83B0F3C79412895A179 . 93184 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
[-] 2004-08-10 13:00:00 . B39A6AF04A431E317C85BF061719E705 . 93184 . . [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\iexplore.exe


[7] 2012-08-23 06:26:57 . 777AC14497340CDCFC12438904528E67 . 2195200 . . [5.1.2600.6284 (xpsp_sp3_gdr.120821-1629)] . . C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
[7] 2012-08-23 06:26:57 . 777AC14497340CDCFC12438904528E67 . 2195200 . . [5.1.2600.6284 (xpsp_sp3_gdr.120821-1629)] . . C:\WINDOWS\system32\ntoskrnl.exe
[7] 2012-08-23 06:26:57 . 777AC14497340CDCFC12438904528E67 . 2195200 . . [5.1.2600.6284 (xpsp_sp3_gdr.120821-1629)] . . C:\WINDOWS\system32\dllcache\ntoskrnl.exe
[7] 2012-08-23 06:26:13 . DEF6103237BB417D4082DB5077837853 . 2195328 . . [5.1.2600.6284 (xpsp_sp3_qfe.120821-1630)] . . C:\WINDOWS\$hf_mig$\KB2724197\SP3QFE\ntoskrnl.exe
[7] 2012-05-05 03:14:34 . 6005B4877E0E9AFB992615A0D5130D11 . 2194944 . . [5.1.2600.6223 (xpsp_sp3_gdr.120504-1619)] . . C:\WINDOWS\$NtUninstallKB2724197$\ntoskrnl.exe
[7] 2012-05-05 03:14:13 . C11516E90F6D8C45329A070429392A04 . 2194944 . . [5.1.2600.6223 (xpsp_sp3_qfe.120504-1617)] . . C:\WINDOWS\$hf_mig$\KB2707511\SP3QFE\ntoskrnl.exe
[7] 2012-04-11 13:51:17 . 0D7DD9F68FA1B5D4A5571B0D53A8DF48 . 2194944 . . [5.1.2600.6206 (xpsp_sp3_gdr.120411-1615)] . . C:\WINDOWS\$NtUninstallKB2707511$\ntoskrnl.exe
[7] 2012-04-11 13:50:30 . 35BEC26067274CCFE4BE16CA22E54557 . 2194944 . . [5.1.2600.6206 (xpsp_sp3_qfe.120411-1615)] . . C:\WINDOWS\$hf_mig$\KB2676562\SP3QFE\ntoskrnl.exe
[7] 2011-10-26 10:49:49 . 8B4FC0BCA12CABFDE8C2E49B1B9A65E6 . 2195072 . . [5.1.2600.6165 (xpsp_sp3_gdr.111025-1629)] . . C:\WINDOWS\$NtUninstallKB2676562$\ntoskrnl.exe
[7] 2011-10-26 10:49:08 . 43BA9F58FD87BBF57F958C06241F2C9C . 2195072 . . [5.1.2600.6165 (xpsp_sp3_qfe.111025-1623)] . . C:\WINDOWS\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe
[7] 2010-12-09 15:14:37 . 2A5A8BE47E1F8E55520FB4031E21D129 . 2195072 . . [5.1.2600.6055 (xpsp_sp3_qfe.101209-1646)] . . C:\WINDOWS\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[7] 2010-12-09 15:13:59 . B7EF0123C501FFD1B47A86B44E710FD2 . 2195072 . . [5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)] . . C:\WINDOWS\$NtUninstallKB2633171$\ntoskrnl.exe
[7] 2010-04-28 18:11:30 . FE9DA2C577DF69771B31183EF5684BE8 . 2192256 . . [5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)] . . C:\WINDOWS\$NtUninstallKB2393802$\ntoskrnl.exe
[7] 2010-04-28 05:15:39 . 6AF2E8CEB03F7CB3B8183359563DBB87 . 2192384 . . [5.1.2600.5973 (xpsp_sp3_qfe.100427-1650)] . . C:\WINDOWS\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[7] 2010-02-17 12:04:26 . 786F98EFD090AD93F03E3BD95FB68714 . 2192256 . . [5.1.2600.5938 (xpsp_sp3_gdr.100216-1514)] . . C:\WINDOWS\$NtUninstallKB981852$\ntoskrnl.exe
[7] 2010-02-16 18:58:35 . 4456016C2FF1A8CCCAC8309C9B76E2F5 . 2192384 . . [5.1.2600.5938 (xpsp_sp3_qfe.100216-1510)] . . C:\WINDOWS\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[7] 2009-12-09 14:29:16 . A97847B2D30F4A299B35239D26BAD948 . 2191616 . . [5.1.2600.5913 (xpsp_sp3_qfe.091208-2029)] . . C:\WINDOWS\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[7] 2009-12-09 10:06:03 . F71185C58C105BDB2BE1AEEAF4198F6E . 2191488 . . [5.1.2600.5913 (xpsp_sp3_gdr.091208-2036)] . . C:\WINDOWS\$NtUninstallKB979683$\ntoskrnl.exe
[7] 2009-08-04 20:56:06 . 121AEDCE2F5A65D63C9D51B9198FA7B3 . 2191488 . . [5.1.2600.5857 (xpsp_sp3_gdr.090804-1435)] . . C:\WINDOWS\$NtUninstallKB977165$\ntoskrnl.exe
[7] 2009-08-04 17:20:18 . 4B86421F2D85D9A4ECB06885C40B8EEB . 2191616 . . [5.1.2600.5857 (xpsp_sp3_qfe.090804-1456)] . . C:\WINDOWS\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-10 17:12:40 . D3453310FC92736E674FFDC6E3F455B7 . 2191488 . . [5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)] . . C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-09 11:21:46 . FEE1600B76B196D9993CD468DA7524F7 . 2191360 . . [5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] . . C:\WINDOWS\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2008-08-14 17:22:14 . 59282EFE7147C011530E51FF92BA86AC . 2191488 . . [5.1.2600.5657 (xpsp_sp3_qfe.080814-1300)] . . C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 13:36:00 . C7153F3F41C63C8CB912E973F2780495 . 2188288 . . [5.1.2600.3427 (xpsp_sp2_qfe.080814-1242)] . . C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2008-08-14 13:19:48 . 934FBEA25F8DE017ABFC6169B8446D94 . 2191488 . . [5.1.2600.5657 (xpsp_sp3_gdr.080814-1236)] . . C:\WINDOWS\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[7] 2008-08-14 13:19:48 . 934FBEA25F8DE017ABFC6169B8446D94 . 2191488 . . [5.1.2600.5657 (xpsp_sp3_gdr.080814-1236)] . . C:\WINDOWS\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2008-04-14 02:00:24 . 354C9291513BCE4D0ED6B0C6A15470F8 . 2191360 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2008-04-14 02:00:24 . 354C9291513BCE4D0ED6B0C6A15470F8 . 2191360 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
[-] 2007-02-28 16:06:10 . E1DE7A10D46959560C3B617227D95C19 . 2184448 . . [5.1.2600.3093 (xpsp_sp2_qfe.070227-2300)] . . C:\WINDOWS\$NtUninstallKB956841_0$\ntoskrnl.exe
[-] 2006-12-19 18:43:37 . 00C476049FECF1D3A05C783015B9B518 . 2184320 . . [5.1.2600.3051 (xpsp_sp2_qfe.061219-0311)] . . C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2005-09-29 18:28:43 . 603416BFCCDC6444312993B9BA790EE2 . 2182528 . . [5.1.2600.2765 (xpsp.050928-1517)] . . C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
[-] 2005-03-02 18:11:53 . EB5538A452E0E99169E2B6CDB62FF9D2 . 2181888 . . [5.1.2600.2622 (xpsp.050301-1521)] . . C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 18:06:32 . 7189A2391ADC1F65C9AE87B0ABE0F945 . 2181632 . . [5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)] . . C:\WINDOWS\$NtUninstallKB896256$\ntoskrnl.exe
[7] 2004-08-10 13:00:00 . DC888C9C4CA0EEA7A3CB7E6B610F75C7 . 2183296 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe

[7] 2008-04-14 02:22:30 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[7] 2008-04-14 02:22:30 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\srsvc.dll
[-] 2004-08-10 13:00:00 . 015F302C4CF961F20C3F98F3A7CA7917 . 171008 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

[7] 2008-04-14 02:22:31 . 7B353059E665F8B7AD2BBEAEF597CF45 . 177152 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\w32time.dll
[7] 2008-04-14 02:22:31 . 7B353059E665F8B7AD2BBEAEF597CF45 . 177152 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\w32time.dll
[-] 2004-08-10 13:00:00 . C6D874CD2A5B83CD11CDEBD28A638584 . 176640 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\w32time.dll

[7] 2008-04-14 02:22:32 . BC2C5985611C5356B24AEB370953DED9 . 334336 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\wiaservc.dll
[7] 2008-04-14 02:22:32 . BC2C5985611C5356B24AEB370953DED9 . 334336 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\wiaservc.dll
[-] 2006-12-19 18:48:06 . 452AA1C0E7FEE4B2E78D32BCF36FCEBE . 334336 . . [5.1.2600.3051 (xpsp_sp2_qfe.061219-0311)] . . C:\WINDOWS\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[-] 2006-12-19 18:17:03 . 25E9B30AF1FA1B9AF1853577F39FF20B . 334336 . . [5.1.2600.3051 (xpsp_sp2_gdr.061219-0316)] . . C:\WINDOWS\$NtServicePackUninstall$\wiaservc.dll
[-] 2004-08-10 13:00:00 . 7E751068ADA60FC77638622E86A7CD9E . 333824 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB927802$\wiaservc.dll

[7] 2008-04-14 02:22:14 . 2CF969B9BF1EF069075DCDCE309FAAE1 . 18944 . . [5.1.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\ServicePackFiles\i386\midimap.dll
[7] 2008-04-14 02:22:14 . 2CF969B9BF1EF069075DCDCE309FAAE1 . 18944 . . [5.1.2600.5512 (xpsp.080413-0845)] . . C:\WINDOWS\system32\midimap.dll
[-] 2004-08-10 13:00:00 . 32641AE4D340C1AC2D9B3A3BD71F5C47 . 18944 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\midimap.dll

[7] 2008-04-14 02:22:23 . 469FED8597896DB77B49384BE90E2E0A . 7680 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\rasadhlp.dll
[7] 2008-04-14 02:22:23 . 469FED8597896DB77B49384BE90E2E0A . 7680 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\rasadhlp.dll
[-] 2006-06-26 17:46:11 . 45F87F6E7AB4F79B5C719B78C289DB66 . 7680 . . [5.1.2600.2938 (xpsp.060626-0041)] . . C:\WINDOWS\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[-] 2006-06-26 17:40:34 . DC940E8932827D65180F6A71BD4BD878 . 8192 . . [5.1.2600.2938 (xpsp_sp2_gdr.060626-0020)] . . C:\WINDOWS\$NtServicePackUninstall$\rasadhlp.dll
[-] 2004-08-10 13:00:00 . 84028E2EBE7A25494766673A5FF4B304 . 8192 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB920683$\rasadhlp.dll

[7] 2008-04-14 02:22:32 . 02AF8A799D173C2D0C71F399C03AC9E1 . 19456 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\ServicePackFiles\i386\wshtcpip.dll
[7] 2008-04-14 02:22:32 . 02AF8A799D173C2D0C71F399C03AC9E1 . 19456 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\wshtcpip.dll
[-] 2004-08-10 13:00:00 . 3FEADE4D0B41D22E8B8460739A9B4FEE . 19968 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\wshtcpip.dll

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))


*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{17166733-40EA-4432-A85C-AE672FF0E236}]
2011-05-11 15:38:06	154216	----a-w-	C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1und1InternetExplorerAddon\BHOXML.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 09:05:26 65536]
"OM2_Monitor"="C:\Programme\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-02-22 12:29:10 95536]
"1und1Dispatcher"="C:\Programme\1und1Softwareaktualisierung\SchedDispatcher.exe" [2011-11-17 08:08:24 223600]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 02:22:40 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 12:34:32 64512]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-03 22:25:48 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-03 22:22:36 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-03 22:26:30 118784]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-12-29 21:21:02 61952]
"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 23:02:08 761948]
"Toshiba Hotkey Utility"="C:\Programme\Toshiba\Windows Utilities\Hotkey.exe" [2006-03-15 17:12:24 1769472]
"NDSTray.exe"="NDSTray.exe" [BU]
"SmoothView"="C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe" [2005-05-13 10:01:30 118784]
"mouseElf"="C:\PROGRA~1\NAVIGA~1\MouseElf.EXE" [2004-09-20 05:16:40 196608]
"OM2_Monitor"="C:\Programme\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2008-02-22 12:29:08 54576]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 00:04:34 39792]
"Garmin Lifetime Updater"="C:\Programme\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-12-15 09:40:54 1446248]
"APSDaemon"="C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 06:22:28 59240]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2011-10-24 13:28:52 421888]
"TkBellExe"="C:\program files\real\realplayer\update\realsched.exe" [2012-11-30 14:23:35 296096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 02:22:40 15360]

C:\Dokumente und Einstellungen\Reith\Startmenü\Programme\Autostart\
Microsoft Office OneNote 2003 Schnellstart.lnk - C:\Programme\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\
Dienst-Manager.lnk - C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
McAfee Security Scan Plus.lnk - C:\Programme\McAfee Security Scan\3.0.313\SSScheduler.exe [2012-10-26 271808]
Microsoft Office.lnk - C:\Programme\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

R0 SymDS;Symantec Data Store;C:\WINDOWS\system32\drivers\N360\0502020.003\symds.sys [12.06.2012 06:36:04 340088]
R0 SymEFA;Symantec Extended File Attributes;C:\WINDOWS\system32\drivers\N360\0502020.003\symefa.sys [12.06.2012 06:36:05 744568]
R1 BHDrvx86;BHDrvx86;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20130116.013\BHDrvx86.sys [16.01.2013 03:51:12 997464]
R1 SSHDRV5C;SSHDRV5C;C:\WINDOWS\system32\drivers\SSHDRV5C.sys [24.12.2006 10:48:36 34816]
R1 SymIRON;Symantec Iron Driver;C:\WINDOWS\system32\drivers\N360\0502020.003\ironx86.sys [12.06.2012 06:36:04 136312]
R2 MSSQL$INVENTORCONTENT;MSSQL$INVENTORCONTENT;C:\Programme\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe -sINVENTORCONTENT --> C:\Programme\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe -sINVENTORCONTENT [?]
R2 N360;Norton 360;C:\Programme\Norton 360\Engine\5.2.2.3\ccsvchst.exe [12.06.2012 06:35:43 130008]
R2 serviceIEConfig;IEConfig 1und1/WEB.DE/GMX Edition;C:\WINDOWS\system32\ieconfig_1und1_svc.exe [25.03.2011 14:44:57 1404008]
R3 IDSxpx86;IDSxpx86;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20130208.004\IDSXpx86.sys [09.02.2013 01:57:27 373728]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\drivers\x10hid.sys [22.03.2006 07:47:46 7040]
S2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;"C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?]
S2 HPFECP15;HPFECP15;C:\WINDOWS\system32\drivers\HPFecp15.sys [15.10.1998 08:02:50 52800]
S3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS\system32\drivers\gflmouhid.sys [24.04.2008 16:17:42 6656]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [29.09.2012 13:26:57 40776]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Programme\McAfee Security Scan\3.0.313\McCHSvc.exe [26.10.2012 19:15:26 234776]
S3 SQLAgent$INVENTORCONTENT;SQLAgent$INVENTORCONTENT;C:\Programme\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE -i INVENTORCONTENT --> C:\Programme\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE -i INVENTORCONTENT [?]

--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - WS2IFSL
*Deregistered* - EraserUtilDrv11220

Inhalt des "geplante Tasks" Ordners

2013-02-09 C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 07:21:23 . 2013-02-08 16:26:16]

markusg · 10.02.2013, 17:43

hi
das log is nicht ganz vollständig. hängs mal als txt an bitte

kabbi · 11.02.2013, 10:08

Die Datei lässt sich nicht anhängen, ist zu groß. Was jetzt??

markusg · 11.02.2013, 12:46

packen und anhängen.

kabbi · 11.02.2013, 12:51

OK, danke. Müsste funktioniert haben. Anhang 50216

markusg · 11.02.2013, 13:00

hi
malwarebytes:
Downloade Dir bitte Malwarebytes

Installiere
das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche
nach Aktualisierung
Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet
ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste
das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

kabbi · 11.02.2013, 16:49

So, der Scan ist durch. Hier das Logfile:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.11.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
*** :: YOUR-2D1ABB0973 [Administrator]

Schutz: Aktiviert

11.02.2013 15:14:36
mbam-log-2013-02-11 (15-14-36).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 333732
Laufzeit: 1 Stunde(n), 27 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCR\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\SoftonicDownloader_fuer_able-rawer(1).exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\SoftonicDownloader_fuer_able-rawer(2).exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\SoftonicDownloader_fuer_able-rawer.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Programme\Yontoo Layers Runtime\YontooIEClient.dll (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\System Volume Information\_restore{DD0FF237-AD14-4090-B42A-4C4F2C77CAA7}\RP1287\A0255929.exe (Trojan.FakeMS.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\02082013_171530\C_Dokumente und Einstellungen\***\338359.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

10.02.2013, 17:43	#10
markusg /// Malware-holic	GVU Trojaner auf Laptop, Wix XP SP3 hi das log is nicht ganz vollständig. hängs mal als txt an bitte __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

11.02.2013, 12:46	#12
markusg /// Malware-holic	GVU Trojaner auf Laptop, Wix XP SP3 packen und anhängen. __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

GVU Trojaner auf Laptop, Wix XP SP3

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner auf Laptop, Wix XP SP3