Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: "Generic Host Process" Problem auf Win XP SP3

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 16.09.2010, 00:22   #1
mega.neon
 
"Generic Host Process" Problem auf Win XP SP3 - Standard

"Generic Host Process" Problem auf Win XP SP3



Guten Abend allerseits,

Ich bekomme - seit heute morgen - bei meinem Windows XP, SP3 ständig - nachdem ich hochgefahren habe - die Nachricht

"Generic Host Process for Win 32 Services hat ein Problem festgestellt und muss beendet werden.
Falls Sie gerade Daten bearbeitet haben, sind diese möglicherweise verloren gegangen"

Jetzt wollte ich zuerst mal mit Malwarebytes scannen, musste aber feststellen, daß ich das Programm nicht mehr öffnen kann. (Hatte es bereits installiert und lezte Woche zum letzten mal benutzt, da ging es noch...)
Auch im abgesicherten Modus lässt es sich nicht öffnen.

Ein weiterer Nebeneffekt des Host Process-Crashes ist, daß

a) die Soundkarte nicht mehr gefunden wird und
b) sich die Taskleiste in den Windows 98 Look gewandelt hat.

Da ich jetzt nicht weiss, ob es sich um einen Hardwarefehler oder Virus, Wurm, Trojaner handelt, hab ich mich mal vom Netz getrennt und schreibe vom Mac meiner Freundin aus.

Da, wie gesagt, Malwarebytes nicht startet, kann ich zuerst nur mal die Logs von OTL und Hijack this bieten:

============

HIJACK THIS

============
HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:59:32, on 16.09.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\DeltaIITray.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\DAEMON Tools Pro\DTProAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\XXXX\Desktop\HiJackThis204.exe
C:\WINDOWS\system32\svchost.exe
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://de.search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
R3 - URLSearchHook: ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O5 "LPT1:" /M "Stylus D68"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EPSON Stylus D68 Series (Kopie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P33 "EPSON Stylus D68 Series (Kopie 1)" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\DeltaIITray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Programme\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [EPSON Stylus D68 Series_5000] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P28 "EPSON Stylus D68 Series_5000" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Programme\DAEMON Tools Pro\DTProAgent.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: RAID Manager.lnk = ?
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{04AC5C7A-8C04-4F3B-A9B0-3883BEC58EF2}: NameServer = 93.188.164.72,93.188.166.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.164.72,93.188.166.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.164.72,93.188.166.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.72,93.188.166.222
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Programme\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Programme\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 
--
End of file - 9234 bytes
         
--- --- ---

=======

OTL LOG

=======OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 16.09.2010 01:01:03 - Run 4
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Dokumente und Einstellungen\XXXX\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 18,55 Gb Free Space | 7,96% Space Free | Partition Type: NTFS
Drive D: | 236,72 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 494,50 Mb Total Space | 454,79 Mb Free Space | 91,97% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: XXXX-C204A68EE
Current User Name: XXXX
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.09.16 00:31:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\XXXX\Desktop\OTL.exe
PRC - [2010.06.28 12:59:52 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010.06.15 17:49:54 | 000,493,048 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2010.06.15 17:49:50 | 000,738,808 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ForceField.exe
PRC - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.05.20 17:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.07.27 13:44:58 | 000,236,040 | ---- | M] () -- C:\WINDOWS\system32\DeltaIITray.exe
PRC - [2009.04.09 10:48:28 | 000,228,808 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Pro\DTProAgent.exe
PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.09.19 10:07:28 | 000,827,392 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
PRC - [2006.08.21 14:35:10 | 000,114,688 | ---- | M] () -- C:\WINDOWS\tsnpstd3.exe
PRC - [2005.01.25 06:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAAE.EXE
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.09.16 00:31:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\XXXX\Desktop\OTL.exe
MOD - [2010.07.14 13:30:14 | 000,018,688 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee\SiteAdvisor\sahook.dll
MOD - [2010.06.15 17:50:00 | 000,640,504 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2009.07.12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009.07.12 02:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2008.04.14 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010.07.08 19:03:33 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.06.28 13:01:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010.06.15 17:49:54 | 000,493,048 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.05.20 17:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.08.07 12:43:04 | 000,045,816 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\XXXX\LOKALE~1\Temp\catchme.sys -- (catchme)
DRV - [2010.06.17 19:03:47 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010.06.15 17:49:46 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.01.31 20:03:50 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2009.07.27 13:44:46 | 000,302,472 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MAudioDelta.sys -- (DELTAII) Service for M-Audio Delta Driver (WDM)
DRV - [2009.07.16 18:23:09 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.21 10:09:00 | 000,297,344 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008.04.14 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.04.14 14:00:00 | 000,068,224 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pci.sys -- (PCI)
DRV - [2008.04.14 01:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.04.14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2007.03.27 19:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2005.08.04 13:51:58 | 000,026,112 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iteraid.sys -- (iteraid)
DRV - [2005.05.12 14:39:56 | 001,287,296 | ---- | M] (C-Media Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmudax.sys -- (cmudax)
DRV - [2005.04.01 16:16:00 | 003,454,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001.08.17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.232.0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Programme\McAfee\SiteAdvisor [2010.08.27 08:36:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2010.08.27 09:19:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.12\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.09.09 23:59:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.12\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.09.09 23:59:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.09.02 19:41:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2009.07.03 10:11:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Extensions
[2010.09.02 19:12:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.09.15 19:24:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\bhh2cfbb.default\extensions
[2010.07.23 09:26:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\bhh2cfbb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.27 14:40:02 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\bhh2cfbb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.07.27 08:38:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\bhh2cfbb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.09.10 16:41:28 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\bhh2cfbb.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009.08.21 12:18:58 | 000,002,328 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\bhh2cfbb.default\searchplugins\dictcc.xml
[2009.07.22 17:20:39 | 000,002,305 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\bhh2cfbb.default\searchplugins\lastfm.xml
[2009.07.22 15:52:37 | 000,001,427 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\bhh2cfbb.default\searchplugins\the-hype-machine.xml
[2009.07.06 13:51:58 | 000,001,340 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\bhh2cfbb.default\searchplugins\wikipedia-en.xml
[2009.07.03 12:43:52 | 000,000,952 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\bhh2cfbb.default\searchplugins\youtube-videosuche.xml
[2010.09.15 19:24:37 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.09.09 23:59:48 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.09 23:59:48 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.09 23:59:49 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.09 23:59:49 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.09 23:59:49 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.08 01:32:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus D68 Series (Kopie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus D68 Series_5000] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\DeltaIITray.exe ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe ()
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Programme\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\RAID Manager.lnk = C:\Programme\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe (Integrated Technology Express, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.72,93.188.166.222
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.07.02 19:50:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3c7c99bc-9a44-11df-90ec-0013d4d25c43}\Shell - "" = AutoRun
O33 - MountPoints2\{3c7c99bc-9a44-11df-90ec-0013d4d25c43}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3c7c99bc-9a44-11df-90ec-0013d4d25c43}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.16 00:33:41 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\XXXX\Desktop\OTL.exe
[2010.09.13 14:49:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXXX\Eigene Dateien\Japan Liveset
[2010.09.12 18:40:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXXX\Lokale Einstellungen\Anwendungsdaten\Conduit
[2010.09.12 18:35:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXXX\Lokale Einstellungen\Anwendungsdaten\tuobosymb
[2010.09.03 09:04:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXXX\Desktop\Fotos
[2010.09.02 19:12:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXXX\Lokale Einstellungen\Anwendungsdaten\Thunderbird
[2010.09.02 19:12:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Thunderbird
[2010.09.02 19:12:05 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird
[2010.08.27 08:59:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXXX\Eigene Dateien\ForceField Shared Files
[2010.08.27 08:59:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\CheckPoint
[2010.08.27 08:58:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXXX\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit
[2010.08.27 08:58:40 | 000,000,000 | ---D | C] -- C:\Programme\ZoneAlarm-Sicherheit
[2010.08.27 08:58:33 | 000,000,000 | ---D | C] -- C:\Programme\CheckPoint
[2010.08.27 08:58:09 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2010.08.27 08:58:07 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2010.08.27 08:58:07 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2010.08.27 08:58:04 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2010.08.27 08:58:02 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2010.08.27 08:58:01 | 000,532,224 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2010.08.27 08:58:01 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2010.08.27 08:58:01 | 000,107,520 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2010.08.27 08:58:01 | 000,000,000 | ---D | C] -- C:\Programme\Zone Labs
[2010.08.27 08:57:40 | 000,713,728 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2010.08.27 08:57:40 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2010.08.26 18:31:30 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.08.26 18:31:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.08.26 18:25:04 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.08.26 18:19:19 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.08.26 18:19:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2009.08.24 17:54:15 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2009.08.24 17:54:15 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\vsnpstd3.dll
[2009.08.24 17:54:15 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2007.03.12 12:41:52 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2004.11.24 21:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.16 00:58:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.16 00:50:47 | 000,021,961 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.09.16 00:50:33 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.09.16 00:49:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.16 00:48:24 | 006,553,600 | -H-- | M] () -- C:\Dokumente und Einstellungen\XXXX\NTUSER.DAT
[2010.09.16 00:48:24 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\XXXX\ntuser.ini
[2010.09.16 00:47:06 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\XXXX\Desktop\HiJackThis204.exe
[2010.09.16 00:31:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\XXXX\Desktop\OTL.exe
[2010.09.15 23:47:32 | 004,318,844 | -H-- | M] () -- C:\Dokumente und Einstellungen\XXXX\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.09.15 23:45:33 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.09.15 17:06:21 | 000,022,223 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\HFS0012.rtf
[2010.09.15 16:25:24 | 000,164,864 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXX\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.12 19:03:26 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.09.03 14:46:26 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2010.09.02 19:41:08 | 000,001,632 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Thunderbird.lnk
[2010.08.27 08:59:51 | 000,427,421 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010.08.27 08:58:31 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010.08.26 18:25:32 | 000,001,584 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2010.08.26 12:40:18 | 000,012,862 | ---- | M] () -- C:\WINDOWS\EPISMG00.SWB
[2010.08.25 18:17:24 | 000,017,939 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\HFS001.rtf
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.16 00:05:02 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\XXXX\Desktop\gmer.exe
[2010.09.15 16:53:04 | 000,012,657 | ---- | C] () -- C:\Dokumente und Einstellungen\XXXX\hs_err_pid2640.log
[2010.09.12 18:35:29 | 000,012,944 | ---- | C] () -- C:\Dokumente und Einstellungen\XXXX\hs_err_pid216.log
[2010.09.02 19:12:11 | 000,001,632 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Thunderbird.lnk
[2010.08.27 08:58:01 | 000,427,421 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010.08.26 18:32:43 | 000,002,121 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.08.26 18:25:32 | 000,001,584 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2010.08.26 10:03:19 | 000,022,223 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\HFS0012.rtf
[2010.07.31 13:25:44 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009.08.24 17:54:17 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2009.07.18 18:29:52 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009.07.02 19:58:42 | 000,164,864 | ---- | C] () -- C:\Dokumente und Einstellungen\XXXX\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.19 17:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008.12.17 19:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008.12.17 19:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008.12.17 19:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.12.17 19:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008.12.17 18:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008.12.11 13:27:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008.04.14 14:00:00 | 000,068,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\pci.sys
[2005.04.01 16:16:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2004.10.03 19:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2003.02.18 18:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
 
========== LOP Check ==========
 
[2010.06.07 23:29:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9
[2009.12.21 15:52:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ConeXware
[2009.07.16 18:27:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Pro
[2009.10.23 11:12:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Last.fm
[2009.07.03 10:42:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier
[2009.07.16 18:08:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Propellerhead Software
[2010.09.14 18:54:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Soulseek
[2010.08.26 18:32:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.06.03 18:59:59 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009.10.23 10:34:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.07.20 18:19:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Ableton
[2010.04.11 16:44:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Antares
[2010.07.28 13:53:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\AnvSoft
[2009.07.07 17:27:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Canneverbe_Limited
[2010.08.27 08:59:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\CheckPoint
[2009.07.16 18:35:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\DAEMON Tools Pro
[2009.07.07 18:02:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\DeepBurner
[2010.07.27 14:40:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\DVDVideoSoftIEHelpers
[2010.03.31 12:28:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Facebook
[2009.07.07 14:39:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\OpenOffice.org
[2009.07.20 10:24:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Propellerhead Software
[2010.09.02 19:12:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Thunderbird
[2010.09.12 19:03:26 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2010.04.26 12:12:27 | 000,000,149 | -H-- | M] ()(C:\Dokumente und Einstellungen\XXXX\Desktop\.~lock.??L.42.docx#) -- C:\Dokumente und Einstellungen\XXXX\Desktop\.~lock.漢字L.42.docx#
[2010.04.26 12:12:27 | 000,000,149 | -H-- | C] ()(C:\Dokumente und Einstellungen\XXXX\Desktop\.~lock.??L.42.docx#) -- C:\Dokumente und Einstellungen\XXXX\Desktop\.~lock.漢字L.42.docx#
< End of report >
         
--- --- ---

========

EXTRAS-TXT

========OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 16.09.2010 01:01:03 - Run 4
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Dokumente und Einstellungen\XXXX\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 18,55 Gb Free Space | 7,96% Space Free | Partition Type: NTFS
Drive D: | 236,72 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 494,50 Mb Total Space | 454,79 Mb Free Space | 91,97% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: XXXX-C204A68EE
Current User Name: XXXX
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
"C:\Programme\SoulseekNS\slsk.exe" = C:\Programme\SoulseekNS\slsk.exe:*:Enabled:SoulSeek -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{177ADA1F-6D3B-404A-99DA-D7E0E2A36621}_is1" = Videograbber 2010
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{391BF2AA-1304-471A-9CBF-084AE32813D6}" = M-Audio Delta Driver 6.0.2 (x86)
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{9E520B22-546E-4AD3-8958-7D1EB8587AB1}" = Music Transfer Utility Ver.1
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E9FFB3AD-90F8-4934-A9BD-5DB61EE232B6}_is1" = Videograbber 5.0
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera-168
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F701568C-D0C4-4280-810E-49023432426B}_is1" = ReasonExport
"{FC6AAE10-A081-42C7-9CD3-ED1D80C30941}" = ITE IT8212 ATA RAID Controller
"7-Zip" = 7-Zip 4.65
"Ableton Live_is1" = Ableton Live v7.0.2
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Antares Autotune VST RTAS TDM_is1" = Antares Autotune VST RTAS TDM v5.08
"Any Video Converter_is1" = Any Video Converter 3.0.6
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"C-Media Audio Driver" = C-Media High Definition Audio Driver
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.8.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"JAIELangPack" = Japanese Language Support
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.12)" = Mozilla Firefox (3.5.12)
"Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2)
"NVIDIA Drivers" = NVIDIA Drivers
"RealAlt_is1" = Real Alternative 1.9.0
"Reason4_is1" = Reason 4.0
"SkReasonExport 1.2" = SkReasonExport 1.2
"SopCast" = SopCast 3.2.9
"Soulseek2" = SoulSeek 157 NS 13e
"SSC Service Utility_is1" = SSC Service Utility v4.30
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Update Service
"VLC media player" = VLC media player 0.9.9
"WinRAR archiver" = WinRAR
"XP Codec Pack" = XP Codec Pack
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22.04.2010 04:24:40 | Computer Name = XXXX-C204A68EE | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 26.04.2010 06:06:14 | Computer Name = XXXX-C204A68EE | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 26.04.2010 06:18:35 | Computer Name = XXXX-C204A68EE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung soffice.bin, Version 3.1.9398.500, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x2ffe52d2.
 
Error - 27.04.2010 05:23:29 | Computer Name = XXXX-C204A68EE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung vlc.exe, Version 0.9.9.0, fehlgeschlagenes
Modul libvout_directx_plugin.dll, Version 0.0.0.0, Fehleradresse 0x00005cbc.
 
Error - 05.05.2010 12:39:53 | Computer Name = XXXX-C204A68EE | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung slsk.exe, Version 1.0.0.1, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 06.05.2010 03:02:02 | Computer Name = XXXX-C204A68EE | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 06.05.2010 06:49:03 | Computer Name = XXXX-C204A68EE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung vlc.exe, Version 0.9.9.0, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x00010cce.
 
Error - 06.05.2010 16:42:14 | Computer Name = XXXX-C204A68EE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung soffice.bin, Version 3.1.9398.500, fehlgeschlagenes
Modul scmi.dll, Version 3.0.500.0, Fehleradresse 0x001cfa69.
 
Error - 10.05.2010 12:39:36 | Computer Name = XXXX-C204A68EE | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 11.05.2010 01:44:41 | Computer Name = XXXX-C204A68EE | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
[ System Events ]
Error - 15.09.2010 19:01:09 | Computer Name = XXXX-C204A68EE | Source = Service Control Manager | ID = 7003
Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht 
vorhandenem Dienst abhängig: vsdatant
 
Error - 15.09.2010 19:01:10 | Computer Name = XXXX-C204A68EE | Source = Service Control Manager | ID = 7003
Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht 
vorhandenem Dienst abhängig: vsdatant
 
Error - 15.09.2010 19:01:11 | Computer Name = XXXX-C204A68EE | Source = Service Control Manager | ID = 7003
Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht 
vorhandenem Dienst abhängig: vsdatant
 
Error - 15.09.2010 19:01:12 | Computer Name = XXXX-C204A68EE | Source = Service Control Manager | ID = 7003
Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht 
vorhandenem Dienst abhängig: vsdatant
 
Error - 15.09.2010 19:01:13 | Computer Name = XXXX-C204A68EE | Source = Service Control Manager | ID = 7003
Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht 
vorhandenem Dienst abhängig: vsdatant
 
Error - 15.09.2010 19:01:14 | Computer Name = XXXX-C204A68EE | Source = Service Control Manager | ID = 7003
Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht 
vorhandenem Dienst abhängig: vsdatant
 
Error - 15.09.2010 19:01:15 | Computer Name = XXXX-C204A68EE | Source = Service Control Manager | ID = 7003
Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht 
vorhandenem Dienst abhängig: vsdatant
 
Error - 15.09.2010 19:01:16 | Computer Name = XXXX-C204A68EE | Source = Service Control Manager | ID = 7003
Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht 
vorhandenem Dienst abhängig: vsdatant
 
Error - 15.09.2010 19:01:16 | Computer Name = XXXX-C204A68EE | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Starten Sie
den Dienst neu.) durchzuführen, ist fehlgeschlagen. Fehler: %%1056
 
Error - 15.09.2010 19:01:17 | Computer Name = XXXX-C204A68EE | Source = Service Control Manager | ID = 7003
Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht 
vorhandenem Dienst abhängig: vsdatant
 
 
< End of report >
         
--- --- ---



===========

Wäre über jede Hilfe sehr, sehr Dankbar!!!

Alt 16.09.2010, 09:27   #2
markusg
/// Malware-holic
 
"Generic Host Process" Problem auf Win XP SP3 - Standard

"Generic Host Process" Problem auf Win XP SP3



edit......
__________________


Geändert von markusg (16.09.2010 um 09:59 Uhr)

Alt 16.09.2010, 09:38   #3
Chris4You
 
"Generic Host Process" Problem auf Win XP SP3 - Standard

"Generic Host Process" Problem auf Win XP SP3



Hi,

der Proxy sieht "sehr" seltsam aus, weiterhin hast Du eine Umleitung fürs Internet in die Ukraine.. ;o)...

Versuchen wir uns der Sache mal zu nähern:

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
ATTFilter
C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe
C:\WINDOWS\System32\lsdelete.exe
         
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!


Hijackthis, fixen:
öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
Beim fixen müssen alle Programme geschlossen sein!
(Falls vorhanden, Teatimer von Spyboot wie folgt deaktivieren:
Modus-->Erweiterte Modus-->Ja-->Werkzeuge-->Resident-->dHäkchen entfernen aus der "Resident "TeaTimer" (Schutz aller Systemeinstellungen)->exit)

Code:
ATTFilter
O17 - HKLM\System\CCS\Services\Tcpip\..\{04AC5C7A-8C04-4F3B-A9B0-3883BEC58EF2}: NameServer = 93.188.164.72,93.188.166.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.164.72,93.188.166.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.164.72,93.188.166.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.72,93.188.166.222
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://de.search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092
         
Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:
ATTFilter
:OTL
O4 - HKLM..\Run: [UserFaultCheck] File not found
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.72,93.188.166.222
O33 - MountPoints2\{3c7c99bc-9a44-11df-90ec-0013d4d25c43}\Shell - "" = AutoRun
O33 - MountPoints2\{3c7c99bc-9a44-11df-90ec-0013d4d25c43}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3c7c99bc-9a44-11df-90ec-0013d4d25c43}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = dword:0x00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = dword:0x00

:Commands
[emptytemp]
[EMPTYFLASH]
[Reboot]
         
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Ich denke da ist noch was in "Petto"...

MBR-Check
Lade Dir http://ad13.geekstogo.com/MBRCheck.exe und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
  • Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste bitte den Inhalt des .txt Dokumentes

Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.
Antivierenlösung komplett auschalten und zwar so, dass sie sich auch nach einem Reboot NICHT einschaltet!

Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß!

Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen.

chris
__________________
__________________

Alt 16.09.2010, 13:05   #4
mega.neon
 
"Generic Host Process" Problem auf Win XP SP3 - Standard

"Generic Host Process" Problem auf Win XP SP3



Danke für die schnelle Hilfe!

Der Umleitung in die Ukraine überrascht mich dann doch nur so halb, da ich letzte Woche diese berühmt-berüchtigte "Security Suite" Malware (oder heisst das Scareware!?) auf dem Rechner hatte.
Ich hab es dann nach so einem Walkthrough vom System runtergeworfen, aber scheinbar dann doch nicht richtig...

Das sagt Virustotal:

a) C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe

AhnLab-V3 2010.09.16.01 2010.09.16 -
AntiVir 8.2.4.52 2010.09.16 -
Antiy-AVL 2.0.3.7 2010.09.16 -
Authentium 5.2.0.5 2010.09.16 -
Avast 4.8.1351.0 2010.09.16 -
Avast5 5.0.594.0 2010.09.16 -
AVG 9.0.0.851 2010.09.15 -
BitDefender 7.2 2010.09.16 -
CAT-QuickHeal 11.00 2010.09.16 -
ClamAV 0.96.2.0-git 2010.09.16 -
Comodo 6096 2010.09.16 -
DrWeb 5.0.2.03300 2010.09.16 -
Emsisoft 5.0.0.37 2010.09.16 -
eSafe 7.0.17.0 2010.09.15 -
eTrust-Vet 36.1.7859 2010.09.16 -
F-Prot 4.6.1.107 2010.09.16 -
F-Secure 9.0.15370.0 2010.09.16 -
Fortinet 4.1.143.0 2010.09.16 -
GData 21 2010.09.16 -
Ikarus T3.1.1.88.0 2010.09.16 -
Jiangmin 13.0.900 2010.09.16 -
K7AntiVirus 9.63.2522 2010.09.15 -
Kaspersky 7.0.0.125 2010.09.16 -
McAfee 5.400.0.1158 2010.09.16 -
McAfee-GW-Edition 2010.1C 2010.09.16 -
Microsoft 1.6103 2010.09.16 -
NOD32 5454 2010.09.16 -
Norman 6.06.06 2010.09.15 -
nProtect 2010-09-16.02 2010.09.16 -
Panda 10.0.2.7 2010.09.15 -
PCTools 7.0.3.5 2010.09.16 -
Prevx 3.0 2010.09.16 -
Rising 22.65.03.01 2010.09.16 -
Sophos 4.57.0 2010.09.16 -
Sunbelt 6882 2010.09.16 -
SUPERAntiSpyware 4.40.0.1006 2010.09.16 -
Symantec 20101.1.1.7 2010.09.16 -
TheHacker 6.7.0.0.020 2010.09.16 -
TrendMicro 9.120.0.1004 2010.09.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.16 -
VBA32 3.12.14.0 2010.09.15 -
ViRobot 2010.8.25.4006 2010.09.16 -
VirusBuster 12.65.8.0

MD5 : 1b17e09c1223f6d17336d2dd7a1af4f4
SHA1 : 721dd499b30cc3643941eed4b449884bfc1777a5
SHA256: 06dfad95007532ccf46d593eedc2474936614aedcea7bf983e36dad22f850b08


b) C:\WINDOWS\System32\lsdelete.exe


AhnLab-V3 2010.09.16.01 2010.09.16 -
AntiVir 8.2.4.52 2010.09.16 -
Antiy-AVL 2.0.3.7 2010.09.16 -
Authentium 5.2.0.5 2010.09.16 -
Avast 4.8.1351.0 2010.09.16 -
Avast5 5.0.594.0 2010.09.16 -
AVG 9.0.0.851 2010.09.15 -
BitDefender 7.2 2010.09.16 -
CAT-QuickHeal 11.00 2010.09.16 -
ClamAV 0.96.2.0-git 2010.09.16 -
Comodo 6096 2010.09.16 -
DrWeb 5.0.2.03300 2010.09.16 -
eSafe 7.0.17.0 2010.09.15 -
eTrust-Vet 36.1.7859 2010.09.16 -
F-Prot 4.6.1.107 2010.09.16 -
F-Secure 9.0.15370.0 2010.09.16 -
Fortinet 4.1.143.0 2010.09.16 -
GData 21 2010.09.16 -
Ikarus T3.1.1.88.0 2010.09.16 -
Jiangmin 13.0.900 2010.09.16 -
K7AntiVirus 9.63.2522 2010.09.15 -
Kaspersky 7.0.0.125 2010.09.16 -
McAfee 5.400.0.1158 2010.09.16 -
McAfee-GW-Edition 2010.1C 2010.09.16 -
Microsoft 1.6103 2010.09.16 -
NOD32 5454 2010.09.16 -
Norman 6.06.06 2010.09.15 -
nProtect 2010-09-16.02 2010.09.16 -
Panda 10.0.2.7 2010.09.16 -
PCTools 7.0.3.5 2010.09.16 -
Prevx 3.0 2010.09.16 -
Rising 22.65.03.01 2010.09.16 -
Sophos 4.57.0 2010.09.16 -
Sunbelt 6882 2010.09.16 -
SUPERAntiSpyware 4.40.0.1006 2010.09.16 -
Symantec 20101.1.1.7 2010.09.16 -
TheHacker 6.7.0.0.020 2010.09.16 -
TrendMicro 9.120.0.1004 2010.09.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.16 -
VBA32 3.12.14.0 2010.09.15 -
ViRobot 2010.8.25.4006 2010.09.16 -
VirusBuster 12.65.8.0 2010.09.15 -


MD5 : 11d37ffc9aaa3435c9d428cf5998acb5
SHA1 : d7ac5f908f1abcaaf4a76f6f9605bc20f7389c3b
SHA256: f5b18cf8f7fad5f8a1df03399f3d390703d57d6ce94fe04b8aab18389846e45b

=====================================



nun zum OTL Log:


��=

Alt 16.09.2010, 13:15   #5
mega.neon
 
"Generic Host Process" Problem auf Win XP SP3 - Standard

"Generic Host Process" Problem auf Win XP SP3



OTL Log:

R

edit: irgendwie bekomme ich den OTL Log hier nicht rein, auch nicht mit "code". Mache ich da was falsch?


Geändert von mega.neon (16.09.2010 um 13:24 Uhr) Grund: siehe Text

Alt 16.09.2010, 13:17   #6
mega.neon
 
"Generic Host Process" Problem auf Win XP SP3 - Standard

"Generic Host Process" Problem auf Win XP SP3



MBR - Check:


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 122):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80700000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A7000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7596000 pci.sys
0xF75F7000 ohci1394.sys
0xF7607000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7617000 isapnp.sys
0xF7A4F000 PCIIde.sys
0xF7707000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
0xF798B000 intelide.sys
0xF7627000 MountMgr.sys
0xF74D7000 ftdisk.sys
0xF770F000 PartMgr.sys
0xF7637000 VolSnap.sys
0xF74BF000 atapi.sys
0xF7647000 iteraid.sys
0xF74A7000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF7657000 disk.sys
0xF7667000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7877000 fltMgr.sys
0xF7865000 sr.sys
0xF7677000 Lbd.sys
0xF784E000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF795A000 NDIS.sys
0xF7834000 Mup.sys
0xF7526000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB91C2000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB91AE000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9186000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB913D000 \SystemRoot\system32\DRIVERS\yk51x86.sys
0xF77BF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9119000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77C7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7516000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF7506000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7487000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7497000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB90F6000 \SystemRoot\system32\DRIVERS\ks.sys
0xF77CF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB90AD000 \SystemRoot\system32\DRIVERS\MAudioDelta.sys
0xB99C0000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB9099000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7477000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB99B8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7467000 \SystemRoot\system32\DRIVERS\serial.sys
0xB9E82000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF7AB5000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7457000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9E7A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9082000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7447000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7437000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB99B0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB9071000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7427000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB99A8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB99A0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7417000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB9998000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB9990000 \SystemRoot\system32\DRIVERS\seehcri.sys
0xF79CB000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9013000 \SystemRoot\system32\DRIVERS\update.sys
0xB9E6E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF76E7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAC930000 \SystemRoot\system32\drivers\cmudax.sys
0xAC90C000 \SystemRoot\system32\drivers\portcls.sys
0xAE721000 \SystemRoot\system32\drivers\drmk.sys
0xAE711000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79B3000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xAEEE9000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF79B7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7A79000 \SystemRoot\System32\Drivers\Null.SYS
0xF79B9000 \SystemRoot\System32\Drivers\Beep.SYS
0xAEED9000 \SystemRoot\System32\drivers\vga.sys
0xF79BB000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79BD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xAEED1000 \SystemRoot\System32\Drivers\Msfs.SYS
0xAEEC9000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB7EB5000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAC89D000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAC844000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAC81C000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAC7F6000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAC7CA000 \SystemRoot\System32\drivers\afd.sys
0xAE6F1000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAE6E1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAEEC1000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xAC79F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAC707000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAE6D1000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xAE6C1000 \SystemRoot\System32\Drivers\Fips.SYS
0xADD8B000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xAEC47000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xAC1E7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xADD83000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xAEC43000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA3C7A000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA48B5000 \SystemRoot\System32\drivers\Dxapi.sys
0xA3E01000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xA9793000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF7947000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB9988000 \??\C:\Programme\CheckPoint\ZAForceField\ISWKL.sys
0xA15BE000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA40C6000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA14EF000 \SystemRoot\system32\DRIVERS\srv.sys
0xA0AFA000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9E5C000 \SystemRoot\system32\drivers\sysaudio.sys
0xA0723000 \SystemRoot\System32\Drivers\HTTP.sys
0x9F863000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB5825000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9F9AF000 \SystemRoot\system32\drivers\usbaudio.sys
0x9E0C5000 \SystemRoot\system32\drivers\kmixer.sys
0xB9526000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 38):
0 System Idle Process
4 System
600 C:\WINDOWS\system32\smss.exe
660 csrss.exe
684 C:\WINDOWS\system32\winlogon.exe
728 C:\WINDOWS\system32\services.exe
740 C:\WINDOWS\system32\lsass.exe
924 C:\WINDOWS\system32\svchost.exe
996 svchost.exe
1128 svchost.exe
1156 svchost.exe
1188 C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe
1364 C:\WINDOWS\system32\spoolsv.exe
1456 svchost.exe
1524 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1548 C:\Programme\Bonjour\mDNSResponder.exe
1612 C:\Programme\Java\jre6\bin\jqs.exe
1652 C:\PROGRA~1\McAfee\SITEAD~1\McSACore.exe
1700 C:\WINDOWS\system32\nvsvc32.exe
1796 C:\WINDOWS\system32\svchost.exe
1888 C:\WINDOWS\system32\wuauclt.exe
452 C:\Programme\CheckPoint\ZAForceField\ForceField.exe
576 alg.exe
644 C:\WINDOWS\explorer.exe
872 C:\WINDOWS\system32\rundll32.exe
2372 C:\WINDOWS\system32\rundll32.exe
2500 C:\WINDOWS\tsnpstd3.exe
2508 C:\WINDOWS\vsnpstd3.exe
2536 C:\WINDOWS\system32\DeltaIITray.exe
2552 C:\Programme\iTunes\iTunesHelper.exe
2564 C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
2592 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAAE.EXE
2684 C:\WINDOWS\system32\ctfmon.exe
2868 C:\Programme\iPod\bin\iPodService.exe
1904 C:\Programme\Avira\AntiVir Desktop\sched.exe
2960 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
1680 C:\WINDOWS\system32\svchost.exe
1428 C:\Dokumente und Einstellungen\XXXX\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGSP2504C, Rev: VT100-33

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11


Done!


=====================

und der Combofix Log:

Combofix Logfile:
Code:
ATTFilter
ComboFix 10-09-15.01 - XXXX 16.09.2010  13:31:17.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.2047.1748 [GMT 2:00]
ausgef¸hrt von:: c:\dokumente und einstellungen\XXXX\Desktop\23458.exe
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((   Weitere Lˆschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\XXXX\Startmen¸\Programme\Antimalware Doctor
c:\dokumente und einstellungen\XXXX\Startmen¸\Programme\Antimalware Doctor\Antimalware Doctor.lnk
c:\dokumente und einstellungen\XXXX\Startmen¸\Programme\Antimalware Doctor\Uninstall.lnk
c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.exe
c:\windows\system32\spool\prtprocs\w32x86\x55q5w.dll

c:\windows\system32\DRIVERS\pci.sys . . . ist infiziert!! . . . Failed to find a valid replacement.
.
(((((((((((((((((((((((   Dateien erstellt von 2010-08-16 bis 2010-09-16  ))))))))))))))))))))))))))))))
.

2010-09-16 10:51 . 2010-09-16 10:51	--------	d-----w-	C:\_OTL
2010-09-13 09:39 . 2010-09-13 09:39	--------	d-----w-	c:\dokumente und einstellungen\Retep\Anwendungsdaten\Malwarebytes
2010-09-12 16:40 . 2010-09-12 16:40	--------	d-----w-	c:\dokumente und einstellungen\XXXX\Lokale Einstellungen\Anwendungsdaten\Conduit
2010-09-12 16:35 . 2010-09-12 19:59	--------	d-----w-	c:\dokumente und einstellungen\XXXX\Lokale Einstellungen\Anwendungsdaten\tuobosymb
2010-09-02 17:12 . 2010-09-02 17:12	--------	d-----w-	c:\dokumente und einstellungen\XXXX\Lokale Einstellungen\Anwendungsdaten\Thunderbird
2010-09-02 17:12 . 2010-09-02 17:12	--------	d-----w-	c:\dokumente und einstellungen\XXXX\Anwendungsdaten\Thunderbird
2010-09-02 17:12 . 2010-09-02 17:41	--------	d-----w-	c:\programme\Mozilla Thunderbird
2010-08-30 06:13 . 2010-08-30 06:13	--------	d-----w-	c:\dokumente und einstellungen\Retep\Anwendungsdaten\CheckPoint
2010-08-27 06:59 . 2010-08-27 06:59	--------	d-----w-	c:\dokumente und einstellungen\XXXX\Anwendungsdaten\CheckPoint
2010-08-27 06:58 . 2010-09-12 16:40	--------	d-----w-	c:\dokumente und einstellungen\XXXX\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit
2010-08-27 06:58 . 2010-08-27 06:58	--------	d-----w-	c:\programme\ZoneAlarm-Sicherheit
2010-08-27 06:58 . 2010-08-27 06:58	--------	d-----w-	c:\programme\CheckPoint
2010-08-27 06:58 . 2010-06-28 10:59	69120	----a-w-	c:\windows\system32\zlcomm.dll
2010-08-27 06:58 . 2010-06-28 10:59	103936	----a-w-	c:\windows\system32\zlcommdb.dll
2010-08-27 06:58 . 2010-06-28 10:59	1238528	----a-w-	c:\windows\system32\zpeng25.dll
2010-08-27 06:58 . 2010-08-27 06:58	--------	d-----w-	c:\programme\Zone Labs
2010-08-26 16:31 . 2010-08-26 16:31	--------	d-----w-	c:\programme\iPod
2010-08-26 16:31 . 2010-08-26 16:32	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-26 16:25 . 2010-08-26 16:25	--------	d-----w-	c:\programme\QuickTime
2010-08-26 16:19 . 2010-08-26 16:19	--------	d-----w-	c:\programme\Bonjour
2010-08-26 16:16 . 2010-08-26 16:16	73000	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 11:05 . 2009-07-03 08:44	--------	d-----w-	c:\dokumente und einstellungen\XXXX\Anwendungsdaten\Skype
2010-09-16 10:45 . 2009-07-07 12:40	1	----a-w-	c:\dokumente und einstellungen\XXXX\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-16 07:22 . 2009-07-03 08:55	--------	d-----w-	c:\dokumente und einstellungen\XXXX\Anwendungsdaten\skypePM
2010-09-15 21:45 . 2010-08-30 22:12	17035608	----a-w-	c:\windows\Internet Logs\tvDebug.Zip
2010-09-14 16:54 . 2009-07-03 09:00	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Soulseek
2010-09-12 18:05 . 2010-05-19 16:31	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2010-09-01 11:08 . 2009-07-13 08:14	--------	d-----w-	c:\dokumente und einstellungen\XXXX\Anwendungsdaten\dvdcss
2010-08-27 06:59 . 2010-08-27 06:59	1583104	----a-w-	c:\windows\Internet Logs\xDB55.tmp
2010-08-27 06:58 . 2009-07-03 08:42	4212	---ha-w-	c:\windows\system32\zllictbl.dat
2010-08-27 06:38 . 2009-07-03 09:39	--------	d-----w-	c:\programme\McAfee
2010-08-26 16:32 . 2009-10-23 08:33	--------	d-----w-	c:\programme\iTunes
2010-08-26 16:31 . 2009-10-23 08:28	--------	d-----w-	c:\programme\Gemeinsame Dateien\Apple
2010-08-11 23:53 . 2008-04-14 12:00	80092	----a-w-	c:\windows\system32\perfc007.dat
2010-08-11 23:53 . 2008-04-14 12:00	448396	----a-w-	c:\windows\system32\perfh007.dat
2010-07-28 12:48 . 2010-07-28 12:47	--------	d-----w-	c:\programme\XP Codec Pack
2010-07-28 11:53 . 2010-07-28 11:53	--------	d-----w-	c:\dokumente und einstellungen\XXXX\Anwendungsdaten\AnvSoft
2010-07-28 11:53 . 2010-07-28 11:53	--------	d-----w-	c:\programme\AnvSoft
2010-07-27 12:40 . 2010-07-27 12:40	--------	d-----w-	c:\dokumente und einstellungen\XXXX\Anwendungsdaten\DVDVideoSoftIEHelpers
2010-07-27 12:39 . 2010-07-27 12:39	--------	d-----w-	c:\programme\Gemeinsame Dateien\DVDVideoSoft
2010-07-27 12:39 . 2010-07-27 12:39	--------	d-----w-	c:\programme\DVDVideoSoft
2010-06-30 12:28 . 2008-04-14 12:00	149504	----a-w-	c:\windows\system32\schannel.dll
2010-06-24 12:10 . 2008-04-14 12:00	672768	----a-w-	c:\windows\system32\wininet.dll
2010-06-24 12:10 . 2008-04-14 12:00	81920	----a-w-	c:\windows\system32\ieencode.dll
2010-06-24 09:02 . 2008-04-14 12:00	1852032	----a-w-	c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2008-04-14 12:00	354304	----a-w-	c:\windows\system32\drivers\srv.sys
.

(((((((((((((((((((((((((((((   SnapShot@2010-06-07_23.33.00   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-16 11:28 . 2010-09-16 11:28	16384              c:\windows\Temp\Perflib_Perfdata_27c.dat
+ 2010-08-27 06:58 . 2010-06-28 11:00	12288              c:\windows\system32\ZoneLabs\zlsre_loc0407.dll
+ 2010-08-27 06:58 . 2010-06-28 10:59	99328              c:\windows\system32\ZoneLabs\zlquarantine.dll
+ 2010-08-27 06:58 . 2010-06-28 10:59	70656              c:\windows\system32\ZoneLabs\zatray.exe
+ 2010-08-27 06:58 . 2010-06-28 11:00	39424              c:\windows\system32\ZoneLabs\vsmon_loc0407.dll
+ 2010-08-27 06:58 . 2010-06-28 11:00	21504              c:\windows\system32\ZoneLabs\lib\zsys.zip.dll
+ 2010-08-27 06:58 . 2010-06-28 11:00	14336              c:\windows\system32\ZoneLabs\lib\zmenu.zip.dll
+ 2010-08-27 06:58 . 2010-06-28 11:00	46592              c:\windows\system32\ZoneLabs\lib\zfde.zip.dll
+ 2010-08-27 06:58 . 2010-06-28 11:00	85504              c:\windows\system32\ZoneLabs\lib\ZAlert.zip.dll
+ 2010-08-27 06:58 . 2010-06-28 11:00	37376              c:\windows\system32\ZoneLabs\lib\UpdateUI.zip.dll
+ 2010-08-27 06:58 . 2010-06-28 11:00	12800              c:\windows\system32\ZoneLabs\lib\oem_1488.zip.dll
+ 2010-08-27 06:58 . 2010-06-28 11:00	12800              c:\windows\system32\ZoneLabs\lib\oem_1487.zip.dll
+ 2010-08-27 06:58 . 2010-06-28 11:00	12800              c:\windows\system32\ZoneLabs\lib\oem_1486.zip.dll
+ 2010-08-27 06:58 . 2010-06-28 11:00	20992              c:\windows\system32\ZoneLabs\lib\oem_1466.zip.dll
+ 2010-08-27 06:58 . 2010-06-28 11:00	12800              c:\windows\system32\ZoneLabs\lib\oem_1460.zip.dll
+ 2010-08-27 06:58 . 2010-06-28 11:00	10240              c:\windows\system32\ZoneLabs\lib\oem_1454.zip.dll
+ 2010-08-27 06:58 . 2010-06-28 11:00	11264              c:\windows\system32\ZoneLabs\lib\oem_1445.zip.dll
+ 2010-08-27 06:58 . 2010-06-28 11:00	14336              c:\windows\system32\ZoneLabs\lib\oem_1440.zip.dll
+ 2010-08-27 06:58 . 2010-06-28 11:00	12288              c:\windows\system32\ZoneLabs\lib\oem_1413.zip.dll
+ 2010-08-27 06:58 . 2010-06-28 11:00	11264              c:\windows\system32\ZoneLabs\lib\oem_1010.zip.dll
+ 2010-08-27 06:58 . 2010-06-28 11:00	29184              c:\windows\system32\ZoneLabs\lib\NavBar.zip.dll
+ 2010-08-27 06:58 . 2010-06-28 11:00	13312              c:\windows\system32\ZoneLabs\lib\MainLoop.zip.dll
+ 2010-08-27 06:58 . 2010-06-28 11:00	35840              c:\windows\system32\ZoneLabs\lib\Alert.zip.dll
+ 2010-08-27 06:58 . 2010-06-28 10:59	38912              c:\windows\system32\ZoneLabs\featuremap.dll
+ 2010-08-27 06:58 . 2010-06-28 10:59	75776              c:\windows\system32\ZoneLabs\camupd.dll
+ 2010-08-27 06:58 . 2010-06-28 10:59	43008              c:\windows\system32\vswmi.dll
+ 2010-08-27 06:58 . 2010-06-28 10:59	58368              c:\windows\system32\vsregexp.dll
+ 2008-04-14 12:00 . 2010-04-21 13:28	46080              c:\windows\system32\tzchange.exe
- 2008-04-14 12:00 . 2010-01-23 08:11	46080              c:\windows\system32\tzchange.exe
- 2009-07-04 01:00 . 2009-05-26 11:40	18808              c:\windows\system32\spmsg.dll
+ 2009-07-04 01:00 . 2010-02-22 14:22	18808              c:\windows\system32\spmsg.dll
+ 2006-11-02 16:10 . 2006-11-02 16:10	80912              c:\windows\system32\sherlock2.exe
+ 2004-08-10 06:52 . 2004-08-10 06:52	49221              c:\windows\system32\rv40.dll
+ 2004-08-10 06:52 . 2004-08-10 06:52	49221              c:\windows\system32\rv30.dll
+ 2004-08-10 06:51 . 2004-08-10 06:51	57411              c:\windows\system32\rv20.dll
+ 2004-08-10 06:50 . 2004-08-10 06:50	49216              c:\windows\system32\rv10.dll
+ 2010-08-26 16:20 . 2009-08-28 17:42	40448              c:\windows\system32\ReinstallBackups\0005\DriverFiles\usbaapl.sys
+ 2010-03-30 22:16 . 2010-03-30 22:16	99176              c:\windows\system32\PresentationHostProxy.dll
- 2008-04-14 12:00 . 2010-03-31 07:04	67312              c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2010-08-11 23:53	67312              c:\windows\system32\perfc009.dat
+ 2009-11-06 23:07 . 2009-11-06 23:07	49488              c:\windows\system32\netfxperf.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	11600              c:\windows\system32\mui\0409\mscorees.dll
+ 2009-07-27 11:44 . 2009-07-27 11:44	25096              c:\windows\system32\MAudioDeltaAsio.dll
+ 2008-04-14 12:00 . 2010-06-17 14:03	80384              c:\windows\system32\iccvid.dll
- 2008-04-14 12:00 . 2008-04-14 12:00	80384              c:\windows\system32\iccvid.dll
+ 2008-12-17 17:22 . 2008-12-17 17:22	93184              c:\windows\system32\ff_wmv9.dll
+ 2008-12-17 17:22 . 2008-12-17 17:22	57344              c:\windows\system32\ff_vfw.dll
+ 2010-08-26 16:20 . 2010-04-19 18:47	41984              c:\windows\system32\DRVSTORE\usbaapl_3822718F9E2E86C3752D30561ECA5A855A4A3F7D\usbaapl.sys
+ 2010-08-26 16:20 . 2010-04-19 18:29	18432              c:\windows\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\netaapl.sys
+ 2010-06-17 17:05 . 2010-06-17 17:03	64288              c:\windows\system32\DRVSTORE\lbd_9C578CA880A99903668A8694DEFB21244E9C4C62\Lbd.sys
+ 2009-10-23 08:28 . 2010-04-19 18:47	41984              c:\windows\system32\drivers\usbaapl.sys
+ 2010-06-17 17:04 . 2010-06-03 17:02	95024              c:\windows\system32\drivers\SBREDrv.sys
- 2010-05-19 16:31 . 2010-04-29 10:19	38224              c:\windows\system32\drivers\mbamswissarmy.sys
+ 2010-05-19 16:31 . 2010-04-29 13:39	38224              c:\windows\system32\drivers\mbamswissarmy.sys
+ 2010-05-19 16:31 . 2010-04-29 13:39	20952              c:\windows\system32\drivers\mbam.sys
- 2010-05-19 16:31 . 2010-04-29 10:19	20952              c:\windows\system32\drivers\mbam.sys
- 2009-08-21 12:32 . 2010-02-04 15:53	64288              c:\windows\system32\drivers\Lbd.sys
+ 2009-08-21 12:32 . 2010-06-17 17:03	64288              c:\windows\system32\drivers\Lbd.sys
+ 2010-05-18 14:35 . 2010-05-18 14:35	91424              c:\windows\system32\dnssd.dll
+ 2008-04-14 12:00 . 2010-06-24 12:10	81920              c:\windows\system32\dllcache\ieencode.dll
- 2008-04-14 12:00 . 2010-02-26 05:41	81920              c:\windows\system32\dllcache\ieencode.dll
+ 2008-04-14 12:00 . 2010-03-05 14:37	65536              c:\windows\system32\dllcache\asycfilt.dll
+ 2009-07-27 11:44 . 2009-07-27 11:44	21000              c:\windows\system32\DeltaIIpnl.dll
- 2009-08-26 16:54 . 2008-03-03 08:13	21000              c:\windows\system32\DeltaIIpnl.dll
+ 2004-08-10 06:50 . 2004-08-10 06:50	65602              c:\windows\system32\cook.dll
+ 2004-08-10 06:50 . 2004-08-10 06:50	77889              c:\windows\system32\atrc.dll
+ 2008-04-14 12:00 . 2010-03-05 14:37	65536              c:\windows\system32\asycfilt.dll
- 2008-07-29 17:16 . 2008-07-29 17:16	32768              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2010-04-07 21:48 . 2010-04-07 21:48	32768              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13648              c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2010-03-23 03:31 . 2010-03-23 03:31	30544              c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2009-11-06 23:07 . 2009-11-06 23:07	13648              c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13648              c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13648              c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13648              c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13664              c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13688              c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13664              c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13696              c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13656              c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13656              c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13656              c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13672              c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13664              c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	86864              c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2010-07-28 12:21 . 2010-07-28 12:21	65536              c:\windows\Installer\{49FC50FC-F965-40D9-89B4-CBFF80941031}\ARPPRODUCTICON.exe
+ 2010-08-12 07:05 . 2010-08-12 07:05	60928              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5ec9dec678303ebff0ef018edb5ec595\UIAutomationProvider.ni.dll
+ 2010-08-12 14:04 . 2010-08-12 14:04	37888              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll
+ 2010-08-12 14:03 . 2010-08-12 14:03	36864              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\aada360296a42e0413579a19c771ec2d\System.Web.DynamicData.Design.ni.dll
+ 2010-08-12 14:01 . 2010-08-12 14:01	94208              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2b5ff2c6358c483eb1439b99badb54fd\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-08-12 14:01 . 2010-08-12 14:01	82944              c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\6125ff5a4fcd93d70a246cbff3005d42\System.AddIn.Contract.ni.dll
+ 2010-08-12 07:03 . 2010-08-12 07:03	47104              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\de26af01222270c121788161496fcfe7\PresentationFontCache.ni.exe
+ 2010-08-11 23:54 . 2010-08-11 23:54	39424              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3c5adeedb70e6e052a6556c6ab9b6918\PresentationCFFRasterizer.ni.dll
+ 2010-08-12 14:03 . 2010-08-12 14:03	55296              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll
+ 2010-08-12 10:02 . 2010-08-12 10:02	74752              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e1d4e0b1f112000ab33bbaf88bd9ed99\Microsoft.Build.Framework.ni.dll
+ 2010-08-12 10:02 . 2010-08-12 10:02	65024              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4200cf5b7f247ec1b997808c6d1ba7d1\Microsoft.Build.Framework.ni.dll
+ 2010-08-12 10:02 . 2010-08-12 10:02	14336              c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\50b7fc7f36c76313cbb434b10923e4e9\dfsvc.ni.exe
+ 2010-08-12 10:00 . 2010-08-12 10:00	25600              c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5ffa548547613dbc5a92f2c5b7cad196\Accessibility.ni.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	77824              c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-08-11 23:52 . 2010-08-11 23:52	77824              c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-07-07 15:13 . 2009-07-07 15:13	32768              c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-06-09 23:10 . 2010-06-09 23:10	32768              c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-08-11 23:52 . 2010-08-11 23:52	81920              c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	81920              c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	81920              c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-10-18 19:24 . 2009-10-18 19:24	81920              c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	32768              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	32768              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	12800              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	12800              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	28672              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	28672              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	77824              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	77824              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	36864              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	36864              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	77824              c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	77824              c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-08-11 23:52 . 2010-08-11 23:52	13312              c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	13312              c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	10752              c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	10752              c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	72192              c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	72192              c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	69120              c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	69120              c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-08-11 23:49 . 2008-04-14 12:00	80384              c:\windows\$NtUninstallKB982665$\iccvid.dll
+ 2010-06-12 16:56 . 2010-02-26 05:41	81920              c:\windows\$NtUninstallKB982381$\ieencode.dll
+ 2010-06-09 23:13 . 2010-01-23 08:11	46080              c:\windows\$NtUninstallKB981793$\tzchange.exe
+ 2010-06-09 23:13 . 2010-04-22 22:21	16896              c:\windows\$NtUninstallKB981793$\spuninst\tzchange.dll
+ 2010-06-09 23:11 . 2008-04-14 12:00	65024              c:\windows\$NtUninstallKB979482$\asycfilt.dll
+ 2010-08-11 23:54 . 2010-04-16 16:06	81920              c:\windows\$NtUninstallKB2183461$\ieencode.dll
+ 2010-08-11 23:49 . 2010-02-22 14:22	26488              c:\windows\$hf_mig$\KB982665\update\spcustom.dll
+ 2010-08-11 23:49 . 2010-02-22 14:22	18808              c:\windows\$hf_mig$\KB982665\spmsg.dll
+ 2010-06-17 14:00 . 2010-06-17 14:00	80384              c:\windows\$hf_mig$\KB982665\SP3QFE\iccvid.dll
+ 2010-06-12 16:56 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB982381\update\spcustom.dll
+ 2010-06-12 16:56 . 2009-05-26 11:40	18808              c:\windows\$hf_mig$\KB982381\spmsg.dll
+ 2010-04-16 15:59 . 2010-04-16 15:59	81920              c:\windows\$hf_mig$\KB982381\SP3QFE\ieencode.dll
+ 2010-08-11 23:54 . 2010-02-22 14:22	26488              c:\windows\$hf_mig$\KB982214\update\spcustom.dll
+ 2010-08-11 23:54 . 2010-02-22 14:22	18808              c:\windows\$hf_mig$\KB982214\spmsg.dll
+ 2010-08-11 23:49 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB981997\update\spcustom.dll
+ 2010-08-11 23:49 . 2009-05-26 11:40	18808              c:\windows\$hf_mig$\KB981997\spmsg.dll
+ 2010-08-11 23:54 . 2010-02-22 14:22	26488              c:\windows\$hf_mig$\KB981852\update\spcustom.dll
+ 2010-08-11 18:35 . 2010-06-17 13:45	16896              c:\windows\$hf_mig$\KB981852\update\mpsyschk.dll
+ 2010-08-11 23:54 . 2010-02-22 14:22	18808              c:\windows\$hf_mig$\KB981852\spmsg.dll
+ 2010-08-11 23:51 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB980436\update\spcustom.dll
+ 2010-08-11 23:51 . 2009-05-26 11:40	18808              c:\windows\$hf_mig$\KB980436\spmsg.dll
+ 2010-06-09 23:13 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB980218\update\spcustom.dll
+ 2010-06-09 23:13 . 2009-05-26 11:40	18808              c:\windows\$hf_mig$\KB980218\spmsg.dll
+ 2010-06-09 23:13 . 2008-07-08 13:00	26488              c:\windows\$hf_mig$\KB980195\update\spcustom.dll
+ 2010-06-09 23:13 . 2008-07-08 13:00	18808              c:\windows\$hf_mig$\KB980195\spmsg.dll
+ 2010-06-09 23:13 . 2009-05-26 09:01	26488              c:\windows\$hf_mig$\KB979559\update\spcustom.dll
+ 2010-06-09 23:13 . 2009-05-26 09:01	18808              c:\windows\$hf_mig$\KB979559\spmsg.dll
+ 2010-06-09 23:11 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB979482\update\spcustom.dll
+ 2010-06-09 23:11 . 2009-05-26 11:40	18808              c:\windows\$hf_mig$\KB979482\spmsg.dll
+ 2010-03-05 14:50 . 2010-03-05 14:50	65536              c:\windows\$hf_mig$\KB979482\SP3QFE\asycfilt.dll
+ 2010-06-09 23:11 . 2008-07-08 13:00	26488              c:\windows\$hf_mig$\KB975562\update\spcustom.dll
+ 2010-06-09 23:11 . 2008-07-08 13:00	18808              c:\windows\$hf_mig$\KB975562\spmsg.dll
+ 2010-08-04 00:37 . 2010-02-22 14:22	26488              c:\windows\$hf_mig$\KB2286198\update\spcustom.dll
+ 2010-08-04 00:37 . 2010-02-22 14:22	18808              c:\windows\$hf_mig$\KB2286198\spmsg.dll
+ 2010-07-19 22:15 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB2229593\update\spcustom.dll
+ 2010-07-19 22:15 . 2009-05-26 11:40	18808              c:\windows\$hf_mig$\KB2229593\spmsg.dll
+ 2010-08-11 23:54 . 2010-02-22 14:22	26488              c:\windows\$hf_mig$\KB2183461\update\spcustom.dll
+ 2010-08-11 23:54 . 2010-02-22 14:22	18808              c:\windows\$hf_mig$\KB2183461\spmsg.dll
+ 2010-06-24 12:11 . 2010-06-24 12:11	81920              c:\windows\$hf_mig$\KB2183461\SP3QFE\ieencode.dll
+ 2010-08-11 23:51 . 2010-02-22 14:22	26488              c:\windows\$hf_mig$\KB2160329\update\spcustom.dll
+ 2010-08-11 23:51 . 2010-02-22 14:22	18808              c:\windows\$hf_mig$\KB2160329\spmsg.dll
+ 2010-08-11 23:54 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB2115168\update\spcustom.dll
+ 2010-08-11 23:54 . 2009-05-26 11:40	18808              c:\windows\$hf_mig$\KB2115168\spmsg.dll
+ 2010-08-11 23:54 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB2079403\update\spcustom.dll
+ 2010-08-11 23:54 . 2009-05-26 11:40	18808              c:\windows\$hf_mig$\KB2079403\spmsg.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	8192              c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	8192              c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-08-27 06:58 . 2010-06-28 11:00	7168              c:\windows\system32\ZoneLabs\zlquarantine_loc0407.dll
+ 2010-08-27 06:58 . 2010-06-28 11:00	7168              c:\windows\system32\ZoneLabs\vsvault_loc0407.dll
+ 2010-08-27 06:58 . 2010-06-28 11:00	7168              c:\windows\system32\ZoneLabs\vsdb_loc0407.dll
+ 2010-08-27 06:58 . 2010-06-28 11:00	7168              c:\windows\system32\ZoneLabs\scheduler_loc0407.dll
+ 2010-08-27 06:58 . 2010-06-28 11:00	7168              c:\windows\system32\ZoneLabs\camupd_loc0407.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	7168              c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	7168              c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	5632              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-10-18 19:24 . 2009-10-18 19:24	5632              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	6656              c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	6656              c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	8192              c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	8192              c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	113664              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	113664              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-08-27 06:58 . 2010-06-28 10:59	141824              c:\windows\system32\ZoneLabs\zlupdate.dll
+ 2010-08-27 06:58 . 2010-06-28 10:59	173056              c:\windows\system32\ZoneLabs\vsvault.dll
+ 2010-08-27 06:58 . 2010-06-28 11:00	189440              c:\windows\system32\ZoneLabs\vsruledb_loc0407.dll
+ 2010-08-27 06:57 . 2010-06-28 10:59	211456              c:\windows\system32\ZoneLabs\vsdb.dll
+ 2010-08-27 06:58 . 2010-06-28 11:00	113664              c:\windows\system32\ZoneLabs\updClient_loc0407.dll
+ 2010-08-27 06:58 . 2007-10-11 14:51	832984              c:\windows\system32\ZoneLabs\updating.dll
- 2009-07-03 08:40 . 2007-10-11 14:50	832984              c:\windows\system32\ZoneLabs\updating.dll
+ 2010-08-27 06:58 . 2010-06-28 10:59	434688              c:\windows\system32\ZoneLabs\ssleay32.dll
+ 2010-08-27 06:58 . 2010-06-28 10:59	135680              c:\windows\system32\ZoneLabs\scheduler.dll
+ 2010-08-27 06:58 . 2009-07-13 21:58	722392              c:\windows\system32\ZoneLabs\qrbase.dll
+ 2010-08-27 06:58 . 2010-06-28 11:00	126976              c:\windows\system32\ZoneLabs\lib\zui.zip.dll
+ 2010-08-27 06:58 . 2010-06-28 11:00	279040              c:\windows\system32\ZoneLabs\lib\TrayTest.zip.dll
+ 2010-08-27 06:58 . 2010-06-28 11:00	225792              c:\windows\system32\ZoneLabs\lib\Overview.zip.dll
+ 2010-08-27 06:58 . 2010-06-28 11:00	368640              c:\windows\system32\ZoneLabs\lib\LicenseUI.zip.dll
+ 2010-08-27 06:58 . 2010-06-28 11:00	184832              c:\windows\system32\ZoneLabs\lib\DashBoard.zip.dll
+ 2010-08-27 06:58 . 2010-06-28 11:00	375296              c:\windows\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2010-08-27 06:57 . 2010-02-08 06:41	595432              c:\windows\system32\ZoneLabs\icslta.dll
+ 2010-08-27 06:59 . 2010-05-04 12:04	284136              c:\windows\system32\ZoneLabs\ffapi.dll
- 2009-07-03 08:42 . 2004-01-30 10:35	813568              c:\windows\system32\ZoneLabs\dbghelp.dll
+ 2009-07-03 08:42 . 2008-03-17 14:52	813568              c:\windows\system32\ZoneLabs\dbghelp.dll
+ 2010-07-28 12:31 . 2001-05-16 14:54	309616              c:\windows\system32\wmv8dmod.dll
+ 2010-08-27 06:57 . 2010-06-28 10:59	713728              c:\windows\system32\vsutil.dll
+ 2010-08-27 06:58 . 2010-06-28 10:59	302592              c:\windows\system32\vspubapi.dll
+ 2010-08-27 06:58 . 2010-06-28 10:59	107520              c:\windows\system32\vsmonapi.dll
+ 2010-08-27 06:57 . 2010-06-28 10:59	228864              c:\windows\system32\vsinit.dll
+ 2010-08-27 06:58 . 2010-05-13 08:02	532224              c:\windows\system32\vsdatant.sys
+ 2009-07-03 08:36 . 2010-06-28 10:59	112128              c:\windows\system32\vsdata.dll
- 2008-04-14 12:00 . 2010-02-26 05:41	628736              c:\windows\system32\urlmon.dll
+ 2008-04-14 12:00 . 2010-06-24 12:10	628736              c:\windows\system32\urlmon.dll
+ 2004-08-10 06:50 . 2004-08-10 06:50	106561              c:\windows\system32\sipr.dll
+ 2010-03-30 22:10 . 2010-03-30 22:10	295264              c:\windows\system32\PresentationHost.exe
+ 2003-11-25 23:32 . 2003-11-25 23:32	123392              c:\windows\system32\pncrt.dll
+ 2008-04-14 12:00 . 2010-08-11 23:53	432356              c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2010-03-31 07:04	432356              c:\windows\system32\perfh009.dat
+ 2004-04-20 22:00 . 2004-04-20 22:00	172032              c:\windows\system32\OptimFROG.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	297808              c:\windows\system32\mscoree.dll
+ 2009-07-27 11:44 . 2009-07-27 11:44	743944              c:\windows\system32\M-AudioDeltaControlPanel.exe
+ 2008-12-17 16:59 . 2008-12-17 16:59	560802              c:\windows\system32\libmplayer.dll
- 2008-04-14 12:00 . 2010-02-26 05:41	251904              c:\windows\system32\iepeers.dll
+ 2008-04-14 12:00 . 2010-06-24 12:10	251904              c:\windows\system32\iepeers.dll
+ 2004-08-10 06:52 . 2004-08-10 06:52	241723              c:\windows\system32\hxltcolor.dll
+ 2008-12-17 17:41 . 2008-12-17 17:41	884237              c:\windows\system32\ff_x264.dll
+ 2008-12-17 17:17 . 2008-12-17 17:17	239247              c:\windows\system32\ff_theora.dll
+ 2004-10-03 17:50 . 2004-10-03 17:50	129024              c:\windows\system32\ff_mpeg2enc.dll
+ 2010-06-09 22:05 . 2009-07-27 11:44	302472              c:\windows\system32\DRVSTORE\MAudioDelt_C62DF34B2A974BD71D4CEF14F2291520F7ADD37D\MAudioDelta.sys
+ 2004-11-24 19:25 . 2004-11-24 19:25	335872              c:\windows\system32\drvc.dll
+ 2004-08-10 06:51 . 2004-08-10 06:51	176195              c:\windows\system32\drv2.dll
+ 2004-08-10 06:50 . 2004-08-10 06:50	102464              c:\windows\system32\drv1.dll
+ 2010-06-09 22:05 . 2009-07-27 11:44	302472              c:\windows\system32\drivers\MAudioDelta.sys
+ 2008-04-14 00:46 . 2008-04-13 22:46	141056              c:\windows\system32\drivers\ks.sys
- 2008-04-14 00:46 . 2008-04-13 23:46	141056              c:\windows\system32\drivers\ks.sys
+ 2010-05-18 14:35 . 2010-05-18 14:35	197920              c:\windows\system32\dnssdX.dll
+ 2010-05-18 14:35 . 2010-05-18 14:35	107808              c:\windows\system32\dns-sd.exe
+ 2008-04-14 12:00 . 2010-06-24 12:10	672768              c:\windows\system32\dllcache\wininet.dll
- 2008-04-14 12:00 . 2010-02-26 05:41	672768              c:\windows\system32\dllcache\wininet.dll
- 2008-04-14 12:00 . 2010-02-26 05:41	628736              c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-14 12:00 . 2010-06-24 12:10	628736              c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-14 12:00 . 2010-06-21 15:27	354304              c:\windows\system32\dllcache\srv.sys
+ 2008-04-14 12:00 . 2010-06-30 12:28	149504              c:\windows\system32\dllcache\schannel.dll
+ 2008-04-14 00:46 . 2008-04-13 22:46	141056              c:\windows\system32\dllcache\ks.sys
- 2008-04-14 00:46 . 2008-04-13 23:46	141056              c:\windows\system32\dllcache\ks.sys
+ 2008-04-14 12:00 . 2010-06-24 12:10	251904              c:\windows\system32\dllcache\iepeers.dll
- 2008-04-14 12:00 . 2010-02-26 05:41	251904              c:\windows\system32\dllcache\iepeers.dll
+ 2009-07-02 17:48 . 2010-06-14 14:31	744448              c:\windows\system32\dllcache\helpsvc.exe
- 2009-07-02 17:48 . 2008-04-14 12:00	744448              c:\windows\system32\dllcache\helpsvc.exe
- 2008-04-14 12:00 . 2008-04-14 12:00	285696              c:\windows\system32\dllcache\atmfd.dll
+ 2008-04-14 12:00 . 2010-04-20 05:29	285696              c:\windows\system32\dllcache\atmfd.dll
+ 2009-07-27 11:44 . 2009-07-27 11:44	236040              c:\windows\system32\DeltaIITray.exe
- 2009-08-26 16:54 . 2008-03-03 08:13	236040              c:\windows\system32\DeltaIITray.exe
+ 2008-04-14 12:00 . 2010-04-20 05:29	285696              c:\windows\system32\atmfd.dll
- 2008-04-14 12:00 . 2008-04-14 12:00	285696              c:\windows\system32\atmfd.dll
- 2009-07-02 17:48 . 2008-04-14 12:00	744448              c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
+ 2009-07-02 17:48 . 2010-06-14 14:31	744448              c:\windows\pchealth\helpctr\binaries\helpsvc.exe
+ 2010-03-30 22:16 . 2010-03-30 22:16	130408              c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2010-04-07 21:48 . 2010-04-07 21:48	970752              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2010-04-07 21:48 . 2010-04-07 21:48	110592              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
- 2008-07-29 17:16 . 2008-07-29 17:16	110592              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-03-23 03:31 . 2010-03-23 03:31	435024              c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2010-02-09 10:22 . 2010-02-09 10:22	258048              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2008-07-25 09:17 . 2008-07-25 09:17	258048              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-05-11 04:40 . 2010-05-11 04:40	388936              c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2010-05-11 04:40 . 2010-05-11 04:40	989016              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2009-08-07 21:51 . 2009-08-07 21:51	989016              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-08-26 16:18 . 2010-08-26 16:18	807424              c:\windows\Installer\211367b.msi
+ 2010-02-24 22:14 . 2010-02-24 22:14	543232              c:\windows\Installer\184e326.msp
+ 2010-08-26 16:33 . 2010-08-26 16:33	372736              c:\windows\Installer\{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}\iTunesIco.exe
+ 2010-08-12 10:02 . 2010-08-12 10:02	321536              c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\a16b8bcca59515281688ec856c034698\WsatConfig.ni.exe
+ 2010-08-12 07:05 . 2010-08-12 07:05	240128              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\672c4d8e3c33e309c1ed90fa4cb85aba\WindowsFormsIntegration.ni.dll
+ 2010-08-12 07:05 . 2010-08-12 07:05	187904              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\cd91a32f4e36ccb2981c72c0d333e928\UIAutomationTypes.ni.dll
+ 2010-08-12 07:05 . 2010-08-12 07:05	447488              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\9df760fdf8071c7b0de78f39de365e6a\UIAutomationClient.ni.dll
+ 2010-08-12 14:04 . 2010-08-12 14:04	400896              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\ff53d5b5249a2841ee196294429f51cf\System.Xml.Linq.ni.dll
+ 2010-08-12 14:03 . 2010-08-12 14:03	129536              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\5e16c279496a553c988c6199f0cee8aa\System.Web.Routing.ni.dll
+ 2010-08-12 14:03 . 2010-08-12 14:03	202240              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\d0ae809162b55e2fa958739177476af8\System.Web.RegularExpressions.ni.dll
+ 2010-08-12 14:03 . 2010-08-12 14:03	859648              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\720b28d81e987b889180b291ea19b821\System.Web.Extensions.Design.ni.dll
+ 2010-08-12 14:03 . 2010-08-12 14:03	328704              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\da36fd678161cd3444ef547c894e3f35\System.Web.Entity.ni.dll
+ 2010-08-12 14:03 . 2010-08-12 14:03	301056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\49ae7c73fac8827123d5db1714c22599\System.Web.Entity.Design.ni.dll
+ 2010-08-12 14:03 . 2010-08-12 14:03	547328              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ce3aa27d3c4c052845ac5abb1374defa\System.Web.DynamicData.ni.dll
+ 2010-08-12 14:03 . 2010-08-12 14:03	141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\95fab896ef2af14876e3e1524379773b\System.Web.Abstractions.ni.dll
+ 2010-08-12 14:03 . 2010-08-12 14:03	627200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\26d5bf1f7e700c2c19aa9b1da5519b24\System.Transactions.ni.dll
+ 2010-08-12 14:03 . 2010-08-12 14:03	212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll
+ 2010-08-12 10:02 . 2010-08-12 10:02	679936              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\75e331a5d731d8e207be07adc06dec23\System.Security.ni.dll
+ 2010-08-12 14:02 . 2010-08-12 14:02	311296              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dd7497aa089340600c8c5af8ab421ff7\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-08-12 14:03 . 2010-08-12 14:03	621056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll
+ 2010-08-12 14:02 . 2010-08-12 14:02	998400              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll
+ 2010-08-12 14:02 . 2010-08-12 14:02	330752              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll
+ 2010-08-12 10:01 . 2010-08-12 10:01	381440              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\4490976887e2e5a3b594041edbdf5064\System.IO.Log.ni.dll
+ 2010-08-12 10:01 . 2010-08-12 10:01	212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\77b9f6f6671aaaeb84c6907d467e792c\System.IdentityModel.Selectors.ni.dll
+ 2010-08-12 14:02 . 2010-08-12 14:02	280064              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.Wrapper.dll
+ 2010-08-12 14:02 . 2010-08-12 14:02	627712              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.ni.dll
+ 2010-08-12 07:04 . 2010-08-12 07:04	208384              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\90199b4aa63b1b9c8ed0c3de16eec824\System.Drawing.Design.ni.dll
+ 2010-08-12 14:02 . 2010-08-12 14:02	881152              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-08-12 14:02 . 2010-08-12 14:02	455680              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7a823a4f61cf8c86aad02559f8fed07b\System.DirectoryServices.Protocols.ni.dll
+ 2010-08-12 14:02 . 2010-08-12 14:02	354816              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll
+ 2010-08-12 14:02 . 2010-08-12 14:02	939008              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll
+ 2010-08-12 14:02 . 2010-08-12 14:02	756736              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\488c4017d45e861644a34fae557aa80f\System.Data.Entity.Design.ni.dll
+ 2010-08-12 14:01 . 2010-08-12 14:01	135680              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\41345e34f26854fc1878eae3e4d5d4a5\System.Data.DataSetExtensions.ni.dll
+ 2010-08-12 10:02 . 2010-08-12 10:02	971264              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll
+ 2010-08-12 14:02 . 2010-08-12 14:02	141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\b48677ab9aa7a6830785f67b8478b4da\System.Configuration.Install.ni.dll
+ 2010-08-12 14:01 . 2010-08-12 14:01	633856              c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\93a0958d5557e2b380647af0171ad354\System.AddIn.ni.dll
+ 2010-08-12 10:02 . 2010-08-12 10:02	366080              c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d0758f84e927e3f0a15a6cde1b96d835\SMSvcHost.ni.exe
+ 2010-08-12 10:02 . 2010-08-12 10:02	256000              c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8043a108e3bb2d3dcc84b547b8085e99\SMDiagnostics.ni.dll
+ 2010-08-12 10:02 . 2010-08-12 10:02	320512              c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5aeb40ff7128df2881fb03c01d070b20\ServiceModelReg.ni.exe
+ 2010-08-12 07:04 . 2010-08-12 07:04	368128              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e7e7321956e6822b1bf3691c35c842f6\PresentationFramework.Aero.ni.dll
+ 2010-08-12 07:04 . 2010-08-12 07:04	258048              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a14488afff027f0f2985e659449097f5\PresentationFramework.Royale.ni.dll
+ 2010-08-12 07:04 . 2010-08-12 07:04	224768              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\787e60c5dd562cb45887080095d2a3b7\PresentationFramework.Classic.ni.dll
+ 2010-08-12 07:04 . 2010-08-12 07:04	539648              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2313ccc125dcb6a9800048ec1c51ec12\PresentationFramework.Luna.ni.dll
+ 2010-08-12 10:02 . 2010-08-12 10:02	133632              c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5db9c32d9f352162e6da220ca463db0d\MSBuild.ni.exe
+ 2010-08-12 10:02 . 2010-08-12 10:02	386560              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fcf975f74bd134d8e0fa8f37c5bc6a8c\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-08-12 10:02 . 2010-08-12 10:02	144384              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d6b9038136600fbfbbbd7460dc19da19\Microsoft.Build.Utilities.ni.dll
+ 2010-08-12 10:02 . 2010-08-12 10:02	175104              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\585cc7218599e7806521d0e737ba5ffb\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-08-12 10:02 . 2010-08-12 10:02	839680              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3057ec53731286e69e389d103c32fa41\Microsoft.Build.Engine.ni.dll
+ 2010-08-12 10:02 . 2010-08-12 10:02	222720              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\914e338ac6e92714f3e32ae5d89bf03b\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-08-12 10:02 . 2010-08-12 10:02	220672              c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\12ae6f3635448471fc9f7d8bfe39c67d\CustomMarshalers.ni.dll
+ 2010-08-12 10:02 . 2010-08-12 10:02	410112              c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\daca3c9ad6d867d3fec70d14b4f20cf3\ComSvcConfig.ni.exe
+ 2010-08-12 10:01 . 2010-08-12 10:01	842240              c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\56aec0938ef1bbdeca65b07a5fe8cd39\AspNetMMCExt.ni.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	839680              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-08-11 23:52 . 2010-08-11 23:52	839680              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-08-11 23:52 . 2010-08-11 23:52	835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-09 23:10 . 2010-06-09 23:10	970752              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	303104              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	303104              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	372736              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	372736              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-06-09 23:10 . 2010-06-09 23:10	438272              c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	626688              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	626688              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	401408              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	401408              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-08-11 23:52 . 2010-08-11 23:52	188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	970752              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-10-18 19:24 . 2009-10-18 19:24	970752              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	745472              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-10-18 19:24 . 2009-10-18 19:24	745472              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-10-18 19:24 . 2009-10-18 19:24	425984              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	425984              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-10-18 19:24 . 2009-10-18 19:24	110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-06-09 23:10 . 2010-06-09 23:10	110592              c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-07-07 15:13 . 2009-07-07 15:13	110592              c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	659456              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	659456              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	749568              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	749568              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	655360              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	655360              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	348160              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	348160              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-08-11 23:52 . 2010-08-11 23:52	507904              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	507904              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	261632              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	261632              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	113664              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	113664              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	258048              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	258048              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	486400              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2009-10-18 19:24 . 2009-10-18 19:24	486400              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-08-11 23:49 . 2010-02-22 14:22	388984              c:\windows\$NtUninstallKB982665$\spuninst\updspapi.dll
+ 2010-08-11 23:49 . 2010-02-22 14:22	234872              c:\windows\$NtUninstallKB982665$\spuninst\spuninst.exe
+ 2010-06-12 16:56 . 2010-02-26 05:41	672768              c:\windows\$NtUninstallKB982381$\wininet.dll
+ 2010-06-12 16:56 . 2010-02-26 05:41	628736              c:\windows\$NtUninstallKB982381$\urlmon.dll
+ 2010-06-12 16:56 . 2009-05-26 11:40	388984              c:\windows\$NtUninstallKB982381$\spuninst\updspapi.dll
+ 2010-06-12 16:56 . 2009-05-26 11:40	234872              c:\windows\$NtUninstallKB982381$\spuninst\spuninst.exe
+ 2010-06-12 16:56 . 2010-02-26 05:41	251904              c:\windows\$NtUninstallKB982381$\iepeers.dll
+ 2010-08-11 23:54 . 2009-12-31 16:50	353792              c:\windows\$NtUninstallKB982214$\srv.sys
+ 2010-08-11 23:54 . 2010-02-22 14:22	388984              c:\windows\$NtUninstallKB982214$\spuninst\updspapi.dll
+ 2010-08-11 23:54 . 2010-02-22 14:22	234872              c:\windows\$NtUninstallKB982214$\spuninst\spuninst.exe
+ 2010-08-11 23:49 . 2009-05-26 11:40	388984              c:\windows\$NtUninstallKB981997$\spuninst\updspapi.dll
+ 2010-08-11 23:49 . 2009-05-26 11:40	234872              c:\windows\$NtUninstallKB981997$\spuninst\spuninst.exe
+ 2010-08-11 23:54 . 2010-02-22 14:22	388984              c:\windows\$NtUninstallKB981852$\spuninst\updspapi.dll
+ 2010-08-11 23:54 . 2010-02-22 14:22	234872              c:\windows\$NtUninstallKB981852$\spuninst\spuninst.exe
+ 2010-06-09 23:13 . 2009-05-26 09:01	388984              c:\windows\$NtUninstallKB981793$\spuninst\updspapi.dll
+ 2010-06-09 23:13 . 2009-05-26 09:01	234872              c:\windows\$NtUninstallKB981793$\spuninst\spuninst.exe
+ 2010-08-11 23:51 . 2009-05-26 11:40	388984              c:\windows\$NtUninstallKB980436$\spuninst\updspapi.dll
+ 2010-08-11 23:51 . 2009-05-26 11:40	234872              c:\windows\$NtUninstallKB980436$\spuninst\spuninst.exe
+ 2010-08-11 23:51 . 2009-06-25 08:25	147456              c:\windows\$NtUninstallKB980436$\schannel.dll
+ 2010-06-09 23:13 . 2009-05-26 11:40	388984              c:\windows\$NtUninstallKB980218$\spuninst\updspapi.dll
+ 2010-06-09 23:13 . 2009-05-26 11:40	234872              c:\windows\$NtUninstallKB980218$\spuninst\spuninst.exe
+ 2010-06-09 23:13 . 2008-04-14 12:00	285696              c:\windows\$NtUninstallKB980218$\atmfd.dll
+ 2010-06-09 23:13 . 2008-07-08 13:00	388984              c:\windows\$NtUninstallKB980195$\spuninst\updspapi.dll
+ 2010-06-09 23:13 . 2008-07-08 13:00	234872              c:\windows\$NtUninstallKB980195$\spuninst\spuninst.exe
+ 2010-06-09 23:13 . 2009-05-26 11:40	388984              c:\windows\$NtUninstallKB979559$\spuninst\updspapi.dll
+ 2010-06-09 23:13 . 2009-05-26 09:01	234872              c:\windows\$NtUninstallKB979559$\spuninst\spuninst.exe
+ 2010-06-09 23:11 . 2009-05-26 11:40	388984              c:\windows\$NtUninstallKB979482$\spuninst\updspapi.dll
+ 2010-06-09 23:11 . 2009-05-26 11:40	234872              c:\windows\$NtUninstallKB979482$\spuninst\spuninst.exe
+ 2010-06-09 23:11 . 2007-07-27 21:11	382840              c:\windows\$NtUninstallKB978695_WM9$\spuninst\updspapi.dll
+ 2010-06-09 23:11 . 2007-07-27 18:46	234872              c:\windows\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe
+ 2010-06-09 23:11 . 2009-05-26 11:40	388984              c:\windows\$NtUninstallKB975562$\spuninst\updspapi.dll
+ 2010-06-09 23:11 . 2008-07-08 13:00	234872              c:\windows\$NtUninstallKB975562$\spuninst\spuninst.exe
+ 2010-07-29 01:00 . 2007-07-27 08:41	382840              c:\windows\$NtUninstallKB969878_WM9L$\spuninst\updspapi.dll
+ 2010-07-29 01:00 . 2007-07-27 06:16	234872              c:\windows\$NtUninstallKB969878_WM9L$\spuninst\spuninst.exe
+ 2010-08-04 00:37 . 2010-02-22 14:22	388984              c:\windows\$NtUninstallKB2286198$\spuninst\updspapi.dll
+ 2010-08-04 00:37 . 2010-02-22 14:22	234872              c:\windows\$NtUninstallKB2286198$\spuninst\spuninst.exe
+ 2010-07-19 22:15 . 2010-02-22 17:52	388984              c:\windows\$NtUninstallKB2229593$\spuninst\updspapi.dll
+ 2010-07-19 22:15 . 2009-05-26 11:40	234872              c:\windows\$NtUninstallKB2229593$\spuninst\spuninst.exe
+ 2010-07-19 22:15 . 2008-04-14 12:00	744448              c:\windows\$NtUninstallKB2229593$\helpsvc.exe
+ 2010-08-11 23:54 . 2010-04-16 16:06	672768              c:\windows\$NtUninstallKB2183461$\wininet.dll
+ 2010-08-11 23:54 . 2010-04-16 16:06	628736              c:\windows\$NtUninstallKB2183461$\urlmon.dll
+ 2010-08-11 23:54 . 2010-02-22 14:22	388984              c:\windows\$NtUninstallKB2183461$\spuninst\updspapi.dll
+ 2010-08-11 23:54 . 2010-02-22 14:22	234872              c:\windows\$NtUninstallKB2183461$\spuninst\spuninst.exe
+ 2010-08-11 23:54 . 2010-04-16 16:06	251904              c:\windows\$NtUninstallKB2183461$\iepeers.dll
+ 2010-08-11 23:51 . 2010-02-22 14:22	388984              c:\windows\$NtUninstallKB2160329$\spuninst\updspapi.dll
+ 2010-08-11 23:51 . 2010-02-22 14:22	234872              c:\windows\$NtUninstallKB2160329$\spuninst\spuninst.exe
+ 2010-08-11 23:54 . 2009-05-26 11:40	388984              c:\windows\$NtUninstallKB2115168$\spuninst\updspapi.dll
+ 2010-08-11 23:54 . 2009-05-26 11:40	234872              c:\windows\$NtUninstallKB2115168$\spuninst\spuninst.exe
+ 2010-08-11 23:54 . 2009-05-26 11:40	388984              c:\windows\$NtUninstallKB2079403$\spuninst\updspapi.dll
+ 2010-08-11 23:54 . 2009-05-26 11:40	234872              c:\windows\$NtUninstallKB2079403$\spuninst\spuninst.exe
+ 2010-08-11 23:49 . 2010-02-22 14:22	388984              c:\windows\$hf_mig$\KB982665\update\updspapi.dll
+ 2010-08-11 23:49 . 2010-02-22 14:22	765304              c:\windows\$hf_mig$\KB982665\update\update.exe
+ 2010-08-11 23:49 . 2010-02-22 14:22	234872              c:\windows\$hf_mig$\KB982665\spuninst.exe
+ 2010-06-12 16:56 . 2009-05-26 11:40	388984              c:\windows\$hf_mig$\KB982381\update\updspapi.dll
+ 2010-06-12 16:56 . 2009-05-26 11:40	765304              c:\windows\$hf_mig$\KB982381\update\update.exe
+ 2010-06-12 16:56 . 2009-05-26 11:40	234872              c:\windows\$hf_mig$\KB982381\spuninst.exe
+ 2010-04-16 16:00 . 2010-04-16 16:00	674304              c:\windows\$hf_mig$\KB982381\SP3QFE\wininet.dll
+ 2010-04-16 16:00 . 2010-04-16 16:00	629760              c:\windows\$hf_mig$\KB982381\SP3QFE\urlmon.dll
+ 2010-04-16 16:00 . 2010-04-16 16:00	251904              c:\windows\$hf_mig$\KB982381\SP3QFE\iepeers.dll
+ 2010-08-11 23:54 . 2010-02-22 14:22	388984              c:\windows\$hf_mig$\KB982214\update\updspapi.dll
+ 2010-08-11 23:54 . 2010-02-22 14:22	765304              c:\windows\$hf_mig$\KB982214\update\update.exe
+ 2010-08-11 23:54 . 2010-02-22 14:22	234872              c:\windows\$hf_mig$\KB982214\spuninst.exe
+ 2010-08-11 18:35 . 2010-06-21 14:18	354304              c:\windows\$hf_mig$\KB982214\SP3QFE\srv.sys
+ 2010-08-11 23:49 . 2009-05-26 11:40	388984              c:\windows\$hf_mig$\KB981997\update\updspapi.dll
+ 2010-08-11 23:49 . 2009-05-26 11:40	765304              c:\windows\$hf_mig$\KB981997\update\update.exe
+ 2010-08-11 23:49 . 2009-05-26 11:40	234872              c:\windows\$hf_mig$\KB981997\spuninst.exe
+ 2010-08-11 23:54 . 2010-02-22 14:22	388984              c:\windows\$hf_mig$\KB981852\update\updspapi.dll
+ 2010-08-11 23:54 . 2010-02-22 14:22	765304              c:\windows\$hf_mig$\KB981852\update\update.exe
+ 2010-08-11 23:54 . 2010-02-22 14:22	234872              c:\windows\$hf_mig$\KB981852\spuninst.exe
+ 2010-08-11 23:51 . 2009-05-26 11:40	388984              c:\windows\$hf_mig$\KB980436\update\updspapi.dll
+ 2010-08-11 23:51 . 2009-05-26 11:40	765304              c:\windows\$hf_mig$\KB980436\update\update.exe
+ 2010-08-11 23:51 . 2009-05-26 11:40	234872              c:\windows\$hf_mig$\KB980436\spuninst.exe
+ 2010-06-30 12:23 . 2010-06-30 12:23	149504              c:\windows\$hf_mig$\KB980436\SP3QFE\schannel.dll
+ 2010-06-09 23:13 . 2009-05-26 11:40	388984              c:\windows\$hf_mig$\KB980218\update\updspapi.dll
+ 2010-06-09 23:13 . 2009-05-26 11:40	765304              c:\windows\$hf_mig$\KB980218\update\update.exe
+ 2010-06-09 23:13 . 2009-05-26 11:40	234872              c:\windows\$hf_mig$\KB980218\spuninst.exe
+ 2010-04-20 05:37 . 2010-04-20 05:37	285824              c:\windows\$hf_mig$\KB980218\SP3QFE\atmfd.dll
+ 2010-06-09 23:13 . 2008-07-08 13:00	388984              c:\windows\$hf_mig$\KB980195\update\updspapi.dll
+ 2010-06-09 23:13 . 2008-07-08 13:00	765304              c:\windows\$hf_mig$\KB980195\update\update.exe
+ 2010-06-09 23:13 . 2008-07-08 13:00	234872              c:\windows\$hf_mig$\KB980195\spuninst.exe
+ 2010-06-09 23:13 . 2009-05-26 11:40	388984              c:\windows\$hf_mig$\KB979559\update\updspapi.dll
+ 2010-06-09 23:13 . 2009-05-26 11:40	765304              c:\windows\$hf_mig$\KB979559\update\update.exe
+ 2010-06-09 23:13 . 2009-05-26 09:01	234872              c:\windows\$hf_mig$\KB979559\spuninst.exe
+ 2010-06-09 23:11 . 2009-05-26 11:40	388984              c:\windows\$hf_mig$\KB979482\update\updspapi.dll
+ 2010-06-09 23:11 . 2009-05-26 11:40	765304              c:\windows\$hf_mig$\KB979482\update\update.exe
+ 2010-06-09 23:11 . 2009-05-26 11:40	234872              c:\windows\$hf_mig$\KB979482\spuninst.exe
+ 2010-06-09 23:11 . 2009-05-26 11:40	388984              c:\windows\$hf_mig$\KB975562\update\updspapi.dll
+ 2010-06-09 23:11 . 2009-05-26 11:40	765304              c:\windows\$hf_mig$\KB975562\update\update.exe
+ 2010-06-09 23:11 . 2008-07-08 13:00	234872              c:\windows\$hf_mig$\KB975562\spuninst.exe
+ 2010-08-04 00:37 . 2010-02-22 14:22	388984              c:\windows\$hf_mig$\KB2286198\update\updspapi.dll
+ 2010-08-04 00:37 . 2010-02-22 14:22	765304              c:\windows\$hf_mig$\KB2286198\update\update.exe
+ 2010-08-04 00:37 . 2010-02-22 14:22	234872              c:\windows\$hf_mig$\KB2286198\spuninst.exe
+ 2010-07-19 22:15 . 2010-02-22 17:52	388984              c:\windows\$hf_mig$\KB2229593\update\updspapi.dll
+ 2010-07-19 22:15 . 2010-02-22 14:21	765304              c:\windows\$hf_mig$\KB2229593\update\update.exe
+ 2010-07-19 22:15 . 2009-05-26 11:40	234872              c:\windows\$hf_mig$\KB2229593\spuninst.exe
+ 2010-07-19 08:09 . 2010-06-14 14:38	744448              c:\windows\$hf_mig$\KB2229593\SP3QFE\helpsvc.exe
+ 2010-08-11 23:54 . 2010-02-22 14:22	388984              c:\windows\$hf_mig$\KB2183461\update\updspapi.dll
+ 2010-08-11 23:54 . 2010-02-22 14:22	765304              c:\windows\$hf_mig$\KB2183461\update\update.exe
+ 2010-08-11 23:54 . 2010-02-22 14:22	234872              c:\windows\$hf_mig$\KB2183461\spuninst.exe
+ 2010-06-24 12:11 . 2010-06-24 12:11	674304              c:\windows\$hf_mig$\KB2183461\SP3QFE\wininet.dll
+ 2010-06-24 12:11 . 2010-06-24 12:11	629760              c:\windows\$hf_mig$\KB2183461\SP3QFE\urlmon.dll
+ 2010-06-24 12:11 . 2010-06-24 12:11	251904              c:\windows\$hf_mig$\KB2183461\SP3QFE\iepeers.dll
+ 2010-08-11 23:51 . 2010-02-22 14:22	388984              c:\windows\$hf_mig$\KB2160329\update\updspapi.dll
+ 2010-08-11 23:51 . 2010-02-22 14:22	765304              c:\windows\$hf_mig$\KB2160329\update\update.exe
+ 2010-08-11 23:51 . 2010-02-22 14:22	234872              c:\windows\$hf_mig$\KB2160329\spuninst.exe
+ 2010-08-11 23:54 . 2009-05-26 11:40	388984              c:\windows\$hf_mig$\KB2115168\update\updspapi.dll
+ 2010-08-11 23:54 . 2009-05-26 11:40	765304              c:\windows\$hf_mig$\KB2115168\update\update.exe
+ 2010-08-11 23:54 . 2009-05-26 11:40	234872              c:\windows\$hf_mig$\KB2115168\spuninst.exe
+ 2010-08-11 23:54 . 2009-05-26 11:40	388984              c:\windows\$hf_mig$\KB2079403\update\updspapi.dll
+ 2010-08-11 23:54 . 2009-05-26 11:40	765304              c:\windows\$hf_mig$\KB2079403\update\update.exe
+ 2010-08-11 23:54 . 2009-05-26 11:40	234872              c:\windows\$hf_mig$\KB2079403\spuninst.exe
+ 2010-08-27 06:58 . 2010-06-28 10:59	1790464              c:\windows\system32\ZoneLabs\vsruledb.dll
+ 2010-08-27 06:58 . 2010-06-28 11:01	2435592              c:\windows\system32\ZoneLabs\vsmon.exe
+ 2010-08-27 06:58 . 2010-06-28 11:00	1536512              c:\windows\system32\ZoneLabs\lib\zpy.zip.dll
+ 2008-04-14 12:00 . 2010-04-08 12:03	2113536              c:\windows\system32\WMVCore.dll
+ 2010-07-28 12:31 . 2003-06-22 23:44	1415680              c:\windows\system32\wmv9vcm.dll
+ 2009-06-24 14:39 . 2009-06-24 14:39	1003520              c:\windows\system32\VSFilter.dll
+ 2009-10-23 08:28 . 2010-04-19 18:47	3062048              c:\windows\system32\usbaaplrc.dll
+ 2008-04-14 12:00 . 2010-07-27 06:29	8503296              c:\windows\system32\shell32.dll
+ 2008-04-14 12:00 . 2010-06-24 12:10	1509888              c:\windows\system32\shdocvw.dll
- 2008-04-14 12:00 . 2010-03-10 04:33	1509888              c:\windows\system32\shdocvw.dll
+ 2010-08-26 16:20 . 2009-08-28 17:42	2065696              c:\windows\system32\ReinstallBackups\0005\DriverFiles\usbaaplrc.dll
- 2008-04-14 12:00 . 2009-11-27 17:11	1297408              c:\windows\system32\quartz.dll
+ 2008-04-14 12:00 . 2010-02-05 18:25	1297408              c:\windows\system32\quartz.dll
+ 2009-07-27 11:44 . 2009-07-27 11:44	2515587              c:\windows\system32\pcifmdio.dll
- 2008-04-14 12:00 . 2010-02-16 19:04	2148864              c:\windows\system32\ntoskrnl.exe
+ 2008-04-14 12:00 . 2010-04-28 05:41	2148864              c:\windows\system32\ntoskrnl.exe
+ 2008-04-14 07:30 . 2010-04-28 05:41	2027008              c:\windows\system32\ntkrnlpa.exe
- 2008-04-14 07:30 . 2010-02-16 19:04	2027008              c:\windows\system32\ntkrnlpa.exe
- 2008-04-14 12:00 . 2009-07-31 04:32	1172480              c:\windows\system32\msxml3.dll
+ 2008-04-14 12:00 . 2010-06-14 07:41	1172480              c:\windows\system32\msxml3.dll
+ 2008-04-14 12:00 . 2010-06-24 12:10	3094016              c:\windows\system32\mshtml.dll
- 2008-04-14 12:00 . 2010-02-26 05:41	3094016              c:\windows\system32\mshtml.dll
+ 2008-12-19 15:15 . 2008-12-19 15:15	4338246              c:\windows\system32\libavcodec.dll
- 2009-07-02 18:37 . 2009-11-13 16:03	1444464              c:\windows\system32\FNTCACHE.DAT
+ 2009-07-02 18:37 . 2010-08-12 07:01	1444464              c:\windows\system32\FNTCACHE.DAT
+ 2010-08-26 16:20 . 2010-04-19 18:47	3062048              c:\windows\system32\DRVSTORE\usbaapl_3822718F9E2E86C3752D30561ECA5A855A4A3F7D\usbaaplrc.dll
+ 2010-08-26 16:20 . 2010-04-19 18:29	1461992              c:\windows\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\wdfcoinstaller01009.dll
+ 2008-04-14 12:00 . 2010-04-08 12:03	2113536              c:\windows\system32\dllcache\WMVCore.dll
+ 2008-04-14 12:00 . 2010-06-24 09:02	1852032              c:\windows\system32\dllcache\win32k.sys
+ 2008-04-14 12:00 . 2010-07-27 06:29	8503296              c:\windows\system32\dllcache\shell32.dll
- 2008-04-14 12:00 . 2010-03-10 04:33	1509888              c:\windows\system32\dllcache\shdocvw.dll
+ 2008-04-14 12:00 . 2010-06-24 12:10	1509888              c:\windows\system32\dllcache\shdocvw.dll
- 2008-04-14 12:00 . 2009-11-27 17:11	1297408              c:\windows\system32\dllcache\quartz.dll
+ 2008-04-14 12:00 . 2010-02-05 18:25	1297408              c:\windows\system32\dllcache\quartz.dll
- 2009-07-04 04:48 . 2010-02-17 12:04	2192256              c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-07-04 04:48 . 2010-04-28 18:11	2192256              c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-07-04 04:48 . 2010-04-28 05:41	2027008              c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-07-04 04:48 . 2010-02-16 19:04	2027008              c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-02-10 17:03 . 2010-02-16 19:04	2069120              c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-02-10 17:03 . 2010-04-28 05:41	2069120              c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-07-04 04:48 . 2010-02-16 19:04	2148864              c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-07-04 04:48 . 2010-04-28 05:41	2148864              c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-04-14 12:00 . 2010-06-14 07:41	1172480              c:\windows\system32\dllcache\msxml3.dll
- 2008-04-14 12:00 . 2009-07-31 04:32	1172480              c:\windows\system32\dllcache\msxml3.dll
- 2008-04-14 12:00 . 2010-02-26 05:41	3094016              c:\windows\system32\dllcache\mshtml.dll
+ 2008-04-14 12:00 . 2010-06-24 12:10	3094016              c:\windows\system32\dllcache\mshtml.dll
- 2009-07-02 17:48 . 2009-10-23 15:28	3558912              c:\windows\system32\dllcache\moviemk.exe
+ 2009-07-02 17:48 . 2010-06-18 13:36	3558912              c:\windows\system32\dllcache\moviemk.exe
+ 2008-04-14 12:00 . 2010-06-24 12:10	1025024              c:\windows\system32\dllcache\browseui.dll
- 2008-04-14 12:00 . 2010-03-10 04:33	1025024              c:\windows\system32\dllcache\browseui.dll
+ 2009-11-06 23:06 . 2009-11-06 23:06	1130824              c:\windows\system32\dfshim.dll
+ 2008-04-14 12:00 . 2010-06-24 12:10	1025024              c:\windows\system32\browseui.dll
- 2008-04-14 12:00 . 2010-03-10 04:33	1025024              c:\windows\system32\browseui.dll
+ 2010-07-28 12:21 . 2002-12-20 11:06	3366912              c:\windows\RegisteredPackages\{60BFF50D-FB2C-4498-A577-C9548C390BB9}\moviemk.exe
+ 2010-04-07 21:48 . 2010-04-07 21:48	5967872              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
- 2008-11-25 02:59 . 2008-11-25 02:59	5242880              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 03:32 . 2010-03-23 03:32	5242880              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 03:32 . 2010-03-23 03:32	3182592              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2009-08-07 21:51 . 2009-08-07 21:51	5812560              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 04:40 . 2010-05-11 04:40	5812560              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 04:40 . 2010-05-11 04:40	4550656              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2009-11-08 22:25 . 2009-11-08 22:25	1935360              c:\windows\Installer\32bb073.msp
+ 2010-08-26 16:33 . 2010-08-26 16:33	5731328              c:\windows\Installer\21145d7.msi
+ 2010-08-26 16:25 . 2010-08-26 16:25	9472000              c:\windows\Installer\2113e3c.msi
+ 2010-08-26 16:20 . 2010-08-26 16:20	3089408              c:\windows\Installer\21136dd.msi
+ 2010-08-26 16:19 . 2010-08-26 16:19	1984000              c:\windows\Installer\21136a0.msi
+ 2010-04-11 20:17 . 2010-04-11 20:17	2607104              c:\windows\Installer\184e332.msp
+ 2010-04-11 20:17 . 2010-04-11 20:17	4210688              c:\windows\Installer\184e331.msp
+ 2010-07-28 12:21 . 2010-07-28 12:21	5914112              c:\windows\Installer\147bd12.msi
+ 2010-06-09 22:05 . 2010-06-09 22:05	1385472              c:\windows\Installer\146d4d9.msi
- 2009-07-04 04:48 . 2010-02-17 12:04	2192256              c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-07-04 04:48 . 2010-04-28 18:11	2192256              c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2009-07-04 04:48 . 2010-02-16 19:04	2027008              c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-07-04 04:48 . 2010-04-28 05:41	2027008              c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-10 17:03 . 2010-04-28 05:41	2069120              c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-02-10 17:03 . 2010-02-16 19:04	2069120              c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-07-04 04:48 . 2010-02-16 19:04	2148864              c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-07-04 04:48 . 2010-04-28 05:41	2148864              c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-08-11 23:54 . 2010-08-11 23:54	3325440              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cec7ecb8eac09dd630d180ce87d23b80\WindowsBase.ni.dll
+ 2010-08-12 07:05 . 2010-08-12 07:05	1049600              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\b7f6e7b265f9aae807ddc4284563e550\UIAutomationClientsideProviders.ni.dll
+ 2010-08-11 23:54 . 2010-08-11 23:54	7949824              c:\windows\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
+ 2010-08-12 07:05 . 2010-08-12 07:05	5450752              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
+ 2010-08-12 14:04 . 2010-08-12 14:04	1356288              c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\60b3c9a63b2065a6952d16256545c25d\System.WorkflowServices.ni.dll
+ 2010-08-12 14:04 . 2010-08-12 14:04	1908224              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5cc2a23ce8ac371c7a97b5e542ee27ed\System.Workflow.Runtime.ni.dll
+ 2010-08-12 14:04 . 2010-08-12 14:04	4514304              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c0aabf67e7ef98dc10c3e174c136731b\System.Workflow.ComponentModel.ni.dll
+ 2010-08-12 14:04 . 2010-08-12 14:04	2992640              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\66682c8a064608ba4ffd0463cf09aef9\System.Workflow.Activities.ni.dll
+ 2010-08-12 14:03 . 2010-08-12 14:03	1840640              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2d662564b8d9c57a34c588cc2970902b\System.Web.Services.ni.dll
+ 2010-08-12 14:03 . 2010-08-12 14:03	2209280              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\9b455702c9b7b02c5708406f87986751\System.Web.Mobile.ni.dll
+ 2010-08-12 14:03 . 2010-08-12 14:03	2403328              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\49c7a1c78ed9502ba97c11e6bd993f63\System.Web.Extensions.ni.dll
+ 2010-08-12 07:04 . 2010-08-12 07:04	1917952              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5eb08849d17b272ed2a393420cb0305b\System.Speech.ni.dll
+ 2010-08-12 14:03 . 2010-08-12 14:03	1706496              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\f5790a1b7b41e7b8d05f01b549c80f39\System.ServiceModel.Web.ni.dll
+ 2010-08-12 10:01 . 2010-08-12 10:01	2345472              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8061a0f5c1c2ee0549e19224352f67fa\System.Runtime.Serialization.ni.dll
+ 2010-08-12 07:04 . 2010-08-12 07:04	1035776              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\99767d4df92b83fdfb06012512722ec1\System.Printing.ni.dll
+ 2010-08-12 10:01 . 2010-08-12 10:01	1070080              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\0885f31c21b796465fde6297dba20981\System.IdentityModel.ni.dll
+ 2010-08-12 07:04 . 2010-08-12 07:04	1587200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll
+ 2010-08-12 14:02 . 2010-08-12 14:02	1116672              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d20b7e58607ddb1ded9b687627ae8c21\System.DirectoryServices.ni.dll
+ 2010-08-12 14:02 . 2010-08-12 14:02	1801216              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\daa33674d4250e38a24b70180d209ac8\System.Deployment.ni.dll
+ 2010-08-12 07:04 . 2010-08-12 07:04	6616576              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f04ef00e652a8655a717639e8aeb7b63\System.Data.ni.dll
+ 2010-08-12 10:02 . 2010-08-12 10:02	2510336              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f0470c2be4e6bb1dadbeed43e4e8af5c\System.Data.SqlXml.ni.dll
+ 2010-08-12 14:02 . 2010-08-12 14:02	1328128              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\23cf0498f2ebe4c8ffa5cc79efca2dc5\System.Data.Services.ni.dll
+ 2010-08-12 07:04 . 2010-08-12 07:04	2516480              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c18c236a09e715138daec2e25be205bb\System.Data.Linq.ni.dll
+ 2010-08-12 14:02 . 2010-08-12 14:02	9924096              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6ce886492d9b6a34555be3f328682ec2\System.Data.Entity.ni.dll
+ 2010-08-12 07:04 . 2010-08-12 07:04	2295296              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\faeda674832135a080bc73eda51813ff\System.Core.ni.dll
+ 2010-08-12 07:04 . 2010-08-12 07:04	2128896              c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\3e85c3d63ce3c3f37061aa626feb2a52\ReachFramework.ni.dll
+ 2010-08-12 07:04 . 2010-08-12 07:04	1657856              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\bf67db30179ff6e8cb1bdbaa290d122e\PresentationUI.ni.dll
+ 2010-08-11 23:54 . 2010-08-11 23:54	1451008              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\835786d8a0caabae09ad440f6e3abfc6\PresentationBuildTasks.ni.dll
+ 2010-08-12 14:01 . 2010-08-12 14:01	1712128              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\9732a7c993055f82040642966db07ccf\Microsoft.VisualBasic.ni.dll
+ 2010-08-12 10:02 . 2010-08-12 10:02	1093120              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\773d7bf69a9a0c0556aa41f53e75ab05\Microsoft.Transactions.Bridge.ni.dll
+ 2010-08-12 14:03 . 2010-08-12 14:03	2332160              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07efdb9da2a18e27585c604be\Microsoft.JScript.ni.dll
+ 2010-08-12 10:02 . 2010-08-12 10:02	1620992              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d0fb91b296616a1a844bf265947018ee\Microsoft.Build.Tasks.ni.dll
+ 2010-08-12 10:02 . 2010-08-12 10:02	1966080              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\892e993c8df1c75081113131dc429c15\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-08-12 10:02 . 2010-08-12 10:02	1888768              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d0beebd2c9045158cdcd4bd5987b717b\Microsoft.Build.Engine.ni.dll
+ 2010-06-24 21:22 . 2010-06-24 21:22	1249280              c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	3182592              c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	2048000              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-10-18 19:24 . 2009-10-18 19:24	2048000              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	5025792              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-08-11 23:52 . 2010-08-11 23:52	5025792              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-06-09 23:10 . 2010-06-09 23:10	5967872              c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	5062656              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-08-11 23:52 . 2010-08-11 23:52	5062656              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-24 21:22 . 2010-06-24 21:22	5279744              c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2009-10-18 19:23 . 2009-10-18 19:23	5242880              c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-08-11 23:52 . 2010-08-11 23:52	5242880              c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	2933248              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-10-18 19:24 . 2009-10-18 19:24	2933248              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-06-24 21:22 . 2010-06-24 21:22	4210688              c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2009-07-07 15:13 . 2009-07-07 15:13	4210688              c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-08-11 23:53 . 2010-08-11 23:53	4550656              c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-06-12 16:56 . 2010-03-10 04:33	1509888              c:\windows\$NtUninstallKB982381$\shdocvw.dll
+ 2010-06-12 16:56 . 2010-02-26 05:41	3094016              c:\windows\$NtUninstallKB982381$\mshtml.dll
+ 2010-06-12 16:56 . 2010-03-10 04:33	1025024              c:\windows\$NtUninstallKB982381$\browseui.dll
+ 2010-08-11 23:49 . 2009-10-23 15:28	3558912              c:\windows\$NtUninstallKB981997$\moviemk.exe
+ 2010-08-11 23:54 . 2010-02-16 19:04	2148864              c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
+ 2010-08-11 23:54 . 2010-02-16 19:04	2027008              c:\windows\$NtUninstallKB981852$\ntkrpamp.exe
+ 2010-08-11 23:54 . 2010-02-16 19:04	2027008              c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
+ 2010-08-11 23:54 . 2010-02-16 19:04	2148864              c:\windows\$NtUninstallKB981852$\ntkrnlmp.exe
+ 2010-06-09 23:13 . 2009-08-14 15:10	1850752              c:\windows\$NtUninstallKB979559$\win32k.sys
+ 2010-06-09 23:11 . 2009-05-26 14:53	2174976              c:\windows\$NtUninstallKB978695_WM9$\wmvcore.dll
+ 2010-06-09 23:11 . 2009-11-27 17:11	1297408              c:\windows\$NtUninstallKB975562$\quartz.dll
+ 2010-08-04 00:37 . 2008-06-17 19:00	8502272              c:\windows\$NtUninstallKB2286198$\shell32.dll
+ 2010-08-11 23:54 . 2010-04-16 16:06	1509888              c:\windows\$NtUninstallKB2183461$\shdocvw.dll
+ 2010-08-11 23:54 . 2010-04-16 16:06	3094016              c:\windows\$NtUninstallKB2183461$\mshtml.dll
+ 2010-08-11 23:54 . 2010-04-16 16:06	1025024              c:\windows\$NtUninstallKB2183461$\browseui.dll
+ 2010-08-11 23:51 . 2010-05-02 08:05	1851392              c:\windows\$NtUninstallKB2160329$\win32k.sys
+ 2010-08-11 23:54 . 2009-07-31 04:32	1172480              c:\windows\$NtUninstallKB2079403$\msxml3.dll
+ 2010-04-16 16:00 . 2010-04-16 16:00	1509888              c:\windows\$hf_mig$\KB982381\SP3QFE\shdocvw.dll
+ 2010-04-16 16:00 . 2010-04-16 16:00	3094528              c:\windows\$hf_mig$\KB982381\SP3QFE\mshtml.dll
+ 2010-04-16 15:59 . 2010-04-16 15:59	1025024              c:\windows\$hf_mig$\KB982381\SP3QFE\browseui.dll
+ 2010-08-11 18:35 . 2010-06-18 13:43	3558912              c:\windows\$hf_mig$\KB981997\SP3QFE\moviemk.exe
+ 2010-08-11 18:35 . 2010-04-28 05:15	2192384              c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
+ 2010-08-11 18:35 . 2010-04-28 05:15	2027008              c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrpamp.exe
+ 2010-04-28 21:15 . 2010-04-28 21:15	2069248              c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
+ 2010-08-11 18:35 . 2010-04-28 05:15	2148864              c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlmp.exe
+ 2010-05-02 08:00 . 2010-05-02 08:00	1860480              c:\windows\$hf_mig$\KB979559\SP3QFE\win32k.sys
+ 2010-02-05 18:28 . 2010-02-05 18:28	1297408              c:\windows\$hf_mig$\KB975562\SP3QFE\quartz.dll
+ 2010-07-27 06:27 . 2010-07-27 06:27	8504320              c:\windows\$hf_mig$\KB2286198\SP3QFE\shell32.dll
+ 2010-06-24 12:11 . 2010-06-24 12:11	1509888              c:\windows\$hf_mig$\KB2183461\SP3QFE\shdocvw.dll
+ 2010-06-24 12:11 . 2010-06-24 12:11	3094528              c:\windows\$hf_mig$\KB2183461\SP3QFE\mshtml.dll
+ 2010-06-24 12:11 . 2010-06-24 12:11	1025024              c:\windows\$hf_mig$\KB2183461\SP3QFE\browseui.dll
+ 2010-06-24 21:29 . 2010-06-24 21:29	1861248              c:\windows\$hf_mig$\KB2160329\SP3QFE\win32k.sys
+ 2010-06-14 07:39 . 2010-06-14 07:39	1172480              c:\windows\$hf_mig$\KB2079403\SP3QFE\msxml3.dll
+ 2009-07-16 07:49 . 2010-08-03 18:09	35962312              c:\windows\system32\MRT.exe
+ 2010-05-19 11:08 . 2010-05-19 11:08	11408896              c:\windows\Installer\373c7d5.msp
+ 2010-03-30 23:23 . 2010-03-30 23:23	15638528              c:\windows\Installer\32bb07f.msp
+ 2010-04-11 20:17 . 2010-04-11 20:17	14599680              c:\windows\Installer\184e340.msp
+ 2010-08-12 07:05 . 2010-08-12 07:05	12430848              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll
+ 2010-08-12 14:03 . 2010-08-12 14:03	11798016              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\411a627d6f5cb83509332253406988e5\System.Web.ni.dll
+ 2010-08-12 10:01 . 2010-08-12 10:01	17403904              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\f523a69e7c93ee4f245c996eac4b3a57\System.ServiceModel.ni.dll
+ 2010-08-12 07:04 . 2010-08-12 07:04	10683392              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\b307acf63075b997d02a97a7492d0d9c\System.Design.ni.dll
+ 2010-08-12 07:03 . 2010-08-12 07:04	14328320              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a632f3ef85ffd35341b383eed577cb93\PresentationFramework.ni.dll
+ 2010-08-12 07:03 . 2010-08-12 07:03	12215808              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f00db8db51f5707c7fe52c0683dc6136\PresentationCore.ni.dll
+ 2010-08-11 23:54 . 2010-08-11 23:54	11490816              c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
.
-- Snapshot auf jetziges Datum zur¸ckgesetzt --
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintr‰ge & legitime Standardeintr‰ge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\programme\ZoneAlarm-Sicherheit\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
2010-05-09 09:50	2517088	----a-w-	c:\programme\ZoneAlarm-Sicherheit\tbZone.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\programme\ZoneAlarm-Sicherheit\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}"= "c:\programme\ZoneAlarm-Sicherheit\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\programme\DAEMON Tools Pro\DTProAgent.exe" [2009-04-09 228808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-01 5562368]
"nwiz"="nwiz.exe" [2005-04-01 1495040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-04-01 86016]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-08-21 114688]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"M-Audio Taskbar Icon"="c:\windows\system32\DeltaIITray.exe" [2009-07-27 236040]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"ZoneAlarm Client"="c:\programme\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-28 1043968]
"ISW"="c:\programme\CheckPoint\ZAForceField\ForceField.exe" [2010-06-15 738808]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\All Users\StartmenÅ\Programme\Autostart\
RAID Manager.lnk - c:\programme\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe [2009-7-3 724992]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Programme\\SoulseekNS\\slsk.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [03.07.2009 14:40 26112]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [21.08.2009 14:32 64288]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\programme\CheckPoint\ZAForceField\ISWKL.sys [15.06.2010 17:49 26872]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\programme\CheckPoint\ZAForceField\ISWSVC.exe [15.06.2010 17:49 493048]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programme\McAfee\SiteAdvisor\McSACore.exe [03.07.2009 11:39 88176]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [12.05.2005 14:39 1287296]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\MAudioDelta.sys [10.06.2010 00:05 302472]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [31.01.2010 20:04 27632]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programme\Lavasoft\Ad-Aware\AAWService.exe [04.02.2010 17:52 1352832]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.07.2009 18:23 721904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
.
Inhalt des "geplante Tasks" Ordners

2010-09-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 17:03]
.
.
------- Zus‰tzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\dokumente und einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\bhh2cfbb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
FF - component: c:\programme\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\dokumente und einstellungen\XXXX\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
.
- - - - Entfernte verwaiste Registrierungseintr‰ge - - - -

HKLM-Run-EPSON Stylus D68 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
HKLM-Run-EPSON Stylus D68 Series (Kopie 1) - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
HKLM-Run-EPSON Stylus D68 Series_5000 - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-16 13:41
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteintr‰ge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x89B0BEC5]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf766bf28
\Driver\ACPI -> ACPI.sys @ 0xf75adcb8
\Driver\atapi -> atapi.sys @ 0xf74c5852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
 ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
 ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
NDIS: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xf796fbb0
 PacketIndicateHandler -> NDIS.sys @ 0xf797ca21
 SendHandler -> NDIS.sys @ 0xf795a87b
user & kernel MBR OK 

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(732)
c:\programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Zeit der Fertigstellung: 2010-09-16  13:45:15
ComboFix-quarantined-files.txt  2010-09-16 11:45
ComboFix2.txt  2010-06-07 23:35

Vor Suchlauf: 12 Verzeichnis(se), 20.003.188.736 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 20.974.186.496 Bytes frei

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - F4EEB3D5A5ADA107D2E9CF1294F69139
         
--- --- ---

Das wars. Jetzt bin ich mal gespannt....

Alt 16.09.2010, 13:30   #7
mega.neon
 
"Generic Host Process" Problem auf Win XP SP3 - Standard

"Generic Host Process" Problem auf Win XP SP3



OK, zu guter letzt dann doch noch der OTL Log:

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UserFaultCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to Mp3 Converter\ deleted successfully.
File C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c7c99bc-9a44-11df-90ec-0013d4d25c43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c7c99bc-9a44-11df-90ec-0013d4d25c43}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c7c99bc-9a44-11df-90ec-0013d4d25c43}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c7c99bc-9a44-11df-90ec-0013d4d25c43}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c7c99bc-9a44-11df-90ec-0013d4d25c43}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c7c99bc-9a44-11df-90ec-0013d4d25c43}\ not found.
File F:\WD SmartWare.exe not found.
========== REGISTRY ==========

OTL by OldTimer - Version 3.2.12.1 log created on 09162010_125112

Alt 16.09.2010, 13:54   #8
Chris4You
 
"Generic Host Process" Problem auf Win XP SP3 - Standard

"Generic Host Process" Problem auf Win XP SP3



Hi,

hast Du ein Betriebssystem-CD?
Das bekommen wir sonst nicht weg:
Zitat:
c:\windows\system32\DRIVERS\pci.sys . . . ist infiziert!! . . . Failed to find a valid replacement.
Lass uns nachsehen was es ist:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
ATTFilter
c:\windows\system32\DRIVERS\pci.sys
         
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Versuche was zu finden:
Lade SystemLook von einem der folgenden Links und speichere das Tool auf dem Desktop.
http://jpshortstuff.247fixes.com/SystemLook.exe - http://images.malwareremoval.com/jps...SystemLook.exe
  • Doppelklick auf die SystemLook.exe, um das Tool zu starten.
  • Vista-User mit Rechtsklick und als Administrator starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:
ATTFilter
:filefind
pci.sys
         
  • Klicke nun auf den Button Look, um den Scan zu starten.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Deine Firewall ist ausgeschaltet worden:
Zitat:
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
(machen wir nacher)..

Das GMER-Log gefällt mir ebenfalls nicht...

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bek&#228;mpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Nach dem Start erscheint ein Fenster, dort dann "Start Scan".
Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten...


chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Geändert von Chris4You (16.09.2010 um 14:03 Uhr)

Alt 16.09.2010, 14:06   #9
mega.neon
 
"Generic Host Process" Problem auf Win XP SP3 - Standard

"Generic Host Process" Problem auf Win XP SP3



OK, das sagt Virustotal über pci.sys:

AhnLab-V3 2010.09.16.01 2010.09.16 -
AntiVir 8.2.4.52 2010.09.16 -
Antiy-AVL 2.0.3.7 2010.09.16 -
Authentium 5.2.0.5 2010.09.16 -
Avast 4.8.1351.0 2010.09.16 -
Avast5 5.0.594.0 2010.09.16 -
AVG 9.0.0.851 2010.09.16 -
BitDefender 7.2 2010.09.16 -
CAT-QuickHeal 11.00 2010.09.16 -
ClamAV 0.96.2.0-git 2010.09.16 -
Comodo 6097 2010.09.16 -
DrWeb 5.0.2.03300 2010.09.16 -
eSafe 7.0.17.0 2010.09.15 -
eTrust-Vet 36.1.7859 2010.09.16 -
F-Prot 4.6.1.107 2010.09.16 -
F-Secure 9.0.15370.0 2010.09.16 -
Fortinet 4.1.143.0 2010.09.16 -
GData 21 2010.09.16 -
Ikarus T3.1.1.88.0 2010.09.16 -
Jiangmin 13.0.900 2010.09.16 -
K7AntiVirus 9.63.2522 2010.09.15 -
Kaspersky 7.0.0.125 2010.09.16 -
McAfee 5.400.0.1158 2010.09.16 -
McAfee-GW-Edition 2010.1C 2010.09.16 -
Microsoft 1.6103 2010.09.16 -
NOD32 5455 2010.09.16 -
Norman 6.06.06 2010.09.15 -
nProtect 2010-09-16.02 2010.09.16 -
Panda 10.0.2.7 2010.09.16 -
PCTools 7.0.3.5 2010.09.16 -
Prevx 3.0 2010.09.16 -
Rising 22.65.03.04 2010.09.16 -
Sophos 4.57.0 2010.09.16 -
Sunbelt 6882 2010.09.16 -
SUPERAntiSpyware 4.40.0.1006 2010.09.16 -
Symantec 20101.1.1.7 2010.09.16 -
TheHacker 6.7.0.0.020 2010.09.16 -
TrendMicro 9.120.0.1004 2010.09.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.16 -
VBA32 3.12.14.0 2010.09.16 -
ViRobot 2010.8.25.4006 2010.09.16 -
VirusBuster 12.65.8.0 2010.09.15 -



MD5 : 9e772adea078fa83a4c99bf76e375c13
SHA1 : 4a6eaea14a982aabccf645e64117927365a2156e
SHA256: ca47dd0f496e31f908c239de52dff6c6376c25bf0a201a7cbccedba3ffa9ae22



Der System Look. txt liest sich dann wie folgt:

SystemLook 04.09.10 by jpshortstuff
Log created at 15:02 on 16/09/2010 by Peter
Administrator - Elevation successful

Invalid Context: filefilnd

No Context: pci.sys

-= EOF =-



Glück im Unglück, ich habe tatsächlich ein original Windows samt CD

Danke erstmal!

Alt 16.09.2010, 14:16   #10
mega.neon
 
"Generic Host Process" Problem auf Win XP SP3 - Standard

"Generic Host Process" Problem auf Win XP SP3



TDSSKiller scheint einen Volltreffer gehabt zu haben:

2010/09/16 15:10:16.0578 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/16 15:10:16.0578 ================================================================================
2010/09/16 15:10:16.0578 SystemInfo:
2010/09/16 15:10:16.0578
2010/09/16 15:10:16.0578 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/16 15:10:16.0578 Product type: Workstation
2010/09/16 15:10:16.0578 ComputerName: XXXX-C204A68EE
2010/09/16 15:10:16.0578 UserName: XXXX
2010/09/16 15:10:16.0578 Windows directory: C:\WINDOWS
2010/09/16 15:10:16.0578 System windows directory: C:\WINDOWS
2010/09/16 15:10:16.0578 Processor architecture: Intel x86
2010/09/16 15:10:16.0578 Number of processors: 2
2010/09/16 15:10:16.0578 Page size: 0x1000
2010/09/16 15:10:16.0578 Boot type: Normal boot
2010/09/16 15:10:16.0578 ================================================================================
2010/09/16 15:10:16.0812 Initialize success
2010/09/16 15:10:20.0031 ================================================================================
2010/09/16 15:10:20.0031 Scan started
2010/09/16 15:10:20.0031 Mode: Manual;
2010/09/16 15:10:20.0031 ================================================================================
2010/09/16 15:10:21.0156 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/16 15:10:21.0203 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/09/16 15:10:21.0281 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/16 15:10:21.0312 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/16 15:10:21.0515 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/09/16 15:10:21.0796 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/16 15:10:21.0968 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/16 15:10:22.0046 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/16 15:10:22.0093 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/16 15:10:22.0156 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/16 15:10:22.0312 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/16 15:10:22.0359 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/09/16 15:10:22.0406 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/16 15:10:22.0437 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/16 15:10:22.0484 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/16 15:10:22.0640 cmudax (d7fcada6833a0e243ca89c03bd559bd9) C:\WINDOWS\system32\drivers\cmudax.sys
2010/09/16 15:10:22.0843 DELTAII (c5b7ac8d8a9237a2510a1092d19a5fa9) C:\WINDOWS\system32\DRIVERS\MAudioDelta.sys
2010/09/16 15:10:22.0890 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/16 15:10:22.0953 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/16 15:10:23.0046 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/16 15:10:23.0078 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/16 15:10:23.0140 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/16 15:10:23.0234 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/16 15:10:23.0296 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/16 15:10:23.0343 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/09/16 15:10:23.0359 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/16 15:10:23.0390 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/09/16 15:10:23.0453 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/09/16 15:10:23.0484 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/16 15:10:23.0515 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/16 15:10:23.0593 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/09/16 15:10:23.0640 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/09/16 15:10:23.0671 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/16 15:10:23.0734 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/09/16 15:10:23.0781 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/16 15:10:23.0875 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/16 15:10:23.0984 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/16 15:10:24.0015 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/16 15:10:24.0093 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/09/16 15:10:24.0125 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/16 15:10:24.0171 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/09/16 15:10:24.0203 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/16 15:10:24.0234 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/16 15:10:24.0281 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/16 15:10:24.0312 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/16 15:10:24.0359 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/16 15:10:24.0390 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/16 15:10:24.0515 ISWKL (7d546f37693797507bf3d9b318564774) C:\Programme\CheckPoint\ZAForceField\ISWKL.sys
2010/09/16 15:10:24.0562 iteraid (979836fc6dc05218b4e93e5ccea5654b) C:\WINDOWS\system32\DRIVERS\iteraid.sys
2010/09/16 15:10:24.0609 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/16 15:10:24.0671 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/16 15:10:24.0718 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/16 15:10:24.0781 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/09/16 15:10:24.0906 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/16 15:10:24.0953 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/16 15:10:24.0984 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/16 15:10:25.0046 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/16 15:10:25.0062 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/16 15:10:25.0125 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/16 15:10:25.0171 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/16 15:10:25.0218 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/16 15:10:25.0265 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/16 15:10:25.0296 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/16 15:10:25.0328 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/16 15:10:25.0375 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/16 15:10:25.0421 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/09/16 15:10:25.0468 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2010/09/16 15:10:25.0500 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/16 15:10:25.0531 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/09/16 15:10:25.0593 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/16 15:10:25.0625 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/09/16 15:10:25.0640 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/16 15:10:25.0718 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/16 15:10:25.0734 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/16 15:10:25.0765 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/16 15:10:25.0796 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/16 15:10:25.0828 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/16 15:10:25.0906 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/09/16 15:10:25.0953 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/16 15:10:26.0015 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/16 15:10:26.0062 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/16 15:10:26.0218 nv (f7ee020dc255b40a83899c53d4147746) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/09/16 15:10:26.0328 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/16 15:10:26.0359 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/16 15:10:26.0390 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/09/16 15:10:26.0437 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/09/16 15:10:26.0468 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/16 15:10:26.0515 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/16 15:10:26.0531 PCI (fee8866ae76ee58a51b92ac7daeebc3c) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/16 15:10:26.0531 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pci.sys. Real md5: fee8866ae76ee58a51b92ac7daeebc3c, Fake md5: 9e772adea078fa83a4c99bf76e375c13
2010/09/16 15:10:26.0546 PCI - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/09/16 15:10:26.0609 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\drivers\PCIIde.sys
2010/09/16 15:10:26.0640 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/09/16 15:10:26.0875 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/16 15:10:26.0906 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/16 15:10:26.0937 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/16 15:10:27.0093 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/16 15:10:27.0125 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/16 15:10:27.0171 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/16 15:10:27.0187 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/16 15:10:27.0234 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/16 15:10:27.0265 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/16 15:10:27.0343 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/16 15:10:27.0390 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/16 15:10:27.0500 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/16 15:10:27.0531 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
2010/09/16 15:10:27.0562 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/09/16 15:10:27.0593 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/09/16 15:10:27.0671 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/16 15:10:27.0765 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/09/16 15:10:28.0109 SNPSTD3 (11bb0e11d42cc3a43d741d9b30839be1) C:\WINDOWS\system32\DRIVERS\snpstd3.sys
2010/09/16 15:10:28.0531 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/16 15:10:28.0593 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
2010/09/16 15:10:28.0671 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/16 15:10:28.0750 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/16 15:10:28.0812 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/09/16 15:10:28.0859 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/16 15:10:28.0890 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/16 15:10:29.0031 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/16 15:10:29.0093 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/16 15:10:29.0156 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/16 15:10:29.0187 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/16 15:10:29.0234 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/16 15:10:29.0343 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/16 15:10:29.0437 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/16 15:10:29.0500 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/09/16 15:10:29.0546 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/09/16 15:10:29.0578 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/16 15:10:29.0609 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/16 15:10:29.0671 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/16 15:10:29.0703 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/16 15:10:29.0750 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/16 15:10:29.0812 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/16 15:10:29.0843 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/09/16 15:10:29.0859 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/16 15:10:29.0937 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/16 15:10:30.0000 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/16 15:10:30.0093 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/16 15:10:30.0250 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/09/16 15:10:30.0328 yukonwxp (7578410b1512fad9c485b134561e8b78) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2010/09/16 15:10:30.0406 ================================================================================
2010/09/16 15:10:30.0406 Scan finished
2010/09/16 15:10:30.0406 ================================================================================
2010/09/16 15:10:30.0421 Detected object count: 1
2010/09/16 15:11:09.0468 PCI (fee8866ae76ee58a51b92ac7daeebc3c) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/16 15:11:09.0468 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pci.sys. Real md5: fee8866ae76ee58a51b92ac7daeebc3c, Fake md5: 9e772adea078fa83a4c99bf76e375c13
2010/09/16 15:11:11.0734 Backup copy found, using it..
2010/09/16 15:11:11.0734 C:\WINDOWS\system32\DRIVERS\pci.sys - will be cured after reboot
2010/09/16 15:11:11.0734 Rootkit.Win32.TDSS.tdl3(PCI) - User select action: Cure
2010/09/16 15:11:21.0125 Deinitialize success

Alt 16.09.2010, 14:18   #11
Chris4You
 
"Generic Host Process" Problem auf Win XP SP3 - Standard

"Generic Host Process" Problem auf Win XP SP3



Hi,

Du hast abgetippt, gell?

Invalid Context: filefilnd

Da muss ein : davor und filefind -> :filefind...

Entweder wir haben einen Fehlalarm von CF vor uns, oder was gaaaanz Neues...
(Ich versuche das mal zu prüfen)..

Einstweilen:
XP:
sfc /scannow
1.) Start->ausführen cmd eingeben
2.) sfc /scannow eingeben
3.) XP-CD bereithalten, falls fehlerhafte Dateien gefunden werden
(bei OEM-Rechnern befindet sich i. a. ein entsprechendes Verzeichnis bereits auf der Festplatte)
4.) warten...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 16.09.2010, 14:34   #12
mega.neon
 
"Generic Host Process" Problem auf Win XP SP3 - Standard

"Generic Host Process" Problem auf Win XP SP3



haha, erwischt

ich sitze hier mit dem macbook vor dem PC, der kommt mir im Moment nur noch für Virustotal ans Netz, den Rest transferiere ich mit Memorysticks hin und her; da hab ichs schnell abgetippt!

SO hätte es wohl richtig aussehen sollen?

SystemLook 04.09.10 by jpshortstuff
Log created at 15:29 on 16/09/2010 by Peter
Administrator - Elevation successful

========== filefind ==========

Searching for "pci.sys"
C:\WINDOWS\system32\drivers\pci.sys --a---- 68224 bytes [12:00 14/04/2008] [13:12 16/09/2010] 387E8DEDC343AA2D1EFBC30580273ACD

-= EOF =-


----------------

sfc / scannow mache ich jetzt. Gibt es da dann auch ein Logfile, was ich posten soll?

Alt 16.09.2010, 14:37   #13
Chris4You
 
"Generic Host Process" Problem auf Win XP SP3 - Standard

"Generic Host Process" Problem auf Win XP SP3



Hi,

ja, die Saubacken vom TDSS wiedermal...
Es gibt tatsächlich kein Backup, lass den Killer mal weiterlaufen (Neu booten).
Er wird versuchen die verseuchte Datei zu desinfizieren bzw. zu ersetzen...
Lass mal das mit scannow, selbst wenn es funktioniert, wird die neue gleich wieder infiziert (der Rootkit läuft ja schon)...

Ich frage mich nur, wo der Killer ein saubere Backup hernehmen will...
Lege auf c: ein Unterverzeichnis I386 an und kopiere dann per Konsole (Start->ausführen cmd) die pci.sy_ in das eben angelegte Verzeichnis:
copy CD-ROM-Laufwerksbuchstaben:\I386\pci.sy_ C:\I386, dann können wir sie noch auspacken
expand CD-ROM-Laufwerksbuchstaben:\I386\pci.sy_ C:\I386\pci.sys.
Sonst machen wir das über die Rettungskonsole, wenn was schief läuft...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Geändert von Chris4You (16.09.2010 um 14:55 Uhr)

Alt 16.09.2010, 14:47   #14
mega.neon
 
"Generic Host Process" Problem auf Win XP SP3 - Standard

"Generic Host Process" Problem auf Win XP SP3



Scheint so, als ob wir jetzt in die Gefilde vordringen, von denen ich keine Ahnung mehr habe.

Order C:\I386 habe ich also erstellt.

Wenn ich das bei cmd.exe so reinschreibe, wie du es gemacht hast
b - mit eckiger Klammer, dann bekomme ich die Meldung:

"[b]copy" ist entweder falsch geschrieben oder konnte nicht gefunden werden...

Geändert von mega.neon (16.09.2010 um 14:51 Uhr) Grund: vertippt

Alt 16.09.2010, 14:55   #15
Chris4You
 
"Generic Host Process" Problem auf Win XP SP3 - Standard

"Generic Host Process" Problem auf Win XP SP3



Hi,

Formatfehler, habs geändert, besser verständlich?

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Antwort

Themen zu "Generic Host Process" Problem auf Win XP SP3
0x00000001, 7-zip, ad-aware, antivir, antivir guard, any video converter, audacity, avgntflt.sys, avira, checkpoint, components, conduit, desktop, email, firefox, firefox.exe, generic host process, hijack, hijack this, hijackthis, hkus\s-1-5-18, home, location, mozilla thunderbird, mp3, nicht mehr öffnen, nodrives, ntdll.dll, oldtimer, otl logfile, plug-in, problem, saver, scan, searchplugins, security, shell32.dll, siteadvisor, software, sptd.sys, system, trojaner, video converter, virus, vlc media player, win 32, windows, windows xp, wma, wurm




Ähnliche Themen: "Generic Host Process" Problem auf Win XP SP3


  1. Generic Host Process for Win32 Services hat ein Problem festgestellt = W32/Generic.worm!p2p
    Log-Analyse und Auswertung - 06.09.2011 (25)
  2. Generic Host Process for Win32 Services hat ein Problem ......
    Plagegeister aller Art und deren Bekämpfung - 10.08.2011 (1)
  3. "Generic Host Process for Win32 service"-Fehler nach Start und kein Ton/Sound
    Log-Analyse und Auswertung - 17.07.2011 (33)
  4. "Generic Host Process for Win32 Services" Fehlermeldung - Win32.Blaster ?
    Plagegeister aller Art und deren Bekämpfung - 17.08.2010 (9)
  5. "Generic Host Process for Win32 Services" Problem (Service Pack 2)
    Plagegeister aller Art und deren Bekämpfung - 05.08.2010 (1)
  6. PROBLEM: TR\Crypt.XPACK.Gen und Generic host process for WIN 32 services
    Plagegeister aller Art und deren Bekämpfung - 22.01.2010 (1)
  7. Generic Host Process for win 32
    Log-Analyse und Auswertung - 11.11.2009 (7)
  8. "generic host process" lädt permanent herunter
    Plagegeister aller Art und deren Bekämpfung - 10.10.2009 (1)
  9. "Generic Host Process for Win32 Services hat ein Problem festgestellt ..."
    Log-Analyse und Auswertung - 01.10.2008 (0)
  10. Problem: generic host process
    Plagegeister aller Art und deren Bekämpfung - 30.08.2008 (1)
  11. "Generic Host Prozess for Win 32 Services" - Virus?
    Log-Analyse und Auswertung - 01.01.2008 (3)
  12. Generic Host Process
    Log-Analyse und Auswertung - 16.12.2007 (0)
  13. Generic Host Process for Win32-Problem
    Plagegeister aller Art und deren Bekämpfung - 06.11.2007 (9)
  14. Zone Alarm-Einstellung: "Generic Host" auf eigenen Router zulassen?
    Antiviren-, Firewall- und andere Schutzprogramme - 29.06.2007 (9)
  15. Generic Host Process for Win32 Services hat ein Problem festgestellt
    Plagegeister aller Art und deren Bekämpfung - 14.04.2007 (1)
  16. Problem mit Generic Host Process... Kann nicht Surfen!!
    Plagegeister aller Art und deren Bekämpfung - 26.01.2007 (15)
  17. Generic Host Process for Win 32 hat ein Problem
    Plagegeister aller Art und deren Bekämpfung - 18.01.2007 (2)

Zum Thema "Generic Host Process" Problem auf Win XP SP3 - Guten Abend allerseits, Ich bekomme - seit heute morgen - bei meinem Windows XP, SP3 ständig - nachdem ich hochgefahren habe - die Nachricht "Generic Host Process for Win 32 - "Generic Host Process" Problem auf Win XP SP3...
Archiv
Du betrachtest: "Generic Host Process" Problem auf Win XP SP3 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.