|
Log-Analyse und Auswertung: "Generic Host Process" Problem auf Win XP SP3Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
16.09.2010, 00:22 | #1 |
| "Generic Host Process" Problem auf Win XP SP3 Guten Abend allerseits, Ich bekomme - seit heute morgen - bei meinem Windows XP, SP3 ständig - nachdem ich hochgefahren habe - die Nachricht "Generic Host Process for Win 32 Services hat ein Problem festgestellt und muss beendet werden. Falls Sie gerade Daten bearbeitet haben, sind diese möglicherweise verloren gegangen" Jetzt wollte ich zuerst mal mit Malwarebytes scannen, musste aber feststellen, daß ich das Programm nicht mehr öffnen kann. (Hatte es bereits installiert und lezte Woche zum letzten mal benutzt, da ging es noch...) Auch im abgesicherten Modus lässt es sich nicht öffnen. Ein weiterer Nebeneffekt des Host Process-Crashes ist, daß a) die Soundkarte nicht mehr gefunden wird und b) sich die Taskleiste in den Windows 98 Look gewandelt hat. Da ich jetzt nicht weiss, ob es sich um einen Hardwarefehler oder Virus, Wurm, Trojaner handelt, hab ich mich mal vom Netz getrennt und schreibe vom Mac meiner Freundin aus. Da, wie gesagt, Malwarebytes nicht startet, kann ich zuerst nur mal die Logs von OTL und Hijack this bieten: ============ HIJACK THIS ============ HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 00:59:32, on 16.09.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Programme\CheckPoint\ZAForceField\IswSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Avira\AntiVir Desktop\avshadow.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\McAfee\SiteAdvisor\McSACore.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Programme\CheckPoint\ZAForceField\ForceField.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\DeltaIITray.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE C:\Programme\Skype\Phone\Skype.exe C:\Programme\DAEMON Tools Pro\DTProAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\wuauclt.exe C:\Dokumente und Einstellungen\XXXX\Desktop\HiJackThis204.exe C:\WINDOWS\system32\svchost.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://de.search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092 R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll R3 - URLSearchHook: ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O5 "LPT1:" /M "Stylus D68" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [EPSON Stylus D68 Series (Kopie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P33 "EPSON Stylus D68 Series (Kopie 1)" /O6 "USB001" /M "Stylus D68" O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\DeltaIITray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [ISW] "C:\Programme\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" O4 - HKLM\..\Run: [EPSON Stylus D68 Series_5000] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P28 "EPSON Stylus D68 Series_5000" /O6 "USB001" /M "Stylus D68" O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Programme\DAEMON Tools Pro\DTProAgent.exe" -autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: RAID Manager.lnk = ? O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{04AC5C7A-8C04-4F3B-A9B0-3883BEC58EF2}: NameServer = 93.188.164.72,93.188.166.222 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.164.72,93.188.166.222 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.164.72,93.188.166.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.72,93.188.166.222 O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Programme\CheckPoint\ZAForceField\IswSvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Programme\McAfee\SiteAdvisor\McSACore.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 9234 bytes ======= OTL LOG =======OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.09.2010 01:01:03 - Run 4 OTL by OldTimer - Version 3.2.12.1 Folder = C:\Dokumente und Einstellungen\XXXX\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 90,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 232,88 Gb Total Space | 18,55 Gb Free Space | 7,96% Space Free | Partition Type: NTFS Drive D: | 236,72 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded Drive F: | 494,50 Mb Total Space | 454,79 Mb Free Space | 91,97% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: XXXX-C204A68EE Current User Name: XXXX Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010.09.16 00:31:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\XXXX\Desktop\OTL.exe PRC - [2010.06.28 12:59:52 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe PRC - [2010.06.15 17:49:54 | 000,493,048 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe PRC - [2010.06.15 17:49:50 | 000,738,808 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ForceField.exe PRC - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.05.20 17:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\SiteAdvisor\McSACore.exe PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.07.27 13:44:58 | 000,236,040 | ---- | M] () -- C:\WINDOWS\system32\DeltaIITray.exe PRC - [2009.04.09 10:48:28 | 000,228,808 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Pro\DTProAgent.exe PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.09.19 10:07:28 | 000,827,392 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe PRC - [2006.08.21 14:35:10 | 000,114,688 | ---- | M] () -- C:\WINDOWS\tsnpstd3.exe PRC - [2005.01.25 06:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAAE.EXE ========== Modules (SafeList) ========== MOD - [2010.09.16 00:31:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\XXXX\Desktop\OTL.exe MOD - [2010.07.14 13:30:14 | 000,018,688 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee\SiteAdvisor\sahook.dll MOD - [2010.06.15 17:50:00 | 000,640,504 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll MOD - [2009.07.12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll MOD - [2009.07.12 02:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll MOD - [2008.04.14 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt) SRV - [2010.07.08 19:03:33 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2010.06.28 13:01:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2010.06.15 17:49:54 | 000,493,048 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc) SRV - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.05.20 17:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.08.07 12:43:04 | 000,045,816 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\XXXX\LOKALE~1\Temp\catchme.sys -- (catchme) DRV - [2010.06.17 19:03:47 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2010.06.15 17:49:46 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.01.31 20:03:50 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri) DRV - [2009.07.27 13:44:46 | 000,302,472 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MAudioDelta.sys -- (DELTAII) Service for M-Audio Delta Driver (WDM) DRV - [2009.07.16 18:23:09 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.21 10:09:00 | 000,297,344 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2008.04.14 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008.04.14 14:00:00 | 000,068,224 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pci.sys -- (PCI) DRV - [2008.04.14 01:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2008.04.14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2007.03.27 19:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3) DRV - [2005.08.04 13:51:58 | 000,026,112 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iteraid.sys -- (iteraid) DRV - [2005.05.12 14:39:56 | 001,287,296 | ---- | M] (C-Media Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmudax.sys -- (cmudax) DRV - [2005.04.01 16:16:00 | 003,454,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2001.08.17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/" FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.232.0 FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Programme\McAfee\SiteAdvisor [2010.08.27 08:36:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2010.08.27 09:19:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.12\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.09.09 23:59:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.12\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.09.09 23:59:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.09.02 19:41:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2009.07.03 10:11:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Extensions [2010.09.02 19:12:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.09.15 19:24:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\bhh2cfbb.default\extensions [2010.07.23 09:26:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\bhh2cfbb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.07.27 14:40:02 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\bhh2cfbb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.07.27 08:38:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\bhh2cfbb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.09.10 16:41:28 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\bhh2cfbb.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2009.08.21 12:18:58 | 000,002,328 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\bhh2cfbb.default\searchplugins\dictcc.xml [2009.07.22 17:20:39 | 000,002,305 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\bhh2cfbb.default\searchplugins\lastfm.xml [2009.07.22 15:52:37 | 000,001,427 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\bhh2cfbb.default\searchplugins\the-hype-machine.xml [2009.07.06 13:51:58 | 000,001,340 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\bhh2cfbb.default\searchplugins\wikipedia-en.xml [2009.07.03 12:43:52 | 000,000,952 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\bhh2cfbb.default\searchplugins\youtube-videosuche.xml [2010.09.15 19:24:37 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.09.09 23:59:48 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.09 23:59:48 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.09 23:59:49 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.09.09 23:59:49 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.09 23:59:49 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.06.08 01:32:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [EPSON Stylus D68 Series (Kopie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [EPSON Stylus D68 Series_5000] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\DeltaIITray.exe () O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe () O4 - HKLM..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe () O4 - HKLM..\Run: [UserFaultCheck] File not found O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Programme\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\RAID Manager.lnk = C:\Programme\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe (Integrated Technology Express, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.72,93.188.166.222 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.07.02 19:50:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{3c7c99bc-9a44-11df-90ec-0013d4d25c43}\Shell - "" = AutoRun O33 - MountPoints2\{3c7c99bc-9a44-11df-90ec-0013d4d25c43}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3c7c99bc-9a44-11df-90ec-0013d4d25c43}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.16 00:33:41 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\XXXX\Desktop\OTL.exe [2010.09.13 14:49:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXXX\Eigene Dateien\Japan Liveset [2010.09.12 18:40:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXXX\Lokale Einstellungen\Anwendungsdaten\Conduit [2010.09.12 18:35:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXXX\Lokale Einstellungen\Anwendungsdaten\tuobosymb [2010.09.03 09:04:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXXX\Desktop\Fotos [2010.09.02 19:12:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXXX\Lokale Einstellungen\Anwendungsdaten\Thunderbird [2010.09.02 19:12:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Thunderbird [2010.09.02 19:12:05 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird [2010.08.27 08:59:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXXX\Eigene Dateien\ForceField Shared Files [2010.08.27 08:59:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\CheckPoint [2010.08.27 08:58:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXXX\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit [2010.08.27 08:58:40 | 000,000,000 | ---D | C] -- C:\Programme\ZoneAlarm-Sicherheit [2010.08.27 08:58:33 | 000,000,000 | ---D | C] -- C:\Programme\CheckPoint [2010.08.27 08:58:09 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll [2010.08.27 08:58:07 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll [2010.08.27 08:58:07 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll [2010.08.27 08:58:04 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll [2010.08.27 08:58:02 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll [2010.08.27 08:58:01 | 000,532,224 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys [2010.08.27 08:58:01 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll [2010.08.27 08:58:01 | 000,107,520 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll [2010.08.27 08:58:01 | 000,000,000 | ---D | C] -- C:\Programme\Zone Labs [2010.08.27 08:57:40 | 000,713,728 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll [2010.08.27 08:57:40 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll [2010.08.26 18:31:30 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.08.26 18:31:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.08.26 18:25:04 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2010.08.26 18:19:19 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2010.08.26 18:19:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2009.08.24 17:54:15 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll [2009.08.24 17:54:15 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\vsnpstd3.dll [2009.08.24 17:54:15 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll [2007.03.12 12:41:52 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll [2004.11.24 21:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.16 00:58:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.09.16 00:50:47 | 000,021,961 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010.09.16 00:50:33 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.09.16 00:49:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.09.16 00:48:24 | 006,553,600 | -H-- | M] () -- C:\Dokumente und Einstellungen\XXXX\NTUSER.DAT [2010.09.16 00:48:24 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\XXXX\ntuser.ini [2010.09.16 00:47:06 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\XXXX\Desktop\HiJackThis204.exe [2010.09.16 00:31:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\XXXX\Desktop\OTL.exe [2010.09.15 23:47:32 | 004,318,844 | -H-- | M] () -- C:\Dokumente und Einstellungen\XXXX\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.09.15 23:45:33 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2010.09.15 17:06:21 | 000,022,223 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\HFS0012.rtf [2010.09.15 16:25:24 | 000,164,864 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXX\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.12 19:03:26 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010.09.03 14:46:26 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2010.09.02 19:41:08 | 000,001,632 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Thunderbird.lnk [2010.08.27 08:59:51 | 000,427,421 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml [2010.08.27 08:58:31 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat [2010.08.26 18:25:32 | 000,001,584 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk [2010.08.26 12:40:18 | 000,012,862 | ---- | M] () -- C:\WINDOWS\EPISMG00.SWB [2010.08.25 18:17:24 | 000,017,939 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\HFS001.rtf [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.16 00:05:02 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\XXXX\Desktop\gmer.exe [2010.09.15 16:53:04 | 000,012,657 | ---- | C] () -- C:\Dokumente und Einstellungen\XXXX\hs_err_pid2640.log [2010.09.12 18:35:29 | 000,012,944 | ---- | C] () -- C:\Dokumente und Einstellungen\XXXX\hs_err_pid216.log [2010.09.02 19:12:11 | 000,001,632 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Thunderbird.lnk [2010.08.27 08:58:01 | 000,427,421 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml [2010.08.26 18:32:43 | 000,002,121 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2010.08.26 18:25:32 | 000,001,584 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk [2010.08.26 10:03:19 | 000,022,223 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\HFS0012.rtf [2010.07.31 13:25:44 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2009.08.24 17:54:17 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini [2009.07.18 18:29:52 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2009.07.02 19:58:42 | 000,164,864 | ---- | C] () -- C:\Dokumente und Einstellungen\XXXX\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.19 17:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2008.12.17 19:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2008.12.17 19:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2008.12.17 19:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008.12.17 19:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2008.12.17 18:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2008.12.11 13:27:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008.04.14 14:00:00 | 000,068,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\pci.sys [2005.04.01 16:16:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2004.10.03 19:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [2003.02.18 18:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll ========== LOP Check ========== [2010.06.07 23:29:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9 [2009.12.21 15:52:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ConeXware [2009.07.16 18:27:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Pro [2009.10.23 11:12:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Last.fm [2009.07.03 10:42:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier [2009.07.16 18:08:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Propellerhead Software [2010.09.14 18:54:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Soulseek [2010.08.26 18:32:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.06.03 18:59:59 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} [2009.10.23 10:34:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009.07.20 18:19:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Ableton [2010.04.11 16:44:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Antares [2010.07.28 13:53:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\AnvSoft [2009.07.07 17:27:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Canneverbe_Limited [2010.08.27 08:59:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\CheckPoint [2009.07.16 18:35:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\DAEMON Tools Pro [2009.07.07 18:02:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\DeepBurner [2010.07.27 14:40:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\DVDVideoSoftIEHelpers [2010.03.31 12:28:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Facebook [2009.07.07 14:39:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\OpenOffice.org [2009.07.20 10:24:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Propellerhead Software [2010.09.02 19:12:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Thunderbird [2010.09.12 19:03:26 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job ========== Purity Check ========== ========== Files - Unicode (All) ========== [2010.04.26 12:12:27 | 000,000,149 | -H-- | M] ()(C:\Dokumente und Einstellungen\XXXX\Desktop\.~lock.??L.42.docx#) -- C:\Dokumente und Einstellungen\XXXX\Desktop\.~lock.漢字L.42.docx# [2010.04.26 12:12:27 | 000,000,149 | -H-- | C] ()(C:\Dokumente und Einstellungen\XXXX\Desktop\.~lock.??L.42.docx#) -- C:\Dokumente und Einstellungen\XXXX\Desktop\.~lock.漢字L.42.docx# < End of report > ======== EXTRAS-TXT ========OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.09.2010 01:01:03 - Run 4 OTL by OldTimer - Version 3.2.12.1 Folder = C:\Dokumente und Einstellungen\XXXX\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 90,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 232,88 Gb Total Space | 18,55 Gb Free Space | 7,96% Space Free | Partition Type: NTFS Drive D: | 236,72 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded Drive F: | 494,50 Mb Total Space | 454,79 Mb Free Space | 91,97% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: XXXX-C204A68EE Current User Name: XXXX Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] "DisableMonitoring" = 1 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD) "C:\Programme\SoulseekNS\slsk.exe" = C:\Programme\SoulseekNS\slsk.exe:*:Enabled:SoulSeek -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{177ADA1F-6D3B-404A-99DA-D7E0E2A36621}_is1" = Videograbber 2010 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15 "{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228 "{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor "{391BF2AA-1304-471A-9CBF-084AE32813D6}" = M-Audio Delta Driver 6.0.2 (x86) "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime "{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support "{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes "{9E520B22-546E-4AD3-8958-7D1EB8587AB1}" = Music Transfer Utility Ver.1 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1 "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E9FFB3AD-90F8-4934-A9BD-5DB61EE232B6}_is1" = Videograbber 5.0 "{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera-168 "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F701568C-D0C4-4280-810E-49023432426B}_is1" = ReasonExport "{FC6AAE10-A081-42C7-9CD3-ED1D80C30941}" = ITE IT8212 ATA RAID Controller "7-Zip" = 7-Zip 4.65 "Ableton Live_is1" = Ableton Live v7.0.2 "Ad-Aware" = Ad-Aware "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Antares Autotune VST RTAS TDM_is1" = Antares Autotune VST RTAS TDM v5.08 "Any Video Converter_is1" = Any Video Converter 3.0.6 "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner "C-Media Audio Driver" = C-Media High Definition Audio Driver "EPSON Printer and Utilities" = EPSON-Drucker-Software "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.8.0 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7 "JAIELangPack" = Japanese Language Support "LastFM_is1" = Last.fm 1.5.4.24567 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Marvell Miniport Driver" = Marvell Miniport Driver "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.5.12)" = Mozilla Firefox (3.5.12) "Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2) "NVIDIA Drivers" = NVIDIA Drivers "RealAlt_is1" = Real Alternative 1.9.0 "Reason4_is1" = Reason 4.0 "SkReasonExport 1.2" = SkReasonExport 1.2 "SopCast" = SopCast 3.2.9 "Soulseek2" = SoulSeek 157 NS 13e "SSC Service Utility_is1" = SSC Service Utility v4.30 "Uninstall_is1" = Uninstall 1.0.0.1 "Update Service" = Update Service "VLC media player" = VLC media player 0.9.9 "WinRAR archiver" = WinRAR "XP Codec Pack" = XP Codec Pack "ZoneAlarm" = ZoneAlarm "ZoneAlarm Toolbar" = ZoneAlarm Toolbar ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Facebook Plug-In" = Facebook Plug-In ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 22.04.2010 04:24:40 | Computer Name = XXXX-C204A68EE | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 26.04.2010 06:06:14 | Computer Name = XXXX-C204A68EE | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 26.04.2010 06:18:35 | Computer Name = XXXX-C204A68EE | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung soffice.bin, Version 3.1.9398.500, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x2ffe52d2. Error - 27.04.2010 05:23:29 | Computer Name = XXXX-C204A68EE | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung vlc.exe, Version 0.9.9.0, fehlgeschlagenes Modul libvout_directx_plugin.dll, Version 0.0.0.0, Fehleradresse 0x00005cbc. Error - 05.05.2010 12:39:53 | Computer Name = XXXX-C204A68EE | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung slsk.exe, Version 1.0.0.1, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 06.05.2010 03:02:02 | Computer Name = XXXX-C204A68EE | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 06.05.2010 06:49:03 | Computer Name = XXXX-C204A68EE | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung vlc.exe, Version 0.9.9.0, fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x00010cce. Error - 06.05.2010 16:42:14 | Computer Name = XXXX-C204A68EE | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung soffice.bin, Version 3.1.9398.500, fehlgeschlagenes Modul scmi.dll, Version 3.0.500.0, Fehleradresse 0x001cfa69. Error - 10.05.2010 12:39:36 | Computer Name = XXXX-C204A68EE | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 11.05.2010 01:44:41 | Computer Name = XXXX-C204A68EE | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. [ System Events ] Error - 15.09.2010 19:01:09 | Computer Name = XXXX-C204A68EE | Source = Service Control Manager | ID = 7003 Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht vorhandenem Dienst abhängig: vsdatant Error - 15.09.2010 19:01:10 | Computer Name = XXXX-C204A68EE | Source = Service Control Manager | ID = 7003 Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht vorhandenem Dienst abhängig: vsdatant Error - 15.09.2010 19:01:11 | Computer Name = XXXX-C204A68EE | Source = Service Control Manager | ID = 7003 Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht vorhandenem Dienst abhängig: vsdatant Error - 15.09.2010 19:01:12 | Computer Name = XXXX-C204A68EE | Source = Service Control Manager | ID = 7003 Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht vorhandenem Dienst abhängig: vsdatant Error - 15.09.2010 19:01:13 | Computer Name = XXXX-C204A68EE | Source = Service Control Manager | ID = 7003 Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht vorhandenem Dienst abhängig: vsdatant Error - 15.09.2010 19:01:14 | Computer Name = XXXX-C204A68EE | Source = Service Control Manager | ID = 7003 Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht vorhandenem Dienst abhängig: vsdatant Error - 15.09.2010 19:01:15 | Computer Name = XXXX-C204A68EE | Source = Service Control Manager | ID = 7003 Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht vorhandenem Dienst abhängig: vsdatant Error - 15.09.2010 19:01:16 | Computer Name = XXXX-C204A68EE | Source = Service Control Manager | ID = 7003 Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht vorhandenem Dienst abhängig: vsdatant Error - 15.09.2010 19:01:16 | Computer Name = XXXX-C204A68EE | Source = Service Control Manager | ID = 7032 Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Starten Sie den Dienst neu.) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Error - 15.09.2010 19:01:17 | Computer Name = XXXX-C204A68EE | Source = Service Control Manager | ID = 7003 Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht vorhandenem Dienst abhängig: vsdatant < End of report > =========== Wäre über jede Hilfe sehr, sehr Dankbar!!! |
16.09.2010, 09:27 | #2 |
/// Malware-holic | "Generic Host Process" Problem auf Win XP SP3 edit......
__________________Geändert von markusg (16.09.2010 um 09:59 Uhr) |
16.09.2010, 09:38 | #3 |
| "Generic Host Process" Problem auf Win XP SP3 Hi,
__________________der Proxy sieht "sehr" seltsam aus, weiterhin hast Du eine Umleitung fürs Internet in die Ukraine.. ;o)... Versuchen wir uns der Sache mal zu nähern: Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe C:\WINDOWS\System32\lsdelete.exe
Hijackthis, fixen: öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Beim fixen müssen alle Programme geschlossen sein! (Falls vorhanden, Teatimer von Spyboot wie folgt deaktivieren: Modus-->Erweiterte Modus-->Ja-->Werkzeuge-->Resident-->dHäkchen entfernen aus der "Resident "TeaTimer" (Schutz aller Systemeinstellungen)->exit) Code:
ATTFilter O17 - HKLM\System\CCS\Services\Tcpip\..\{04AC5C7A-8C04-4F3B-A9B0-3883BEC58EF2}: NameServer = 93.188.164.72,93.188.166.222 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.164.72,93.188.166.222 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.164.72,93.188.166.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.72,93.188.166.222 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://de.search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092
Code:
ATTFilter :OTL O4 - HKLM..\Run: [UserFaultCheck] File not found O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm () O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.72,93.188.166.222 O33 - MountPoints2\{3c7c99bc-9a44-11df-90ec-0013d4d25c43}\Shell - "" = AutoRun O33 - MountPoints2\{3c7c99bc-9a44-11df-90ec-0013d4d25c43}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3c7c99bc-9a44-11df-90ec-0013d4d25c43}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found :reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] "DisableMonitoring" = dword:0x00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = dword:0x00 :Commands [emptytemp] [EMPTYFLASH] [Reboot]
Ich denke da ist noch was in "Petto"... MBR-Check Lade Dir http://ad13.geekstogo.com/MBRCheck.exe und speichere die Datei auf dem Desktop.
Combofix Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop. Antivierenlösung komplett auschalten und zwar so, dass sie sich auch nach einem Reboot NICHT einschaltet! Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß! Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. chris
__________________ |
16.09.2010, 13:05 | #4 |
| "Generic Host Process" Problem auf Win XP SP3 Danke für die schnelle Hilfe! Der Umleitung in die Ukraine überrascht mich dann doch nur so halb, da ich letzte Woche diese berühmt-berüchtigte "Security Suite" Malware (oder heisst das Scareware!?) auf dem Rechner hatte. Ich hab es dann nach so einem Walkthrough vom System runtergeworfen, aber scheinbar dann doch nicht richtig... Das sagt Virustotal: a) C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe AhnLab-V3 2010.09.16.01 2010.09.16 - AntiVir 8.2.4.52 2010.09.16 - Antiy-AVL 2.0.3.7 2010.09.16 - Authentium 5.2.0.5 2010.09.16 - Avast 4.8.1351.0 2010.09.16 - Avast5 5.0.594.0 2010.09.16 - AVG 9.0.0.851 2010.09.15 - BitDefender 7.2 2010.09.16 - CAT-QuickHeal 11.00 2010.09.16 - ClamAV 0.96.2.0-git 2010.09.16 - Comodo 6096 2010.09.16 - DrWeb 5.0.2.03300 2010.09.16 - Emsisoft 5.0.0.37 2010.09.16 - eSafe 7.0.17.0 2010.09.15 - eTrust-Vet 36.1.7859 2010.09.16 - F-Prot 4.6.1.107 2010.09.16 - F-Secure 9.0.15370.0 2010.09.16 - Fortinet 4.1.143.0 2010.09.16 - GData 21 2010.09.16 - Ikarus T3.1.1.88.0 2010.09.16 - Jiangmin 13.0.900 2010.09.16 - K7AntiVirus 9.63.2522 2010.09.15 - Kaspersky 7.0.0.125 2010.09.16 - McAfee 5.400.0.1158 2010.09.16 - McAfee-GW-Edition 2010.1C 2010.09.16 - Microsoft 1.6103 2010.09.16 - NOD32 5454 2010.09.16 - Norman 6.06.06 2010.09.15 - nProtect 2010-09-16.02 2010.09.16 - Panda 10.0.2.7 2010.09.15 - PCTools 7.0.3.5 2010.09.16 - Prevx 3.0 2010.09.16 - Rising 22.65.03.01 2010.09.16 - Sophos 4.57.0 2010.09.16 - Sunbelt 6882 2010.09.16 - SUPERAntiSpyware 4.40.0.1006 2010.09.16 - Symantec 20101.1.1.7 2010.09.16 - TheHacker 6.7.0.0.020 2010.09.16 - TrendMicro 9.120.0.1004 2010.09.16 - TrendMicro-HouseCall 9.120.0.1004 2010.09.16 - VBA32 3.12.14.0 2010.09.15 - ViRobot 2010.8.25.4006 2010.09.16 - VirusBuster 12.65.8.0 MD5 : 1b17e09c1223f6d17336d2dd7a1af4f4 SHA1 : 721dd499b30cc3643941eed4b449884bfc1777a5 SHA256: 06dfad95007532ccf46d593eedc2474936614aedcea7bf983e36dad22f850b08 b) C:\WINDOWS\System32\lsdelete.exe AhnLab-V3 2010.09.16.01 2010.09.16 - AntiVir 8.2.4.52 2010.09.16 - Antiy-AVL 2.0.3.7 2010.09.16 - Authentium 5.2.0.5 2010.09.16 - Avast 4.8.1351.0 2010.09.16 - Avast5 5.0.594.0 2010.09.16 - AVG 9.0.0.851 2010.09.15 - BitDefender 7.2 2010.09.16 - CAT-QuickHeal 11.00 2010.09.16 - ClamAV 0.96.2.0-git 2010.09.16 - Comodo 6096 2010.09.16 - DrWeb 5.0.2.03300 2010.09.16 - eSafe 7.0.17.0 2010.09.15 - eTrust-Vet 36.1.7859 2010.09.16 - F-Prot 4.6.1.107 2010.09.16 - F-Secure 9.0.15370.0 2010.09.16 - Fortinet 4.1.143.0 2010.09.16 - GData 21 2010.09.16 - Ikarus T3.1.1.88.0 2010.09.16 - Jiangmin 13.0.900 2010.09.16 - K7AntiVirus 9.63.2522 2010.09.15 - Kaspersky 7.0.0.125 2010.09.16 - McAfee 5.400.0.1158 2010.09.16 - McAfee-GW-Edition 2010.1C 2010.09.16 - Microsoft 1.6103 2010.09.16 - NOD32 5454 2010.09.16 - Norman 6.06.06 2010.09.15 - nProtect 2010-09-16.02 2010.09.16 - Panda 10.0.2.7 2010.09.16 - PCTools 7.0.3.5 2010.09.16 - Prevx 3.0 2010.09.16 - Rising 22.65.03.01 2010.09.16 - Sophos 4.57.0 2010.09.16 - Sunbelt 6882 2010.09.16 - SUPERAntiSpyware 4.40.0.1006 2010.09.16 - Symantec 20101.1.1.7 2010.09.16 - TheHacker 6.7.0.0.020 2010.09.16 - TrendMicro 9.120.0.1004 2010.09.16 - TrendMicro-HouseCall 9.120.0.1004 2010.09.16 - VBA32 3.12.14.0 2010.09.15 - ViRobot 2010.8.25.4006 2010.09.16 - VirusBuster 12.65.8.0 2010.09.15 - MD5 : 11d37ffc9aaa3435c9d428cf5998acb5 SHA1 : d7ac5f908f1abcaaf4a76f6f9605bc20f7389c3b SHA256: f5b18cf8f7fad5f8a1df03399f3d390703d57d6ce94fe04b8aab18389846e45b ===================================== nun zum OTL Log: ��= |
16.09.2010, 13:15 | #5 |
| "Generic Host Process" Problem auf Win XP SP3 OTL Log: R edit: irgendwie bekomme ich den OTL Log hier nicht rein, auch nicht mit "code". Mache ich da was falsch? Geändert von mega.neon (16.09.2010 um 13:24 Uhr) Grund: siehe Text |
16.09.2010, 13:17 | #6 |
| "Generic Host Process" Problem auf Win XP SP3 MBR - Check: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows XP Home Edition Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000003d Kernel Drivers (total 122): 0x804D7000 \WINDOWS\system32\ntoskrnl.exe 0x80700000 \WINDOWS\system32\hal.dll 0xF7987000 \WINDOWS\system32\KDCOM.DLL 0xF7897000 \WINDOWS\system32\BOOTVID.dll 0xF75A7000 ACPI.sys 0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xF7596000 pci.sys 0xF75F7000 ohci1394.sys 0xF7607000 \WINDOWS\system32\DRIVERS\1394BUS.SYS 0xF7617000 isapnp.sys 0xF7A4F000 PCIIde.sys 0xF7707000 \WINDOWS\System32\Drivers\PCIIDEX.SYS 0xF798B000 intelide.sys 0xF7627000 MountMgr.sys 0xF74D7000 ftdisk.sys 0xF770F000 PartMgr.sys 0xF7637000 VolSnap.sys 0xF74BF000 atapi.sys 0xF7647000 iteraid.sys 0xF74A7000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS 0xF7657000 disk.sys 0xF7667000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF7877000 fltMgr.sys 0xF7865000 sr.sys 0xF7677000 Lbd.sys 0xF784E000 KSecDD.sys 0xF7B52000 Ntfs.sys 0xF795A000 NDIS.sys 0xF7834000 Mup.sys 0xF7526000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xB91C2000 \SystemRoot\system32\DRIVERS\nv4_mini.sys 0xB91AE000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xB9186000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xB913D000 \SystemRoot\system32\DRIVERS\yk51x86.sys 0xF77BF000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xB9119000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF77C7000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xF7516000 \SystemRoot\system32\DRIVERS\nic1394.sys 0xF7506000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF7487000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF7497000 \SystemRoot\system32\DRIVERS\redbook.sys 0xB90F6000 \SystemRoot\system32\DRIVERS\ks.sys 0xF77CF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0xB90AD000 \SystemRoot\system32\DRIVERS\MAudioDelta.sys 0xB99C0000 \SystemRoot\system32\DRIVERS\fdc.sys 0xB9099000 \SystemRoot\system32\DRIVERS\parport.sys 0xF7477000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xB99B8000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF7467000 \SystemRoot\system32\DRIVERS\serial.sys 0xB9E82000 \SystemRoot\system32\DRIVERS\serenum.sys 0xF7AB5000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF7457000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xB9E7A000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xB9082000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF7447000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF7437000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xB99B0000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xB9071000 \SystemRoot\system32\DRIVERS\psched.sys 0xF7427000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xB99A8000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xB99A0000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF7417000 \SystemRoot\system32\DRIVERS\termdd.sys 0xB9998000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xB9990000 \SystemRoot\system32\DRIVERS\seehcri.sys 0xF79CB000 \SystemRoot\system32\DRIVERS\swenum.sys 0xB9013000 \SystemRoot\system32\DRIVERS\update.sys 0xB9E6E000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF76E7000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xAC930000 \SystemRoot\system32\drivers\cmudax.sys 0xAC90C000 \SystemRoot\system32\drivers\portcls.sys 0xAE721000 \SystemRoot\system32\drivers\drmk.sys 0xAE711000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF79B3000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xAEEE9000 \SystemRoot\system32\DRIVERS\flpydisk.sys 0xF79B7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF7A79000 \SystemRoot\System32\Drivers\Null.SYS 0xF79B9000 \SystemRoot\System32\Drivers\Beep.SYS 0xAEED9000 \SystemRoot\System32\drivers\vga.sys 0xF79BB000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF79BD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xAEED1000 \SystemRoot\System32\Drivers\Msfs.SYS 0xAEEC9000 \SystemRoot\System32\Drivers\Npfs.SYS 0xB7EB5000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xAC89D000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xAC844000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xAC81C000 \SystemRoot\system32\DRIVERS\netbt.sys 0xAC7F6000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xAC7CA000 \SystemRoot\System32\drivers\afd.sys 0xAE6F1000 \SystemRoot\system32\DRIVERS\netbios.sys 0xAE6E1000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xAEEC1000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0xAC79F000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xAC707000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xAE6D1000 \SystemRoot\system32\DRIVERS\arp1394.sys 0xAE6C1000 \SystemRoot\System32\Drivers\Fips.SYS 0xADD8B000 \SystemRoot\system32\DRIVERS\usbprint.sys 0xAEC47000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xAC1E7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xADD83000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xAEC43000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xA3C7A000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xA48B5000 \SystemRoot\System32\drivers\Dxapi.sys 0xA3E01000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xA9793000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\nv4_disp.dll 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xF7947000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xB9988000 \??\C:\Programme\CheckPoint\ZAForceField\ISWKL.sys 0xA15BE000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xA40C6000 \SystemRoot\System32\Drivers\ParVdm.SYS 0xA14EF000 \SystemRoot\system32\DRIVERS\srv.sys 0xA0AFA000 \SystemRoot\system32\drivers\wdmaud.sys 0xA9E5C000 \SystemRoot\system32\drivers\sysaudio.sys 0xA0723000 \SystemRoot\System32\Drivers\HTTP.sys 0x9F863000 \SystemRoot\System32\Drivers\Fastfat.SYS 0xB5825000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x9F9AF000 \SystemRoot\system32\drivers\usbaudio.sys 0x9E0C5000 \SystemRoot\system32\drivers\kmixer.sys 0xB9526000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x7C910000 \WINDOWS\system32\ntdll.dll Processes (total 38): 0 System Idle Process 4 System 600 C:\WINDOWS\system32\smss.exe 660 csrss.exe 684 C:\WINDOWS\system32\winlogon.exe 728 C:\WINDOWS\system32\services.exe 740 C:\WINDOWS\system32\lsass.exe 924 C:\WINDOWS\system32\svchost.exe 996 svchost.exe 1128 svchost.exe 1156 svchost.exe 1188 C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe 1364 C:\WINDOWS\system32\spoolsv.exe 1456 svchost.exe 1524 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1548 C:\Programme\Bonjour\mDNSResponder.exe 1612 C:\Programme\Java\jre6\bin\jqs.exe 1652 C:\PROGRA~1\McAfee\SITEAD~1\McSACore.exe 1700 C:\WINDOWS\system32\nvsvc32.exe 1796 C:\WINDOWS\system32\svchost.exe 1888 C:\WINDOWS\system32\wuauclt.exe 452 C:\Programme\CheckPoint\ZAForceField\ForceField.exe 576 alg.exe 644 C:\WINDOWS\explorer.exe 872 C:\WINDOWS\system32\rundll32.exe 2372 C:\WINDOWS\system32\rundll32.exe 2500 C:\WINDOWS\tsnpstd3.exe 2508 C:\WINDOWS\vsnpstd3.exe 2536 C:\WINDOWS\system32\DeltaIITray.exe 2552 C:\Programme\iTunes\iTunesHelper.exe 2564 C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe 2592 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAAE.EXE 2684 C:\WINDOWS\system32\ctfmon.exe 2868 C:\Programme\iPod\bin\iPodService.exe 1904 C:\Programme\Avira\AntiVir Desktop\sched.exe 2960 C:\Programme\Avira\AntiVir Desktop\avgnt.exe 1680 C:\WINDOWS\system32\svchost.exe 1428 C:\Dokumente und Einstellungen\XXXX\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) PhysicalDrive0 Model Number: SAMSUNGSP2504C, Rev: VT100-33 Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11 Done! ===================== und der Combofix Log: Combofix Logfile: Code:
ATTFilter ComboFix 10-09-15.01 - XXXX 16.09.2010 13:31:17.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.2047.1748 [GMT 2:00] ausgef¸hrt von:: c:\dokumente und einstellungen\XXXX\Desktop\23458.exe FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . (((((((((((((((((((((((((((((((((((( Weitere Lˆschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\dokumente und einstellungen\XXXX\Startmen¸\Programme\Antimalware Doctor c:\dokumente und einstellungen\XXXX\Startmen¸\Programme\Antimalware Doctor\Antimalware Doctor.lnk c:\dokumente und einstellungen\XXXX\Startmen¸\Programme\Antimalware Doctor\Uninstall.lnk c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.exe c:\windows\system32\spool\prtprocs\w32x86\x55q5w.dll c:\windows\system32\DRIVERS\pci.sys . . . ist infiziert!! . . . Failed to find a valid replacement. . ((((((((((((((((((((((( Dateien erstellt von 2010-08-16 bis 2010-09-16 )))))))))))))))))))))))))))))) . 2010-09-16 10:51 . 2010-09-16 10:51 -------- d-----w- C:\_OTL 2010-09-13 09:39 . 2010-09-13 09:39 -------- d-----w- c:\dokumente und einstellungen\Retep\Anwendungsdaten\Malwarebytes 2010-09-12 16:40 . 2010-09-12 16:40 -------- d-----w- c:\dokumente und einstellungen\XXXX\Lokale Einstellungen\Anwendungsdaten\Conduit 2010-09-12 16:35 . 2010-09-12 19:59 -------- d-----w- c:\dokumente und einstellungen\XXXX\Lokale Einstellungen\Anwendungsdaten\tuobosymb 2010-09-02 17:12 . 2010-09-02 17:12 -------- d-----w- c:\dokumente und einstellungen\XXXX\Lokale Einstellungen\Anwendungsdaten\Thunderbird 2010-09-02 17:12 . 2010-09-02 17:12 -------- d-----w- c:\dokumente und einstellungen\XXXX\Anwendungsdaten\Thunderbird 2010-09-02 17:12 . 2010-09-02 17:41 -------- d-----w- c:\programme\Mozilla Thunderbird 2010-08-30 06:13 . 2010-08-30 06:13 -------- d-----w- c:\dokumente und einstellungen\Retep\Anwendungsdaten\CheckPoint 2010-08-27 06:59 . 2010-08-27 06:59 -------- d-----w- c:\dokumente und einstellungen\XXXX\Anwendungsdaten\CheckPoint 2010-08-27 06:58 . 2010-09-12 16:40 -------- d-----w- c:\dokumente und einstellungen\XXXX\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit 2010-08-27 06:58 . 2010-08-27 06:58 -------- d-----w- c:\programme\ZoneAlarm-Sicherheit 2010-08-27 06:58 . 2010-08-27 06:58 -------- d-----w- c:\programme\CheckPoint 2010-08-27 06:58 . 2010-06-28 10:59 69120 ----a-w- c:\windows\system32\zlcomm.dll 2010-08-27 06:58 . 2010-06-28 10:59 103936 ----a-w- c:\windows\system32\zlcommdb.dll 2010-08-27 06:58 . 2010-06-28 10:59 1238528 ----a-w- c:\windows\system32\zpeng25.dll 2010-08-27 06:58 . 2010-08-27 06:58 -------- d-----w- c:\programme\Zone Labs 2010-08-26 16:31 . 2010-08-26 16:31 -------- d-----w- c:\programme\iPod 2010-08-26 16:31 . 2010-08-26 16:32 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-08-26 16:25 . 2010-08-26 16:25 -------- d-----w- c:\programme\QuickTime 2010-08-26 16:19 . 2010-08-26 16:19 -------- d-----w- c:\programme\Bonjour 2010-08-26 16:16 . 2010-08-26 16:16 73000 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-16 11:05 . 2009-07-03 08:44 -------- d-----w- c:\dokumente und einstellungen\XXXX\Anwendungsdaten\Skype 2010-09-16 10:45 . 2009-07-07 12:40 1 ----a-w- c:\dokumente und einstellungen\XXXX\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-09-16 07:22 . 2009-07-03 08:55 -------- d-----w- c:\dokumente und einstellungen\XXXX\Anwendungsdaten\skypePM 2010-09-15 21:45 . 2010-08-30 22:12 17035608 ----a-w- c:\windows\Internet Logs\tvDebug.Zip 2010-09-14 16:54 . 2009-07-03 09:00 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Soulseek 2010-09-12 18:05 . 2010-05-19 16:31 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware 2010-09-01 11:08 . 2009-07-13 08:14 -------- d-----w- c:\dokumente und einstellungen\XXXX\Anwendungsdaten\dvdcss 2010-08-27 06:59 . 2010-08-27 06:59 1583104 ----a-w- c:\windows\Internet Logs\xDB55.tmp 2010-08-27 06:58 . 2009-07-03 08:42 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2010-08-27 06:38 . 2009-07-03 09:39 -------- d-----w- c:\programme\McAfee 2010-08-26 16:32 . 2009-10-23 08:33 -------- d-----w- c:\programme\iTunes 2010-08-26 16:31 . 2009-10-23 08:28 -------- d-----w- c:\programme\Gemeinsame Dateien\Apple 2010-08-11 23:53 . 2008-04-14 12:00 80092 ----a-w- c:\windows\system32\perfc007.dat 2010-08-11 23:53 . 2008-04-14 12:00 448396 ----a-w- c:\windows\system32\perfh007.dat 2010-07-28 12:48 . 2010-07-28 12:47 -------- d-----w- c:\programme\XP Codec Pack 2010-07-28 11:53 . 2010-07-28 11:53 -------- d-----w- c:\dokumente und einstellungen\XXXX\Anwendungsdaten\AnvSoft 2010-07-28 11:53 . 2010-07-28 11:53 -------- d-----w- c:\programme\AnvSoft 2010-07-27 12:40 . 2010-07-27 12:40 -------- d-----w- c:\dokumente und einstellungen\XXXX\Anwendungsdaten\DVDVideoSoftIEHelpers 2010-07-27 12:39 . 2010-07-27 12:39 -------- d-----w- c:\programme\Gemeinsame Dateien\DVDVideoSoft 2010-07-27 12:39 . 2010-07-27 12:39 -------- d-----w- c:\programme\DVDVideoSoft 2010-06-30 12:28 . 2008-04-14 12:00 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:10 . 2008-04-14 12:00 672768 ----a-w- c:\windows\system32\wininet.dll 2010-06-24 12:10 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2010-06-24 09:02 . 2008-04-14 12:00 1852032 ----a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2008-04-14 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys . ((((((((((((((((((((((((((((( SnapShot@2010-06-07_23.33.00 ))))))))))))))))))))))))))))))))))))))))) . + 2010-09-16 11:28 . 2010-09-16 11:28 16384 c:\windows\Temp\Perflib_Perfdata_27c.dat + 2010-08-27 06:58 . 2010-06-28 11:00 12288 c:\windows\system32\ZoneLabs\zlsre_loc0407.dll + 2010-08-27 06:58 . 2010-06-28 10:59 99328 c:\windows\system32\ZoneLabs\zlquarantine.dll + 2010-08-27 06:58 . 2010-06-28 10:59 70656 c:\windows\system32\ZoneLabs\zatray.exe + 2010-08-27 06:58 . 2010-06-28 11:00 39424 c:\windows\system32\ZoneLabs\vsmon_loc0407.dll + 2010-08-27 06:58 . 2010-06-28 11:00 21504 c:\windows\system32\ZoneLabs\lib\zsys.zip.dll + 2010-08-27 06:58 . 2010-06-28 11:00 14336 c:\windows\system32\ZoneLabs\lib\zmenu.zip.dll + 2010-08-27 06:58 . 2010-06-28 11:00 46592 c:\windows\system32\ZoneLabs\lib\zfde.zip.dll + 2010-08-27 06:58 . 2010-06-28 11:00 85504 c:\windows\system32\ZoneLabs\lib\ZAlert.zip.dll + 2010-08-27 06:58 . 2010-06-28 11:00 37376 c:\windows\system32\ZoneLabs\lib\UpdateUI.zip.dll + 2010-08-27 06:58 . 2010-06-28 11:00 12800 c:\windows\system32\ZoneLabs\lib\oem_1488.zip.dll + 2010-08-27 06:58 . 2010-06-28 11:00 12800 c:\windows\system32\ZoneLabs\lib\oem_1487.zip.dll + 2010-08-27 06:58 . 2010-06-28 11:00 12800 c:\windows\system32\ZoneLabs\lib\oem_1486.zip.dll + 2010-08-27 06:58 . 2010-06-28 11:00 20992 c:\windows\system32\ZoneLabs\lib\oem_1466.zip.dll + 2010-08-27 06:58 . 2010-06-28 11:00 12800 c:\windows\system32\ZoneLabs\lib\oem_1460.zip.dll + 2010-08-27 06:58 . 2010-06-28 11:00 10240 c:\windows\system32\ZoneLabs\lib\oem_1454.zip.dll + 2010-08-27 06:58 . 2010-06-28 11:00 11264 c:\windows\system32\ZoneLabs\lib\oem_1445.zip.dll + 2010-08-27 06:58 . 2010-06-28 11:00 14336 c:\windows\system32\ZoneLabs\lib\oem_1440.zip.dll + 2010-08-27 06:58 . 2010-06-28 11:00 12288 c:\windows\system32\ZoneLabs\lib\oem_1413.zip.dll + 2010-08-27 06:58 . 2010-06-28 11:00 11264 c:\windows\system32\ZoneLabs\lib\oem_1010.zip.dll + 2010-08-27 06:58 . 2010-06-28 11:00 29184 c:\windows\system32\ZoneLabs\lib\NavBar.zip.dll + 2010-08-27 06:58 . 2010-06-28 11:00 13312 c:\windows\system32\ZoneLabs\lib\MainLoop.zip.dll + 2010-08-27 06:58 . 2010-06-28 11:00 35840 c:\windows\system32\ZoneLabs\lib\Alert.zip.dll + 2010-08-27 06:58 . 2010-06-28 10:59 38912 c:\windows\system32\ZoneLabs\featuremap.dll + 2010-08-27 06:58 . 2010-06-28 10:59 75776 c:\windows\system32\ZoneLabs\camupd.dll + 2010-08-27 06:58 . 2010-06-28 10:59 43008 c:\windows\system32\vswmi.dll + 2010-08-27 06:58 . 2010-06-28 10:59 58368 c:\windows\system32\vsregexp.dll + 2008-04-14 12:00 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe - 2008-04-14 12:00 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe - 2009-07-04 01:00 . 2009-05-26 11:40 18808 c:\windows\system32\spmsg.dll + 2009-07-04 01:00 . 2010-02-22 14:22 18808 c:\windows\system32\spmsg.dll + 2006-11-02 16:10 . 2006-11-02 16:10 80912 c:\windows\system32\sherlock2.exe + 2004-08-10 06:52 . 2004-08-10 06:52 49221 c:\windows\system32\rv40.dll + 2004-08-10 06:52 . 2004-08-10 06:52 49221 c:\windows\system32\rv30.dll + 2004-08-10 06:51 . 2004-08-10 06:51 57411 c:\windows\system32\rv20.dll + 2004-08-10 06:50 . 2004-08-10 06:50 49216 c:\windows\system32\rv10.dll + 2010-08-26 16:20 . 2009-08-28 17:42 40448 c:\windows\system32\ReinstallBackups\0005\DriverFiles\usbaapl.sys + 2010-03-30 22:16 . 2010-03-30 22:16 99176 c:\windows\system32\PresentationHostProxy.dll - 2008-04-14 12:00 . 2010-03-31 07:04 67312 c:\windows\system32\perfc009.dat + 2008-04-14 12:00 . 2010-08-11 23:53 67312 c:\windows\system32\perfc009.dat + 2009-11-06 23:07 . 2009-11-06 23:07 49488 c:\windows\system32\netfxperf.dll + 2009-11-06 23:07 . 2009-11-06 23:07 11600 c:\windows\system32\mui\0409\mscorees.dll + 2009-07-27 11:44 . 2009-07-27 11:44 25096 c:\windows\system32\MAudioDeltaAsio.dll + 2008-04-14 12:00 . 2010-06-17 14:03 80384 c:\windows\system32\iccvid.dll - 2008-04-14 12:00 . 2008-04-14 12:00 80384 c:\windows\system32\iccvid.dll + 2008-12-17 17:22 . 2008-12-17 17:22 93184 c:\windows\system32\ff_wmv9.dll + 2008-12-17 17:22 . 2008-12-17 17:22 57344 c:\windows\system32\ff_vfw.dll + 2010-08-26 16:20 . 2010-04-19 18:47 41984 c:\windows\system32\DRVSTORE\usbaapl_3822718F9E2E86C3752D30561ECA5A855A4A3F7D\usbaapl.sys + 2010-08-26 16:20 . 2010-04-19 18:29 18432 c:\windows\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\netaapl.sys + 2010-06-17 17:05 . 2010-06-17 17:03 64288 c:\windows\system32\DRVSTORE\lbd_9C578CA880A99903668A8694DEFB21244E9C4C62\Lbd.sys + 2009-10-23 08:28 . 2010-04-19 18:47 41984 c:\windows\system32\drivers\usbaapl.sys + 2010-06-17 17:04 . 2010-06-03 17:02 95024 c:\windows\system32\drivers\SBREDrv.sys - 2010-05-19 16:31 . 2010-04-29 10:19 38224 c:\windows\system32\drivers\mbamswissarmy.sys + 2010-05-19 16:31 . 2010-04-29 13:39 38224 c:\windows\system32\drivers\mbamswissarmy.sys + 2010-05-19 16:31 . 2010-04-29 13:39 20952 c:\windows\system32\drivers\mbam.sys - 2010-05-19 16:31 . 2010-04-29 10:19 20952 c:\windows\system32\drivers\mbam.sys - 2009-08-21 12:32 . 2010-02-04 15:53 64288 c:\windows\system32\drivers\Lbd.sys + 2009-08-21 12:32 . 2010-06-17 17:03 64288 c:\windows\system32\drivers\Lbd.sys + 2010-05-18 14:35 . 2010-05-18 14:35 91424 c:\windows\system32\dnssd.dll + 2008-04-14 12:00 . 2010-06-24 12:10 81920 c:\windows\system32\dllcache\ieencode.dll - 2008-04-14 12:00 . 2010-02-26 05:41 81920 c:\windows\system32\dllcache\ieencode.dll + 2008-04-14 12:00 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll + 2009-07-27 11:44 . 2009-07-27 11:44 21000 c:\windows\system32\DeltaIIpnl.dll - 2009-08-26 16:54 . 2008-03-03 08:13 21000 c:\windows\system32\DeltaIIpnl.dll + 2004-08-10 06:50 . 2004-08-10 06:50 65602 c:\windows\system32\cook.dll + 2004-08-10 06:50 . 2004-08-10 06:50 77889 c:\windows\system32\atrc.dll + 2008-04-14 12:00 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll - 2008-07-29 17:16 . 2008-07-29 17:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll + 2010-04-07 21:48 . 2010-04-07 21:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll + 2010-03-23 03:31 . 2010-03-23 03:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe + 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll + 2009-11-06 23:07 . 2009-11-06 23:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe + 2010-07-28 12:21 . 2010-07-28 12:21 65536 c:\windows\Installer\{49FC50FC-F965-40D9-89B4-CBFF80941031}\ARPPRODUCTICON.exe + 2010-08-12 07:05 . 2010-08-12 07:05 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5ec9dec678303ebff0ef018edb5ec595\UIAutomationProvider.ni.dll + 2010-08-12 14:04 . 2010-08-12 14:04 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll + 2010-08-12 14:03 . 2010-08-12 14:03 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\aada360296a42e0413579a19c771ec2d\System.Web.DynamicData.Design.ni.dll + 2010-08-12 14:01 . 2010-08-12 14:01 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2b5ff2c6358c483eb1439b99badb54fd\System.ComponentModel.DataAnnotations.ni.dll + 2010-08-12 14:01 . 2010-08-12 14:01 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\6125ff5a4fcd93d70a246cbff3005d42\System.AddIn.Contract.ni.dll + 2010-08-12 07:03 . 2010-08-12 07:03 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\de26af01222270c121788161496fcfe7\PresentationFontCache.ni.exe + 2010-08-11 23:54 . 2010-08-11 23:54 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3c5adeedb70e6e052a6556c6ab9b6918\PresentationCFFRasterizer.ni.dll + 2010-08-12 14:03 . 2010-08-12 14:03 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll + 2010-08-12 10:02 . 2010-08-12 10:02 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e1d4e0b1f112000ab33bbaf88bd9ed99\Microsoft.Build.Framework.ni.dll + 2010-08-12 10:02 . 2010-08-12 10:02 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4200cf5b7f247ec1b997808c6d1ba7d1\Microsoft.Build.Framework.ni.dll + 2010-08-12 10:02 . 2010-08-12 10:02 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\50b7fc7f36c76313cbb434b10923e4e9\dfsvc.ni.exe + 2010-08-12 10:00 . 2010-08-12 10:00 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5ffa548547613dbc5a92f2c5b7cad196\Accessibility.ni.dll - 2009-10-18 19:23 . 2009-10-18 19:23 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll + 2010-08-11 23:52 . 2010-08-11 23:52 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll - 2009-07-07 15:13 . 2009-07-07 15:13 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll + 2010-06-09 23:10 . 2010-06-09 23:10 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll + 2010-08-11 23:52 . 2010-08-11 23:52 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll - 2009-10-18 19:23 . 2009-10-18 19:23 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll + 2010-08-11 23:53 . 2010-08-11 23:53 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll - 2009-10-18 19:24 . 2009-10-18 19:24 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll + 2010-08-11 23:53 . 2010-08-11 23:53 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll - 2009-10-18 19:23 . 2009-10-18 19:23 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll - 2009-10-18 19:23 . 2009-10-18 19:23 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll + 2010-08-11 23:53 . 2010-08-11 23:53 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll - 2009-10-18 19:23 . 2009-10-18 19:23 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll + 2010-08-11 23:53 . 2010-08-11 23:53 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll + 2010-08-11 23:53 . 2010-08-11 23:53 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll - 2009-10-18 19:23 . 2009-10-18 19:23 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll - 2009-10-18 19:23 . 2009-10-18 19:23 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll + 2010-08-11 23:53 . 2010-08-11 23:53 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll + 2010-08-11 23:53 . 2010-08-11 23:53 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll - 2009-10-18 19:23 . 2009-10-18 19:23 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll + 2010-08-11 23:52 . 2010-08-11 23:52 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll - 2009-10-18 19:23 . 2009-10-18 19:23 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll + 2010-08-11 23:53 . 2010-08-11 23:53 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll - 2009-10-18 19:23 . 2009-10-18 19:23 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll + 2010-08-11 23:53 . 2010-08-11 23:53 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll - 2009-10-18 19:23 . 2009-10-18 19:23 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll + 2010-08-11 23:53 . 2010-08-11 23:53 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll - 2009-10-18 19:23 . 2009-10-18 19:23 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll + 2010-08-11 23:49 . 2008-04-14 12:00 80384 c:\windows\$NtUninstallKB982665$\iccvid.dll + 2010-06-12 16:56 . 2010-02-26 05:41 81920 c:\windows\$NtUninstallKB982381$\ieencode.dll + 2010-06-09 23:13 . 2010-01-23 08:11 46080 c:\windows\$NtUninstallKB981793$\tzchange.exe + 2010-06-09 23:13 . 2010-04-22 22:21 16896 c:\windows\$NtUninstallKB981793$\spuninst\tzchange.dll + 2010-06-09 23:11 . 2008-04-14 12:00 65024 c:\windows\$NtUninstallKB979482$\asycfilt.dll + 2010-08-11 23:54 . 2010-04-16 16:06 81920 c:\windows\$NtUninstallKB2183461$\ieencode.dll + 2010-08-11 23:49 . 2010-02-22 14:22 26488 c:\windows\$hf_mig$\KB982665\update\spcustom.dll + 2010-08-11 23:49 . 2010-02-22 14:22 18808 c:\windows\$hf_mig$\KB982665\spmsg.dll + 2010-06-17 14:00 . 2010-06-17 14:00 80384 c:\windows\$hf_mig$\KB982665\SP3QFE\iccvid.dll + 2010-06-12 16:56 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB982381\update\spcustom.dll + 2010-06-12 16:56 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB982381\spmsg.dll + 2010-04-16 15:59 . 2010-04-16 15:59 81920 c:\windows\$hf_mig$\KB982381\SP3QFE\ieencode.dll + 2010-08-11 23:54 . 2010-02-22 14:22 26488 c:\windows\$hf_mig$\KB982214\update\spcustom.dll + 2010-08-11 23:54 . 2010-02-22 14:22 18808 c:\windows\$hf_mig$\KB982214\spmsg.dll + 2010-08-11 23:49 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB981997\update\spcustom.dll + 2010-08-11 23:49 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB981997\spmsg.dll + 2010-08-11 23:54 . 2010-02-22 14:22 26488 c:\windows\$hf_mig$\KB981852\update\spcustom.dll + 2010-08-11 18:35 . 2010-06-17 13:45 16896 c:\windows\$hf_mig$\KB981852\update\mpsyschk.dll + 2010-08-11 23:54 . 2010-02-22 14:22 18808 c:\windows\$hf_mig$\KB981852\spmsg.dll + 2010-08-11 23:51 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB980436\update\spcustom.dll + 2010-08-11 23:51 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB980436\spmsg.dll + 2010-06-09 23:13 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB980218\update\spcustom.dll + 2010-06-09 23:13 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB980218\spmsg.dll + 2010-06-09 23:13 . 2008-07-08 13:00 26488 c:\windows\$hf_mig$\KB980195\update\spcustom.dll + 2010-06-09 23:13 . 2008-07-08 13:00 18808 c:\windows\$hf_mig$\KB980195\spmsg.dll + 2010-06-09 23:13 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB979559\update\spcustom.dll + 2010-06-09 23:13 . 2009-05-26 09:01 18808 c:\windows\$hf_mig$\KB979559\spmsg.dll + 2010-06-09 23:11 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB979482\update\spcustom.dll + 2010-06-09 23:11 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB979482\spmsg.dll + 2010-03-05 14:50 . 2010-03-05 14:50 65536 c:\windows\$hf_mig$\KB979482\SP3QFE\asycfilt.dll + 2010-06-09 23:11 . 2008-07-08 13:00 26488 c:\windows\$hf_mig$\KB975562\update\spcustom.dll + 2010-06-09 23:11 . 2008-07-08 13:00 18808 c:\windows\$hf_mig$\KB975562\spmsg.dll + 2010-08-04 00:37 . 2010-02-22 14:22 26488 c:\windows\$hf_mig$\KB2286198\update\spcustom.dll + 2010-08-04 00:37 . 2010-02-22 14:22 18808 c:\windows\$hf_mig$\KB2286198\spmsg.dll + 2010-07-19 22:15 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2229593\update\spcustom.dll + 2010-07-19 22:15 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB2229593\spmsg.dll + 2010-08-11 23:54 . 2010-02-22 14:22 26488 c:\windows\$hf_mig$\KB2183461\update\spcustom.dll + 2010-08-11 23:54 . 2010-02-22 14:22 18808 c:\windows\$hf_mig$\KB2183461\spmsg.dll + 2010-06-24 12:11 . 2010-06-24 12:11 81920 c:\windows\$hf_mig$\KB2183461\SP3QFE\ieencode.dll + 2010-08-11 23:51 . 2010-02-22 14:22 26488 c:\windows\$hf_mig$\KB2160329\update\spcustom.dll + 2010-08-11 23:51 . 2010-02-22 14:22 18808 c:\windows\$hf_mig$\KB2160329\spmsg.dll + 2010-08-11 23:54 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2115168\update\spcustom.dll + 2010-08-11 23:54 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB2115168\spmsg.dll + 2010-08-11 23:54 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2079403\update\spcustom.dll + 2010-08-11 23:54 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB2079403\spmsg.dll + 2010-08-11 23:53 . 2010-08-11 23:53 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll - 2009-10-18 19:23 . 2009-10-18 19:23 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll + 2010-08-27 06:58 . 2010-06-28 11:00 7168 c:\windows\system32\ZoneLabs\zlquarantine_loc0407.dll + 2010-08-27 06:58 . 2010-06-28 11:00 7168 c:\windows\system32\ZoneLabs\vsvault_loc0407.dll + 2010-08-27 06:58 . 2010-06-28 11:00 7168 c:\windows\system32\ZoneLabs\vsdb_loc0407.dll + 2010-08-27 06:58 . 2010-06-28 11:00 7168 c:\windows\system32\ZoneLabs\scheduler_loc0407.dll + 2010-08-27 06:58 . 2010-06-28 11:00 7168 c:\windows\system32\ZoneLabs\camupd_loc0407.dll - 2009-10-18 19:23 . 2009-10-18 19:23 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll + 2010-08-11 23:53 . 2010-08-11 23:53 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll + 2010-08-11 23:53 . 2010-08-11 23:53 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll - 2009-10-18 19:24 . 2009-10-18 19:24 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll + 2010-08-11 23:53 . 2010-08-11 23:53 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll - 2009-10-18 19:23 . 2009-10-18 19:23 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll - 2009-10-18 19:23 . 2009-10-18 19:23 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll + 2010-08-11 23:53 . 2010-08-11 23:53 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll + 2010-08-11 23:53 . 2010-08-11 23:53 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll - 2009-10-18 19:23 . 2009-10-18 19:23 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll + 2010-08-11 23:53 . 2010-08-11 23:53 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll - 2009-10-18 19:23 . 2009-10-18 19:23 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll + 2010-08-27 06:58 . 2010-06-28 10:59 141824 c:\windows\system32\ZoneLabs\zlupdate.dll + 2010-08-27 06:58 . 2010-06-28 10:59 173056 c:\windows\system32\ZoneLabs\vsvault.dll + 2010-08-27 06:58 . 2010-06-28 11:00 189440 c:\windows\system32\ZoneLabs\vsruledb_loc0407.dll + 2010-08-27 06:57 . 2010-06-28 10:59 211456 c:\windows\system32\ZoneLabs\vsdb.dll + 2010-08-27 06:58 . 2010-06-28 11:00 113664 c:\windows\system32\ZoneLabs\updClient_loc0407.dll + 2010-08-27 06:58 . 2007-10-11 14:51 832984 c:\windows\system32\ZoneLabs\updating.dll - 2009-07-03 08:40 . 2007-10-11 14:50 832984 c:\windows\system32\ZoneLabs\updating.dll + 2010-08-27 06:58 . 2010-06-28 10:59 434688 c:\windows\system32\ZoneLabs\ssleay32.dll + 2010-08-27 06:58 . 2010-06-28 10:59 135680 c:\windows\system32\ZoneLabs\scheduler.dll + 2010-08-27 06:58 . 2009-07-13 21:58 722392 c:\windows\system32\ZoneLabs\qrbase.dll + 2010-08-27 06:58 . 2010-06-28 11:00 126976 c:\windows\system32\ZoneLabs\lib\zui.zip.dll + 2010-08-27 06:58 . 2010-06-28 11:00 279040 c:\windows\system32\ZoneLabs\lib\TrayTest.zip.dll + 2010-08-27 06:58 . 2010-06-28 11:00 225792 c:\windows\system32\ZoneLabs\lib\Overview.zip.dll + 2010-08-27 06:58 . 2010-06-28 11:00 368640 c:\windows\system32\ZoneLabs\lib\LicenseUI.zip.dll + 2010-08-27 06:58 . 2010-06-28 11:00 184832 c:\windows\system32\ZoneLabs\lib\DashBoard.zip.dll + 2010-08-27 06:58 . 2010-06-28 11:00 375296 c:\windows\system32\ZoneLabs\lib\ConfigWizard.zip.dll + 2010-08-27 06:57 . 2010-02-08 06:41 595432 c:\windows\system32\ZoneLabs\icslta.dll + 2010-08-27 06:59 . 2010-05-04 12:04 284136 c:\windows\system32\ZoneLabs\ffapi.dll - 2009-07-03 08:42 . 2004-01-30 10:35 813568 c:\windows\system32\ZoneLabs\dbghelp.dll + 2009-07-03 08:42 . 2008-03-17 14:52 813568 c:\windows\system32\ZoneLabs\dbghelp.dll + 2010-07-28 12:31 . 2001-05-16 14:54 309616 c:\windows\system32\wmv8dmod.dll + 2010-08-27 06:57 . 2010-06-28 10:59 713728 c:\windows\system32\vsutil.dll + 2010-08-27 06:58 . 2010-06-28 10:59 302592 c:\windows\system32\vspubapi.dll + 2010-08-27 06:58 . 2010-06-28 10:59 107520 c:\windows\system32\vsmonapi.dll + 2010-08-27 06:57 . 2010-06-28 10:59 228864 c:\windows\system32\vsinit.dll + 2010-08-27 06:58 . 2010-05-13 08:02 532224 c:\windows\system32\vsdatant.sys + 2009-07-03 08:36 . 2010-06-28 10:59 112128 c:\windows\system32\vsdata.dll - 2008-04-14 12:00 . 2010-02-26 05:41 628736 c:\windows\system32\urlmon.dll + 2008-04-14 12:00 . 2010-06-24 12:10 628736 c:\windows\system32\urlmon.dll + 2004-08-10 06:50 . 2004-08-10 06:50 106561 c:\windows\system32\sipr.dll + 2010-03-30 22:10 . 2010-03-30 22:10 295264 c:\windows\system32\PresentationHost.exe + 2003-11-25 23:32 . 2003-11-25 23:32 123392 c:\windows\system32\pncrt.dll + 2008-04-14 12:00 . 2010-08-11 23:53 432356 c:\windows\system32\perfh009.dat - 2008-04-14 12:00 . 2010-03-31 07:04 432356 c:\windows\system32\perfh009.dat + 2004-04-20 22:00 . 2004-04-20 22:00 172032 c:\windows\system32\OptimFROG.dll + 2009-11-06 23:07 . 2009-11-06 23:07 297808 c:\windows\system32\mscoree.dll + 2009-07-27 11:44 . 2009-07-27 11:44 743944 c:\windows\system32\M-AudioDeltaControlPanel.exe + 2008-12-17 16:59 . 2008-12-17 16:59 560802 c:\windows\system32\libmplayer.dll - 2008-04-14 12:00 . 2010-02-26 05:41 251904 c:\windows\system32\iepeers.dll + 2008-04-14 12:00 . 2010-06-24 12:10 251904 c:\windows\system32\iepeers.dll + 2004-08-10 06:52 . 2004-08-10 06:52 241723 c:\windows\system32\hxltcolor.dll + 2008-12-17 17:41 . 2008-12-17 17:41 884237 c:\windows\system32\ff_x264.dll + 2008-12-17 17:17 . 2008-12-17 17:17 239247 c:\windows\system32\ff_theora.dll + 2004-10-03 17:50 . 2004-10-03 17:50 129024 c:\windows\system32\ff_mpeg2enc.dll + 2010-06-09 22:05 . 2009-07-27 11:44 302472 c:\windows\system32\DRVSTORE\MAudioDelt_C62DF34B2A974BD71D4CEF14F2291520F7ADD37D\MAudioDelta.sys + 2004-11-24 19:25 . 2004-11-24 19:25 335872 c:\windows\system32\drvc.dll + 2004-08-10 06:51 . 2004-08-10 06:51 176195 c:\windows\system32\drv2.dll + 2004-08-10 06:50 . 2004-08-10 06:50 102464 c:\windows\system32\drv1.dll + 2010-06-09 22:05 . 2009-07-27 11:44 302472 c:\windows\system32\drivers\MAudioDelta.sys + 2008-04-14 00:46 . 2008-04-13 22:46 141056 c:\windows\system32\drivers\ks.sys - 2008-04-14 00:46 . 2008-04-13 23:46 141056 c:\windows\system32\drivers\ks.sys + 2010-05-18 14:35 . 2010-05-18 14:35 197920 c:\windows\system32\dnssdX.dll + 2010-05-18 14:35 . 2010-05-18 14:35 107808 c:\windows\system32\dns-sd.exe + 2008-04-14 12:00 . 2010-06-24 12:10 672768 c:\windows\system32\dllcache\wininet.dll - 2008-04-14 12:00 . 2010-02-26 05:41 672768 c:\windows\system32\dllcache\wininet.dll - 2008-04-14 12:00 . 2010-02-26 05:41 628736 c:\windows\system32\dllcache\urlmon.dll + 2008-04-14 12:00 . 2010-06-24 12:10 628736 c:\windows\system32\dllcache\urlmon.dll + 2008-04-14 12:00 . 2010-06-21 15:27 354304 c:\windows\system32\dllcache\srv.sys + 2008-04-14 12:00 . 2010-06-30 12:28 149504 c:\windows\system32\dllcache\schannel.dll + 2008-04-14 00:46 . 2008-04-13 22:46 141056 c:\windows\system32\dllcache\ks.sys - 2008-04-14 00:46 . 2008-04-13 23:46 141056 c:\windows\system32\dllcache\ks.sys + 2008-04-14 12:00 . 2010-06-24 12:10 251904 c:\windows\system32\dllcache\iepeers.dll - 2008-04-14 12:00 . 2010-02-26 05:41 251904 c:\windows\system32\dllcache\iepeers.dll + 2009-07-02 17:48 . 2010-06-14 14:31 744448 c:\windows\system32\dllcache\helpsvc.exe - 2009-07-02 17:48 . 2008-04-14 12:00 744448 c:\windows\system32\dllcache\helpsvc.exe - 2008-04-14 12:00 . 2008-04-14 12:00 285696 c:\windows\system32\dllcache\atmfd.dll + 2008-04-14 12:00 . 2010-04-20 05:29 285696 c:\windows\system32\dllcache\atmfd.dll + 2009-07-27 11:44 . 2009-07-27 11:44 236040 c:\windows\system32\DeltaIITray.exe - 2009-08-26 16:54 . 2008-03-03 08:13 236040 c:\windows\system32\DeltaIITray.exe + 2008-04-14 12:00 . 2010-04-20 05:29 285696 c:\windows\system32\atmfd.dll - 2008-04-14 12:00 . 2008-04-14 12:00 285696 c:\windows\system32\atmfd.dll - 2009-07-02 17:48 . 2008-04-14 12:00 744448 c:\windows\pchealth\helpctr\binaries\HelpSvc.exe + 2009-07-02 17:48 . 2010-06-14 14:31 744448 c:\windows\pchealth\helpctr\binaries\helpsvc.exe + 2010-03-30 22:16 . 2010-03-30 22:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll + 2010-04-07 21:48 . 2010-04-07 21:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll + 2010-04-07 21:48 . 2010-04-07 21:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll - 2008-07-29 17:16 . 2008-07-29 17:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll + 2010-03-23 03:31 . 2010-03-23 03:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll + 2010-02-09 10:22 . 2010-02-09 10:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll - 2008-07-25 09:17 . 2008-07-25 09:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll + 2010-05-11 04:40 . 2010-05-11 04:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll + 2010-05-11 04:40 . 2010-05-11 04:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll - 2009-08-07 21:51 . 2009-08-07 21:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll + 2010-08-26 16:18 . 2010-08-26 16:18 807424 c:\windows\Installer\211367b.msi + 2010-02-24 22:14 . 2010-02-24 22:14 543232 c:\windows\Installer\184e326.msp + 2010-08-26 16:33 . 2010-08-26 16:33 372736 c:\windows\Installer\{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}\iTunesIco.exe + 2010-08-12 10:02 . 2010-08-12 10:02 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\a16b8bcca59515281688ec856c034698\WsatConfig.ni.exe + 2010-08-12 07:05 . 2010-08-12 07:05 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\672c4d8e3c33e309c1ed90fa4cb85aba\WindowsFormsIntegration.ni.dll + 2010-08-12 07:05 . 2010-08-12 07:05 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\cd91a32f4e36ccb2981c72c0d333e928\UIAutomationTypes.ni.dll + 2010-08-12 07:05 . 2010-08-12 07:05 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\9df760fdf8071c7b0de78f39de365e6a\UIAutomationClient.ni.dll + 2010-08-12 14:04 . 2010-08-12 14:04 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\ff53d5b5249a2841ee196294429f51cf\System.Xml.Linq.ni.dll + 2010-08-12 14:03 . 2010-08-12 14:03 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\5e16c279496a553c988c6199f0cee8aa\System.Web.Routing.ni.dll + 2010-08-12 14:03 . 2010-08-12 14:03 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\d0ae809162b55e2fa958739177476af8\System.Web.RegularExpressions.ni.dll + 2010-08-12 14:03 . 2010-08-12 14:03 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\720b28d81e987b889180b291ea19b821\System.Web.Extensions.Design.ni.dll + 2010-08-12 14:03 . 2010-08-12 14:03 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\da36fd678161cd3444ef547c894e3f35\System.Web.Entity.ni.dll + 2010-08-12 14:03 . 2010-08-12 14:03 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\49ae7c73fac8827123d5db1714c22599\System.Web.Entity.Design.ni.dll + 2010-08-12 14:03 . 2010-08-12 14:03 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ce3aa27d3c4c052845ac5abb1374defa\System.Web.DynamicData.ni.dll + 2010-08-12 14:03 . 2010-08-12 14:03 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\95fab896ef2af14876e3e1524379773b\System.Web.Abstractions.ni.dll + 2010-08-12 14:03 . 2010-08-12 14:03 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\26d5bf1f7e700c2c19aa9b1da5519b24\System.Transactions.ni.dll + 2010-08-12 14:03 . 2010-08-12 14:03 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll + 2010-08-12 10:02 . 2010-08-12 10:02 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\75e331a5d731d8e207be07adc06dec23\System.Security.ni.dll + 2010-08-12 14:02 . 2010-08-12 14:02 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dd7497aa089340600c8c5af8ab421ff7\System.Runtime.Serialization.Formatters.Soap.ni.dll + 2010-08-12 14:03 . 2010-08-12 14:03 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll + 2010-08-12 14:02 . 2010-08-12 14:02 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll + 2010-08-12 14:02 . 2010-08-12 14:02 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll + 2010-08-12 10:01 . 2010-08-12 10:01 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\4490976887e2e5a3b594041edbdf5064\System.IO.Log.ni.dll + 2010-08-12 10:01 . 2010-08-12 10:01 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\77b9f6f6671aaaeb84c6907d467e792c\System.IdentityModel.Selectors.ni.dll + 2010-08-12 14:02 . 2010-08-12 14:02 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.Wrapper.dll + 2010-08-12 14:02 . 2010-08-12 14:02 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.ni.dll + 2010-08-12 07:04 . 2010-08-12 07:04 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\90199b4aa63b1b9c8ed0c3de16eec824\System.Drawing.Design.ni.dll + 2010-08-12 14:02 . 2010-08-12 14:02 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll + 2010-08-12 14:02 . 2010-08-12 14:02 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7a823a4f61cf8c86aad02559f8fed07b\System.DirectoryServices.Protocols.ni.dll + 2010-08-12 14:02 . 2010-08-12 14:02 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll + 2010-08-12 14:02 . 2010-08-12 14:02 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll + 2010-08-12 14:02 . 2010-08-12 14:02 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\488c4017d45e861644a34fae557aa80f\System.Data.Entity.Design.ni.dll + 2010-08-12 14:01 . 2010-08-12 14:01 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\41345e34f26854fc1878eae3e4d5d4a5\System.Data.DataSetExtensions.ni.dll + 2010-08-12 10:02 . 2010-08-12 10:02 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll + 2010-08-12 14:02 . 2010-08-12 14:02 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\b48677ab9aa7a6830785f67b8478b4da\System.Configuration.Install.ni.dll + 2010-08-12 14:01 . 2010-08-12 14:01 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\93a0958d5557e2b380647af0171ad354\System.AddIn.ni.dll + 2010-08-12 10:02 . 2010-08-12 10:02 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d0758f84e927e3f0a15a6cde1b96d835\SMSvcHost.ni.exe + 2010-08-12 10:02 . 2010-08-12 10:02 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8043a108e3bb2d3dcc84b547b8085e99\SMDiagnostics.ni.dll + 2010-08-12 10:02 . 2010-08-12 10:02 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5aeb40ff7128df2881fb03c01d070b20\ServiceModelReg.ni.exe + 2010-08-12 07:04 . 2010-08-12 07:04 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e7e7321956e6822b1bf3691c35c842f6\PresentationFramework.Aero.ni.dll + 2010-08-12 07:04 . 2010-08-12 07:04 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a14488afff027f0f2985e659449097f5\PresentationFramework.Royale.ni.dll + 2010-08-12 07:04 . 2010-08-12 07:04 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\787e60c5dd562cb45887080095d2a3b7\PresentationFramework.Classic.ni.dll + 2010-08-12 07:04 . 2010-08-12 07:04 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2313ccc125dcb6a9800048ec1c51ec12\PresentationFramework.Luna.ni.dll + 2010-08-12 10:02 . 2010-08-12 10:02 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5db9c32d9f352162e6da220ca463db0d\MSBuild.ni.exe + 2010-08-12 10:02 . 2010-08-12 10:02 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fcf975f74bd134d8e0fa8f37c5bc6a8c\Microsoft.Transactions.Bridge.Dtc.ni.dll + 2010-08-12 10:02 . 2010-08-12 10:02 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d6b9038136600fbfbbbd7460dc19da19\Microsoft.Build.Utilities.ni.dll + 2010-08-12 10:02 . 2010-08-12 10:02 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\585cc7218599e7806521d0e737ba5ffb\Microsoft.Build.Utilities.v3.5.ni.dll + 2010-08-12 10:02 . 2010-08-12 10:02 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3057ec53731286e69e389d103c32fa41\Microsoft.Build.Engine.ni.dll + 2010-08-12 10:02 . 2010-08-12 10:02 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\914e338ac6e92714f3e32ae5d89bf03b\Microsoft.Build.Conversion.v3.5.ni.dll + 2010-08-12 10:02 . 2010-08-12 10:02 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\12ae6f3635448471fc9f7d8bfe39c67d\CustomMarshalers.ni.dll + 2010-08-12 10:02 . 2010-08-12 10:02 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\daca3c9ad6d867d3fec70d14b4f20cf3\ComSvcConfig.ni.exe + 2010-08-12 10:01 . 2010-08-12 10:01 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\56aec0938ef1bbdeca65b07a5fe8cd39\AspNetMMCExt.ni.dll - 2009-10-18 19:23 . 2009-10-18 19:23 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll + 2010-08-11 23:52 . 2010-08-11 23:52 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll - 2009-10-18 19:23 . 2009-10-18 19:23 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll + 2010-08-11 23:52 . 2010-08-11 23:52 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll - 2009-10-18 19:23 . 2009-10-18 19:23 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll + 2010-08-11 23:53 . 2010-08-11 23:53 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll + 2010-08-11 23:53 . 2010-08-11 23:53 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll - 2009-10-18 19:23 . 2009-10-18 19:23 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll + 2010-06-09 23:10 . 2010-06-09 23:10 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll - 2009-10-18 19:23 . 2009-10-18 19:23 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2010-08-11 23:53 . 2010-08-11 23:53 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2010-08-11 23:53 . 2010-08-11 23:53 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll - 2009-10-18 19:23 . 2009-10-18 19:23 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll + 2010-08-11 23:53 . 2010-08-11 23:53 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll - 2009-10-18 19:23 . 2009-10-18 19:23 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll + 2010-08-11 23:53 . 2010-08-11 23:53 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll - 2009-10-18 19:23 . 2009-10-18 19:23 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll + 2010-06-09 23:10 . 2010-06-09 23:10 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll - 2009-10-18 19:23 . 2009-10-18 19:23 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll + 2010-08-11 23:53 . 2010-08-11 23:53 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll + 2010-08-11 23:53 . 2010-08-11 23:53 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll - 2009-10-18 19:23 . 2009-10-18 19:23 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll + 2010-08-11 23:52 . 2010-08-11 23:52 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll - 2009-10-18 19:23 . 2009-10-18 19:23 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll + 2010-08-11 23:53 . 2010-08-11 23:53 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll - 2009-10-18 19:24 . 2009-10-18 19:24 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll + 2010-08-11 23:53 . 2010-08-11 23:53 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll - 2009-10-18 19:24 . 2009-10-18 19:24 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll - 2009-10-18 19:24 . 2009-10-18 19:24 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll + 2010-08-11 23:53 . 2010-08-11 23:53 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll + 2010-08-11 23:53 . 2010-08-11 23:53 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll - 2009-10-18 19:24 . 2009-10-18 19:24 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll + 2010-06-09 23:10 . 2010-06-09 23:10 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll - 2009-07-07 15:13 . 2009-07-07 15:13 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll - 2009-10-18 19:23 . 2009-10-18 19:23 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll + 2010-08-11 23:53 . 2010-08-11 23:53 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll + 2010-08-11 23:53 . 2010-08-11 23:53 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll - 2009-10-18 19:23 . 2009-10-18 19:23 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll - 2009-10-18 19:23 . 2009-10-18 19:23 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll + 2010-08-11 23:53 . 2010-08-11 23:53 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll + 2010-08-11 23:53 . 2010-08-11 23:53 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll - 2009-10-18 19:23 . 2009-10-18 19:23 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2010-08-11 23:53 . 2010-08-11 23:53 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll - 2009-10-18 19:23 . 2009-10-18 19:23 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll + 2010-08-11 23:53 . 2010-08-11 23:53 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll - 2009-10-18 19:23 . 2009-10-18 19:23 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll + 2010-08-11 23:52 . 2010-08-11 23:52 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll - 2009-10-18 19:23 . 2009-10-18 19:23 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll + 2010-08-11 23:53 . 2010-08-11 23:53 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll - 2009-10-18 19:23 . 2009-10-18 19:23 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll - 2009-10-18 19:23 . 2009-10-18 19:23 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll + 2010-08-11 23:53 . 2010-08-11 23:53 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll + 2010-08-11 23:53 . 2010-08-11 23:53 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2009-10-18 19:23 . 2009-10-18 19:23 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll + 2010-08-11 23:53 . 2010-08-11 23:53 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll - 2009-10-18 19:24 . 2009-10-18 19:24 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll + 2010-08-11 23:49 . 2010-02-22 14:22 388984 c:\windows\$NtUninstallKB982665$\spuninst\updspapi.dll + 2010-08-11 23:49 . 2010-02-22 14:22 234872 c:\windows\$NtUninstallKB982665$\spuninst\spuninst.exe + 2010-06-12 16:56 . 2010-02-26 05:41 672768 c:\windows\$NtUninstallKB982381$\wininet.dll + 2010-06-12 16:56 . 2010-02-26 05:41 628736 c:\windows\$NtUninstallKB982381$\urlmon.dll + 2010-06-12 16:56 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB982381$\spuninst\updspapi.dll + 2010-06-12 16:56 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB982381$\spuninst\spuninst.exe + 2010-06-12 16:56 . 2010-02-26 05:41 251904 c:\windows\$NtUninstallKB982381$\iepeers.dll + 2010-08-11 23:54 . 2009-12-31 16:50 353792 c:\windows\$NtUninstallKB982214$\srv.sys + 2010-08-11 23:54 . 2010-02-22 14:22 388984 c:\windows\$NtUninstallKB982214$\spuninst\updspapi.dll + 2010-08-11 23:54 . 2010-02-22 14:22 234872 c:\windows\$NtUninstallKB982214$\spuninst\spuninst.exe + 2010-08-11 23:49 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB981997$\spuninst\updspapi.dll + 2010-08-11 23:49 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB981997$\spuninst\spuninst.exe + 2010-08-11 23:54 . 2010-02-22 14:22 388984 c:\windows\$NtUninstallKB981852$\spuninst\updspapi.dll + 2010-08-11 23:54 . 2010-02-22 14:22 234872 c:\windows\$NtUninstallKB981852$\spuninst\spuninst.exe + 2010-06-09 23:13 . 2009-05-26 09:01 388984 c:\windows\$NtUninstallKB981793$\spuninst\updspapi.dll + 2010-06-09 23:13 . 2009-05-26 09:01 234872 c:\windows\$NtUninstallKB981793$\spuninst\spuninst.exe + 2010-08-11 23:51 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB980436$\spuninst\updspapi.dll + 2010-08-11 23:51 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB980436$\spuninst\spuninst.exe + 2010-08-11 23:51 . 2009-06-25 08:25 147456 c:\windows\$NtUninstallKB980436$\schannel.dll + 2010-06-09 23:13 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB980218$\spuninst\updspapi.dll + 2010-06-09 23:13 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB980218$\spuninst\spuninst.exe + 2010-06-09 23:13 . 2008-04-14 12:00 285696 c:\windows\$NtUninstallKB980218$\atmfd.dll + 2010-06-09 23:13 . 2008-07-08 13:00 388984 c:\windows\$NtUninstallKB980195$\spuninst\updspapi.dll + 2010-06-09 23:13 . 2008-07-08 13:00 234872 c:\windows\$NtUninstallKB980195$\spuninst\spuninst.exe + 2010-06-09 23:13 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB979559$\spuninst\updspapi.dll + 2010-06-09 23:13 . 2009-05-26 09:01 234872 c:\windows\$NtUninstallKB979559$\spuninst\spuninst.exe + 2010-06-09 23:11 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB979482$\spuninst\updspapi.dll + 2010-06-09 23:11 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB979482$\spuninst\spuninst.exe + 2010-06-09 23:11 . 2007-07-27 21:11 382840 c:\windows\$NtUninstallKB978695_WM9$\spuninst\updspapi.dll + 2010-06-09 23:11 . 2007-07-27 18:46 234872 c:\windows\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe + 2010-06-09 23:11 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB975562$\spuninst\updspapi.dll + 2010-06-09 23:11 . 2008-07-08 13:00 234872 c:\windows\$NtUninstallKB975562$\spuninst\spuninst.exe + 2010-07-29 01:00 . 2007-07-27 08:41 382840 c:\windows\$NtUninstallKB969878_WM9L$\spuninst\updspapi.dll + 2010-07-29 01:00 . 2007-07-27 06:16 234872 c:\windows\$NtUninstallKB969878_WM9L$\spuninst\spuninst.exe + 2010-08-04 00:37 . 2010-02-22 14:22 388984 c:\windows\$NtUninstallKB2286198$\spuninst\updspapi.dll + 2010-08-04 00:37 . 2010-02-22 14:22 234872 c:\windows\$NtUninstallKB2286198$\spuninst\spuninst.exe + 2010-07-19 22:15 . 2010-02-22 17:52 388984 c:\windows\$NtUninstallKB2229593$\spuninst\updspapi.dll + 2010-07-19 22:15 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB2229593$\spuninst\spuninst.exe + 2010-07-19 22:15 . 2008-04-14 12:00 744448 c:\windows\$NtUninstallKB2229593$\helpsvc.exe + 2010-08-11 23:54 . 2010-04-16 16:06 672768 c:\windows\$NtUninstallKB2183461$\wininet.dll + 2010-08-11 23:54 . 2010-04-16 16:06 628736 c:\windows\$NtUninstallKB2183461$\urlmon.dll + 2010-08-11 23:54 . 2010-02-22 14:22 388984 c:\windows\$NtUninstallKB2183461$\spuninst\updspapi.dll + 2010-08-11 23:54 . 2010-02-22 14:22 234872 c:\windows\$NtUninstallKB2183461$\spuninst\spuninst.exe + 2010-08-11 23:54 . 2010-04-16 16:06 251904 c:\windows\$NtUninstallKB2183461$\iepeers.dll + 2010-08-11 23:51 . 2010-02-22 14:22 388984 c:\windows\$NtUninstallKB2160329$\spuninst\updspapi.dll + 2010-08-11 23:51 . 2010-02-22 14:22 234872 c:\windows\$NtUninstallKB2160329$\spuninst\spuninst.exe + 2010-08-11 23:54 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB2115168$\spuninst\updspapi.dll + 2010-08-11 23:54 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB2115168$\spuninst\spuninst.exe + 2010-08-11 23:54 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB2079403$\spuninst\updspapi.dll + 2010-08-11 23:54 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB2079403$\spuninst\spuninst.exe + 2010-08-11 23:49 . 2010-02-22 14:22 388984 c:\windows\$hf_mig$\KB982665\update\updspapi.dll + 2010-08-11 23:49 . 2010-02-22 14:22 765304 c:\windows\$hf_mig$\KB982665\update\update.exe + 2010-08-11 23:49 . 2010-02-22 14:22 234872 c:\windows\$hf_mig$\KB982665\spuninst.exe + 2010-06-12 16:56 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB982381\update\updspapi.dll + 2010-06-12 16:56 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB982381\update\update.exe + 2010-06-12 16:56 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB982381\spuninst.exe + 2010-04-16 16:00 . 2010-04-16 16:00 674304 c:\windows\$hf_mig$\KB982381\SP3QFE\wininet.dll + 2010-04-16 16:00 . 2010-04-16 16:00 629760 c:\windows\$hf_mig$\KB982381\SP3QFE\urlmon.dll + 2010-04-16 16:00 . 2010-04-16 16:00 251904 c:\windows\$hf_mig$\KB982381\SP3QFE\iepeers.dll + 2010-08-11 23:54 . 2010-02-22 14:22 388984 c:\windows\$hf_mig$\KB982214\update\updspapi.dll + 2010-08-11 23:54 . 2010-02-22 14:22 765304 c:\windows\$hf_mig$\KB982214\update\update.exe + 2010-08-11 23:54 . 2010-02-22 14:22 234872 c:\windows\$hf_mig$\KB982214\spuninst.exe + 2010-08-11 18:35 . 2010-06-21 14:18 354304 c:\windows\$hf_mig$\KB982214\SP3QFE\srv.sys + 2010-08-11 23:49 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB981997\update\updspapi.dll + 2010-08-11 23:49 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB981997\update\update.exe + 2010-08-11 23:49 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB981997\spuninst.exe + 2010-08-11 23:54 . 2010-02-22 14:22 388984 c:\windows\$hf_mig$\KB981852\update\updspapi.dll + 2010-08-11 23:54 . 2010-02-22 14:22 765304 c:\windows\$hf_mig$\KB981852\update\update.exe + 2010-08-11 23:54 . 2010-02-22 14:22 234872 c:\windows\$hf_mig$\KB981852\spuninst.exe + 2010-08-11 23:51 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB980436\update\updspapi.dll + 2010-08-11 23:51 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB980436\update\update.exe + 2010-08-11 23:51 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB980436\spuninst.exe + 2010-06-30 12:23 . 2010-06-30 12:23 149504 c:\windows\$hf_mig$\KB980436\SP3QFE\schannel.dll + 2010-06-09 23:13 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB980218\update\updspapi.dll + 2010-06-09 23:13 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB980218\update\update.exe + 2010-06-09 23:13 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB980218\spuninst.exe + 2010-04-20 05:37 . 2010-04-20 05:37 285824 c:\windows\$hf_mig$\KB980218\SP3QFE\atmfd.dll + 2010-06-09 23:13 . 2008-07-08 13:00 388984 c:\windows\$hf_mig$\KB980195\update\updspapi.dll + 2010-06-09 23:13 . 2008-07-08 13:00 765304 c:\windows\$hf_mig$\KB980195\update\update.exe + 2010-06-09 23:13 . 2008-07-08 13:00 234872 c:\windows\$hf_mig$\KB980195\spuninst.exe + 2010-06-09 23:13 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB979559\update\updspapi.dll + 2010-06-09 23:13 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB979559\update\update.exe + 2010-06-09 23:13 . 2009-05-26 09:01 234872 c:\windows\$hf_mig$\KB979559\spuninst.exe + 2010-06-09 23:11 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB979482\update\updspapi.dll + 2010-06-09 23:11 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB979482\update\update.exe + 2010-06-09 23:11 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB979482\spuninst.exe + 2010-06-09 23:11 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB975562\update\updspapi.dll + 2010-06-09 23:11 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB975562\update\update.exe + 2010-06-09 23:11 . 2008-07-08 13:00 234872 c:\windows\$hf_mig$\KB975562\spuninst.exe + 2010-08-04 00:37 . 2010-02-22 14:22 388984 c:\windows\$hf_mig$\KB2286198\update\updspapi.dll + 2010-08-04 00:37 . 2010-02-22 14:22 765304 c:\windows\$hf_mig$\KB2286198\update\update.exe + 2010-08-04 00:37 . 2010-02-22 14:22 234872 c:\windows\$hf_mig$\KB2286198\spuninst.exe + 2010-07-19 22:15 . 2010-02-22 17:52 388984 c:\windows\$hf_mig$\KB2229593\update\updspapi.dll + 2010-07-19 22:15 . 2010-02-22 14:21 765304 c:\windows\$hf_mig$\KB2229593\update\update.exe + 2010-07-19 22:15 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB2229593\spuninst.exe + 2010-07-19 08:09 . 2010-06-14 14:38 744448 c:\windows\$hf_mig$\KB2229593\SP3QFE\helpsvc.exe + 2010-08-11 23:54 . 2010-02-22 14:22 388984 c:\windows\$hf_mig$\KB2183461\update\updspapi.dll + 2010-08-11 23:54 . 2010-02-22 14:22 765304 c:\windows\$hf_mig$\KB2183461\update\update.exe + 2010-08-11 23:54 . 2010-02-22 14:22 234872 c:\windows\$hf_mig$\KB2183461\spuninst.exe + 2010-06-24 12:11 . 2010-06-24 12:11 674304 c:\windows\$hf_mig$\KB2183461\SP3QFE\wininet.dll + 2010-06-24 12:11 . 2010-06-24 12:11 629760 c:\windows\$hf_mig$\KB2183461\SP3QFE\urlmon.dll + 2010-06-24 12:11 . 2010-06-24 12:11 251904 c:\windows\$hf_mig$\KB2183461\SP3QFE\iepeers.dll + 2010-08-11 23:51 . 2010-02-22 14:22 388984 c:\windows\$hf_mig$\KB2160329\update\updspapi.dll + 2010-08-11 23:51 . 2010-02-22 14:22 765304 c:\windows\$hf_mig$\KB2160329\update\update.exe + 2010-08-11 23:51 . 2010-02-22 14:22 234872 c:\windows\$hf_mig$\KB2160329\spuninst.exe + 2010-08-11 23:54 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB2115168\update\updspapi.dll + 2010-08-11 23:54 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB2115168\update\update.exe + 2010-08-11 23:54 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB2115168\spuninst.exe + 2010-08-11 23:54 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB2079403\update\updspapi.dll + 2010-08-11 23:54 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB2079403\update\update.exe + 2010-08-11 23:54 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB2079403\spuninst.exe + 2010-08-27 06:58 . 2010-06-28 10:59 1790464 c:\windows\system32\ZoneLabs\vsruledb.dll + 2010-08-27 06:58 . 2010-06-28 11:01 2435592 c:\windows\system32\ZoneLabs\vsmon.exe + 2010-08-27 06:58 . 2010-06-28 11:00 1536512 c:\windows\system32\ZoneLabs\lib\zpy.zip.dll + 2008-04-14 12:00 . 2010-04-08 12:03 2113536 c:\windows\system32\WMVCore.dll + 2010-07-28 12:31 . 2003-06-22 23:44 1415680 c:\windows\system32\wmv9vcm.dll + 2009-06-24 14:39 . 2009-06-24 14:39 1003520 c:\windows\system32\VSFilter.dll + 2009-10-23 08:28 . 2010-04-19 18:47 3062048 c:\windows\system32\usbaaplrc.dll + 2008-04-14 12:00 . 2010-07-27 06:29 8503296 c:\windows\system32\shell32.dll + 2008-04-14 12:00 . 2010-06-24 12:10 1509888 c:\windows\system32\shdocvw.dll - 2008-04-14 12:00 . 2010-03-10 04:33 1509888 c:\windows\system32\shdocvw.dll + 2010-08-26 16:20 . 2009-08-28 17:42 2065696 c:\windows\system32\ReinstallBackups\0005\DriverFiles\usbaaplrc.dll - 2008-04-14 12:00 . 2009-11-27 17:11 1297408 c:\windows\system32\quartz.dll + 2008-04-14 12:00 . 2010-02-05 18:25 1297408 c:\windows\system32\quartz.dll + 2009-07-27 11:44 . 2009-07-27 11:44 2515587 c:\windows\system32\pcifmdio.dll - 2008-04-14 12:00 . 2010-02-16 19:04 2148864 c:\windows\system32\ntoskrnl.exe + 2008-04-14 12:00 . 2010-04-28 05:41 2148864 c:\windows\system32\ntoskrnl.exe + 2008-04-14 07:30 . 2010-04-28 05:41 2027008 c:\windows\system32\ntkrnlpa.exe - 2008-04-14 07:30 . 2010-02-16 19:04 2027008 c:\windows\system32\ntkrnlpa.exe - 2008-04-14 12:00 . 2009-07-31 04:32 1172480 c:\windows\system32\msxml3.dll + 2008-04-14 12:00 . 2010-06-14 07:41 1172480 c:\windows\system32\msxml3.dll + 2008-04-14 12:00 . 2010-06-24 12:10 3094016 c:\windows\system32\mshtml.dll - 2008-04-14 12:00 . 2010-02-26 05:41 3094016 c:\windows\system32\mshtml.dll + 2008-12-19 15:15 . 2008-12-19 15:15 4338246 c:\windows\system32\libavcodec.dll - 2009-07-02 18:37 . 2009-11-13 16:03 1444464 c:\windows\system32\FNTCACHE.DAT + 2009-07-02 18:37 . 2010-08-12 07:01 1444464 c:\windows\system32\FNTCACHE.DAT + 2010-08-26 16:20 . 2010-04-19 18:47 3062048 c:\windows\system32\DRVSTORE\usbaapl_3822718F9E2E86C3752D30561ECA5A855A4A3F7D\usbaaplrc.dll + 2010-08-26 16:20 . 2010-04-19 18:29 1461992 c:\windows\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\wdfcoinstaller01009.dll + 2008-04-14 12:00 . 2010-04-08 12:03 2113536 c:\windows\system32\dllcache\WMVCore.dll + 2008-04-14 12:00 . 2010-06-24 09:02 1852032 c:\windows\system32\dllcache\win32k.sys + 2008-04-14 12:00 . 2010-07-27 06:29 8503296 c:\windows\system32\dllcache\shell32.dll - 2008-04-14 12:00 . 2010-03-10 04:33 1509888 c:\windows\system32\dllcache\shdocvw.dll + 2008-04-14 12:00 . 2010-06-24 12:10 1509888 c:\windows\system32\dllcache\shdocvw.dll - 2008-04-14 12:00 . 2009-11-27 17:11 1297408 c:\windows\system32\dllcache\quartz.dll + 2008-04-14 12:00 . 2010-02-05 18:25 1297408 c:\windows\system32\dllcache\quartz.dll - 2009-07-04 04:48 . 2010-02-17 12:04 2192256 c:\windows\system32\dllcache\ntoskrnl.exe + 2009-07-04 04:48 . 2010-04-28 18:11 2192256 c:\windows\system32\dllcache\ntoskrnl.exe + 2009-07-04 04:48 . 2010-04-28 05:41 2027008 c:\windows\system32\dllcache\ntkrpamp.exe - 2009-07-04 04:48 . 2010-02-16 19:04 2027008 c:\windows\system32\dllcache\ntkrpamp.exe - 2009-02-10 17:03 . 2010-02-16 19:04 2069120 c:\windows\system32\dllcache\ntkrnlpa.exe + 2009-02-10 17:03 . 2010-04-28 05:41 2069120 c:\windows\system32\dllcache\ntkrnlpa.exe - 2009-07-04 04:48 . 2010-02-16 19:04 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe + 2009-07-04 04:48 . 2010-04-28 05:41 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe + 2008-04-14 12:00 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll - 2008-04-14 12:00 . 2009-07-31 04:32 1172480 c:\windows\system32\dllcache\msxml3.dll - 2008-04-14 12:00 . 2010-02-26 05:41 3094016 c:\windows\system32\dllcache\mshtml.dll + 2008-04-14 12:00 . 2010-06-24 12:10 3094016 c:\windows\system32\dllcache\mshtml.dll - 2009-07-02 17:48 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe + 2009-07-02 17:48 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe + 2008-04-14 12:00 . 2010-06-24 12:10 1025024 c:\windows\system32\dllcache\browseui.dll - 2008-04-14 12:00 . 2010-03-10 04:33 1025024 c:\windows\system32\dllcache\browseui.dll + 2009-11-06 23:06 . 2009-11-06 23:06 1130824 c:\windows\system32\dfshim.dll + 2008-04-14 12:00 . 2010-06-24 12:10 1025024 c:\windows\system32\browseui.dll - 2008-04-14 12:00 . 2010-03-10 04:33 1025024 c:\windows\system32\browseui.dll + 2010-07-28 12:21 . 2002-12-20 11:06 3366912 c:\windows\RegisteredPackages\{60BFF50D-FB2C-4498-A577-C9548C390BB9}\moviemk.exe + 2010-04-07 21:48 . 2010-04-07 21:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll - 2008-11-25 02:59 . 2008-11-25 02:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll + 2010-03-23 03:32 . 2010-03-23 03:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll + 2010-03-23 03:32 . 2010-03-23 03:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll - 2009-08-07 21:51 . 2009-08-07 21:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll + 2010-05-11 04:40 . 2010-05-11 04:40 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll + 2010-05-11 04:40 . 2010-05-11 04:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll + 2009-11-08 22:25 . 2009-11-08 22:25 1935360 c:\windows\Installer\32bb073.msp + 2010-08-26 16:33 . 2010-08-26 16:33 5731328 c:\windows\Installer\21145d7.msi + 2010-08-26 16:25 . 2010-08-26 16:25 9472000 c:\windows\Installer\2113e3c.msi + 2010-08-26 16:20 . 2010-08-26 16:20 3089408 c:\windows\Installer\21136dd.msi + 2010-08-26 16:19 . 2010-08-26 16:19 1984000 c:\windows\Installer\21136a0.msi + 2010-04-11 20:17 . 2010-04-11 20:17 2607104 c:\windows\Installer\184e332.msp + 2010-04-11 20:17 . 2010-04-11 20:17 4210688 c:\windows\Installer\184e331.msp + 2010-07-28 12:21 . 2010-07-28 12:21 5914112 c:\windows\Installer\147bd12.msi + 2010-06-09 22:05 . 2010-06-09 22:05 1385472 c:\windows\Installer\146d4d9.msi - 2009-07-04 04:48 . 2010-02-17 12:04 2192256 c:\windows\Driver Cache\i386\ntoskrnl.exe + 2009-07-04 04:48 . 2010-04-28 18:11 2192256 c:\windows\Driver Cache\i386\ntoskrnl.exe - 2009-07-04 04:48 . 2010-02-16 19:04 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe + 2009-07-04 04:48 . 2010-04-28 05:41 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe + 2009-02-10 17:03 . 2010-04-28 05:41 2069120 c:\windows\Driver Cache\i386\ntkrnlpa.exe - 2009-02-10 17:03 . 2010-02-16 19:04 2069120 c:\windows\Driver Cache\i386\ntkrnlpa.exe - 2009-07-04 04:48 . 2010-02-16 19:04 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2009-07-04 04:48 . 2010-04-28 05:41 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2010-08-11 23:54 . 2010-08-11 23:54 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cec7ecb8eac09dd630d180ce87d23b80\WindowsBase.ni.dll + 2010-08-12 07:05 . 2010-08-12 07:05 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\b7f6e7b265f9aae807ddc4284563e550\UIAutomationClientsideProviders.ni.dll + 2010-08-11 23:54 . 2010-08-11 23:54 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll + 2010-08-12 07:05 . 2010-08-12 07:05 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll + 2010-08-12 14:04 . 2010-08-12 14:04 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\60b3c9a63b2065a6952d16256545c25d\System.WorkflowServices.ni.dll + 2010-08-12 14:04 . 2010-08-12 14:04 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5cc2a23ce8ac371c7a97b5e542ee27ed\System.Workflow.Runtime.ni.dll + 2010-08-12 14:04 . 2010-08-12 14:04 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c0aabf67e7ef98dc10c3e174c136731b\System.Workflow.ComponentModel.ni.dll + 2010-08-12 14:04 . 2010-08-12 14:04 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\66682c8a064608ba4ffd0463cf09aef9\System.Workflow.Activities.ni.dll + 2010-08-12 14:03 . 2010-08-12 14:03 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2d662564b8d9c57a34c588cc2970902b\System.Web.Services.ni.dll + 2010-08-12 14:03 . 2010-08-12 14:03 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\9b455702c9b7b02c5708406f87986751\System.Web.Mobile.ni.dll + 2010-08-12 14:03 . 2010-08-12 14:03 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\49c7a1c78ed9502ba97c11e6bd993f63\System.Web.Extensions.ni.dll + 2010-08-12 07:04 . 2010-08-12 07:04 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5eb08849d17b272ed2a393420cb0305b\System.Speech.ni.dll + 2010-08-12 14:03 . 2010-08-12 14:03 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\f5790a1b7b41e7b8d05f01b549c80f39\System.ServiceModel.Web.ni.dll + 2010-08-12 10:01 . 2010-08-12 10:01 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8061a0f5c1c2ee0549e19224352f67fa\System.Runtime.Serialization.ni.dll + 2010-08-12 07:04 . 2010-08-12 07:04 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\99767d4df92b83fdfb06012512722ec1\System.Printing.ni.dll + 2010-08-12 10:01 . 2010-08-12 10:01 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\0885f31c21b796465fde6297dba20981\System.IdentityModel.ni.dll + 2010-08-12 07:04 . 2010-08-12 07:04 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll + 2010-08-12 14:02 . 2010-08-12 14:02 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d20b7e58607ddb1ded9b687627ae8c21\System.DirectoryServices.ni.dll + 2010-08-12 14:02 . 2010-08-12 14:02 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\daa33674d4250e38a24b70180d209ac8\System.Deployment.ni.dll + 2010-08-12 07:04 . 2010-08-12 07:04 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f04ef00e652a8655a717639e8aeb7b63\System.Data.ni.dll + 2010-08-12 10:02 . 2010-08-12 10:02 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f0470c2be4e6bb1dadbeed43e4e8af5c\System.Data.SqlXml.ni.dll + 2010-08-12 14:02 . 2010-08-12 14:02 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\23cf0498f2ebe4c8ffa5cc79efca2dc5\System.Data.Services.ni.dll + 2010-08-12 07:04 . 2010-08-12 07:04 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c18c236a09e715138daec2e25be205bb\System.Data.Linq.ni.dll + 2010-08-12 14:02 . 2010-08-12 14:02 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6ce886492d9b6a34555be3f328682ec2\System.Data.Entity.ni.dll + 2010-08-12 07:04 . 2010-08-12 07:04 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\faeda674832135a080bc73eda51813ff\System.Core.ni.dll + 2010-08-12 07:04 . 2010-08-12 07:04 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\3e85c3d63ce3c3f37061aa626feb2a52\ReachFramework.ni.dll + 2010-08-12 07:04 . 2010-08-12 07:04 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\bf67db30179ff6e8cb1bdbaa290d122e\PresentationUI.ni.dll + 2010-08-11 23:54 . 2010-08-11 23:54 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\835786d8a0caabae09ad440f6e3abfc6\PresentationBuildTasks.ni.dll + 2010-08-12 14:01 . 2010-08-12 14:01 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\9732a7c993055f82040642966db07ccf\Microsoft.VisualBasic.ni.dll + 2010-08-12 10:02 . 2010-08-12 10:02 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\773d7bf69a9a0c0556aa41f53e75ab05\Microsoft.Transactions.Bridge.ni.dll + 2010-08-12 14:03 . 2010-08-12 14:03 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07efdb9da2a18e27585c604be\Microsoft.JScript.ni.dll + 2010-08-12 10:02 . 2010-08-12 10:02 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d0fb91b296616a1a844bf265947018ee\Microsoft.Build.Tasks.ni.dll + 2010-08-12 10:02 . 2010-08-12 10:02 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\892e993c8df1c75081113131dc429c15\Microsoft.Build.Tasks.v3.5.ni.dll + 2010-08-12 10:02 . 2010-08-12 10:02 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d0beebd2c9045158cdcd4bd5987b717b\Microsoft.Build.Engine.ni.dll + 2010-06-24 21:22 . 2010-06-24 21:22 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll + 2010-08-11 23:53 . 2010-08-11 23:53 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll + 2010-08-11 23:53 . 2010-08-11 23:53 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll - 2009-10-18 19:24 . 2009-10-18 19:24 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll - 2009-10-18 19:23 . 2009-10-18 19:23 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll + 2010-08-11 23:52 . 2010-08-11 23:52 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll + 2010-06-09 23:10 . 2010-06-09 23:10 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll - 2009-10-18 19:23 . 2009-10-18 19:23 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll + 2010-08-11 23:52 . 2010-08-11 23:52 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll + 2010-06-24 21:22 . 2010-06-24 21:22 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll - 2009-10-18 19:23 . 2009-10-18 19:23 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll + 2010-08-11 23:52 . 2010-08-11 23:52 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll + 2010-08-11 23:53 . 2010-08-11 23:53 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll - 2009-10-18 19:24 . 2009-10-18 19:24 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll + 2010-06-24 21:22 . 2010-06-24 21:22 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll - 2009-07-07 15:13 . 2009-07-07 15:13 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll + 2010-08-11 23:53 . 2010-08-11 23:53 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll + 2010-06-12 16:56 . 2010-03-10 04:33 1509888 c:\windows\$NtUninstallKB982381$\shdocvw.dll + 2010-06-12 16:56 . 2010-02-26 05:41 3094016 c:\windows\$NtUninstallKB982381$\mshtml.dll + 2010-06-12 16:56 . 2010-03-10 04:33 1025024 c:\windows\$NtUninstallKB982381$\browseui.dll + 2010-08-11 23:49 . 2009-10-23 15:28 3558912 c:\windows\$NtUninstallKB981997$\moviemk.exe + 2010-08-11 23:54 . 2010-02-16 19:04 2148864 c:\windows\$NtUninstallKB981852$\ntoskrnl.exe + 2010-08-11 23:54 . 2010-02-16 19:04 2027008 c:\windows\$NtUninstallKB981852$\ntkrpamp.exe + 2010-08-11 23:54 . 2010-02-16 19:04 2027008 c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe + 2010-08-11 23:54 . 2010-02-16 19:04 2148864 c:\windows\$NtUninstallKB981852$\ntkrnlmp.exe + 2010-06-09 23:13 . 2009-08-14 15:10 1850752 c:\windows\$NtUninstallKB979559$\win32k.sys + 2010-06-09 23:11 . 2009-05-26 14:53 2174976 c:\windows\$NtUninstallKB978695_WM9$\wmvcore.dll + 2010-06-09 23:11 . 2009-11-27 17:11 1297408 c:\windows\$NtUninstallKB975562$\quartz.dll + 2010-08-04 00:37 . 2008-06-17 19:00 8502272 c:\windows\$NtUninstallKB2286198$\shell32.dll + 2010-08-11 23:54 . 2010-04-16 16:06 1509888 c:\windows\$NtUninstallKB2183461$\shdocvw.dll + 2010-08-11 23:54 . 2010-04-16 16:06 3094016 c:\windows\$NtUninstallKB2183461$\mshtml.dll + 2010-08-11 23:54 . 2010-04-16 16:06 1025024 c:\windows\$NtUninstallKB2183461$\browseui.dll + 2010-08-11 23:51 . 2010-05-02 08:05 1851392 c:\windows\$NtUninstallKB2160329$\win32k.sys + 2010-08-11 23:54 . 2009-07-31 04:32 1172480 c:\windows\$NtUninstallKB2079403$\msxml3.dll + 2010-04-16 16:00 . 2010-04-16 16:00 1509888 c:\windows\$hf_mig$\KB982381\SP3QFE\shdocvw.dll + 2010-04-16 16:00 . 2010-04-16 16:00 3094528 c:\windows\$hf_mig$\KB982381\SP3QFE\mshtml.dll + 2010-04-16 15:59 . 2010-04-16 15:59 1025024 c:\windows\$hf_mig$\KB982381\SP3QFE\browseui.dll + 2010-08-11 18:35 . 2010-06-18 13:43 3558912 c:\windows\$hf_mig$\KB981997\SP3QFE\moviemk.exe + 2010-08-11 18:35 . 2010-04-28 05:15 2192384 c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe + 2010-08-11 18:35 . 2010-04-28 05:15 2027008 c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrpamp.exe + 2010-04-28 21:15 . 2010-04-28 21:15 2069248 c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe + 2010-08-11 18:35 . 2010-04-28 05:15 2148864 c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlmp.exe + 2010-05-02 08:00 . 2010-05-02 08:00 1860480 c:\windows\$hf_mig$\KB979559\SP3QFE\win32k.sys + 2010-02-05 18:28 . 2010-02-05 18:28 1297408 c:\windows\$hf_mig$\KB975562\SP3QFE\quartz.dll + 2010-07-27 06:27 . 2010-07-27 06:27 8504320 c:\windows\$hf_mig$\KB2286198\SP3QFE\shell32.dll + 2010-06-24 12:11 . 2010-06-24 12:11 1509888 c:\windows\$hf_mig$\KB2183461\SP3QFE\shdocvw.dll + 2010-06-24 12:11 . 2010-06-24 12:11 3094528 c:\windows\$hf_mig$\KB2183461\SP3QFE\mshtml.dll + 2010-06-24 12:11 . 2010-06-24 12:11 1025024 c:\windows\$hf_mig$\KB2183461\SP3QFE\browseui.dll + 2010-06-24 21:29 . 2010-06-24 21:29 1861248 c:\windows\$hf_mig$\KB2160329\SP3QFE\win32k.sys + 2010-06-14 07:39 . 2010-06-14 07:39 1172480 c:\windows\$hf_mig$\KB2079403\SP3QFE\msxml3.dll + 2009-07-16 07:49 . 2010-08-03 18:09 35962312 c:\windows\system32\MRT.exe + 2010-05-19 11:08 . 2010-05-19 11:08 11408896 c:\windows\Installer\373c7d5.msp + 2010-03-30 23:23 . 2010-03-30 23:23 15638528 c:\windows\Installer\32bb07f.msp + 2010-04-11 20:17 . 2010-04-11 20:17 14599680 c:\windows\Installer\184e340.msp + 2010-08-12 07:05 . 2010-08-12 07:05 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll + 2010-08-12 14:03 . 2010-08-12 14:03 11798016 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\411a627d6f5cb83509332253406988e5\System.Web.ni.dll + 2010-08-12 10:01 . 2010-08-12 10:01 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\f523a69e7c93ee4f245c996eac4b3a57\System.ServiceModel.ni.dll + 2010-08-12 07:04 . 2010-08-12 07:04 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\b307acf63075b997d02a97a7492d0d9c\System.Design.ni.dll + 2010-08-12 07:03 . 2010-08-12 07:04 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a632f3ef85ffd35341b383eed577cb93\PresentationFramework.ni.dll + 2010-08-12 07:03 . 2010-08-12 07:03 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f00db8db51f5707c7fe52c0683dc6136\PresentationCore.ni.dll + 2010-08-11 23:54 . 2010-08-11 23:54 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll . -- Snapshot auf jetziges Datum zur¸ckgesetzt -- . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Eintr‰ge & legitime Standardeintr‰ge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\programme\ZoneAlarm-Sicherheit\tbZone.dll" [2010-05-09 2517088] [HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}] 2010-05-09 09:50 2517088 ----a-w- c:\programme\ZoneAlarm-Sicherheit\tbZone.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\programme\ZoneAlarm-Sicherheit\tbZone.dll" [2010-05-09 2517088] [HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}"= "c:\programme\ZoneAlarm-Sicherheit\tbZone.dll" [2010-05-09 2517088] [HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Pro Agent"="c:\programme\DAEMON Tools Pro\DTProAgent.exe" [2009-04-09 228808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-01 5562368] "nwiz"="nwiz.exe" [2005-04-01 1495040] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-04-01 86016] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-08-21 114688] "snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392] "M-Audio Taskbar Icon"="c:\windows\system32\DeltaIITray.exe" [2009-07-27 236040] "QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-03-18 421888] "iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-07-21 141608] "ZoneAlarm Client"="c:\programme\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-28 1043968] "ISW"="c:\programme\CheckPoint\ZAForceField\ForceField.exe" [2010-06-15 738808] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\dokumente und einstellungen\All Users\StartmenÅ\Programme\Autostart\ RAID Manager.lnk - c:\programme\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe [2009-7-3 724992] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Programme\\Bonjour\\mDNSResponder.exe"= "c:\\Programme\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"= "c:\\Programme\\SoulseekNS\\slsk.exe"= "c:\\Programme\\Skype\\Phone\\Skype.exe"= R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [03.07.2009 14:40 26112] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [21.08.2009 14:32 64288] R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\programme\CheckPoint\ZAForceField\ISWKL.sys [15.06.2010 17:49 26872] R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\programme\CheckPoint\ZAForceField\ISWSVC.exe [15.06.2010 17:49 493048] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programme\McAfee\SiteAdvisor\McSACore.exe [03.07.2009 11:39 88176] R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [12.05.2005 14:39 1287296] R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\MAudioDelta.sys [10.06.2010 00:05 302472] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [31.01.2010 20:04 27632] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programme\Lavasoft\Ad-Aware\AAWService.exe [04.02.2010 17:52 1352832] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.07.2009 18:23 721904] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Inhalt des "geplante Tasks" Ordners 2010-09-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 17:03] . . ------- Zus‰tzlicher Suchlauf ------- . uInternet Settings,ProxyOverride = <local> FF - ProfilePath - c:\dokumente und einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\bhh2cfbb.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/ FF - component: c:\programme\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll FF - plugin: c:\dokumente und einstellungen\XXXX\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll FF - plugin: c:\programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); . - - - - Entfernte verwaiste Registrierungseintr‰ge - - - - HKLM-Run-EPSON Stylus D68 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE HKLM-Run-EPSON Stylus D68 Series (Kopie 1) - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE HKLM-Run-EPSON Stylus D68 Series_5000 - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2010-09-16 13:41 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteintr‰ge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x89B0BEC5]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf766bf28 \Driver\ACPI -> ACPI.sys @ 0xf75adcb8 \Driver\atapi -> atapi.sys @ 0xf74c5852 IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a ParseProcedure -> ntoskrnl.exe @ 0x80578f7a \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a ParseProcedure -> ntoskrnl.exe @ 0x80578f7a NDIS: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xf796fbb0 PacketIndicateHandler -> NDIS.sys @ 0xf797ca21 SendHandler -> NDIS.sys @ 0xf795a87b user & kernel MBR OK ************************************************************************** . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'winlogon.exe'(676) c:\programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll - - - - - - - > 'lsass.exe'(732) c:\programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll . Zeit der Fertigstellung: 2010-09-16 13:45:15 ComboFix-quarantined-files.txt 2010-09-16 11:45 ComboFix2.txt 2010-06-07 23:35 Vor Suchlauf: 12 Verzeichnis(se), 20.003.188.736 Bytes frei Nach Suchlauf: 14 Verzeichnis(se), 20.974.186.496 Bytes frei WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - F4EEB3D5A5ADA107D2E9CF1294F69139 Das wars. Jetzt bin ich mal gespannt.... |
16.09.2010, 13:30 | #7 |
| "Generic Host Process" Problem auf Win XP SP3 OK, zu guter letzt dann doch noch der OTL Log: ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UserFaultCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to Mp3 Converter\ deleted successfully. File C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm not found. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c7c99bc-9a44-11df-90ec-0013d4d25c43}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c7c99bc-9a44-11df-90ec-0013d4d25c43}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c7c99bc-9a44-11df-90ec-0013d4d25c43}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c7c99bc-9a44-11df-90ec-0013d4d25c43}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c7c99bc-9a44-11df-90ec-0013d4d25c43}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c7c99bc-9a44-11df-90ec-0013d4d25c43}\ not found. File F:\WD SmartWare.exe not found. ========== REGISTRY ========== OTL by OldTimer - Version 3.2.12.1 log created on 09162010_125112 |
16.09.2010, 13:54 | #8 | ||
| "Generic Host Process" Problem auf Win XP SP3 Hi, hast Du ein Betriebssystem-CD? Das bekommen wir sonst nicht weg: Zitat:
Dateien Online überprüfen lassen:
Code:
ATTFilter c:\windows\system32\DRIVERS\pci.sys
Versuche was zu finden: Lade SystemLook von einem der folgenden Links und speichere das Tool auf dem Desktop. http://jpshortstuff.247fixes.com/SystemLook.exe - http://images.malwareremoval.com/jps...SystemLook.exe
Code:
ATTFilter :filefind pci.sys
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert. Deine Firewall ist ausgeschaltet worden: Zitat:
Das GMER-Log gefällt mir ebenfalls nicht... TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Nach dem Start erscheint ein Fenster, dort dann "Start Scan". Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) Geändert von Chris4You (16.09.2010 um 14:03 Uhr) |
16.09.2010, 14:06 | #9 |
| "Generic Host Process" Problem auf Win XP SP3 OK, das sagt Virustotal über pci.sys: AhnLab-V3 2010.09.16.01 2010.09.16 - AntiVir 8.2.4.52 2010.09.16 - Antiy-AVL 2.0.3.7 2010.09.16 - Authentium 5.2.0.5 2010.09.16 - Avast 4.8.1351.0 2010.09.16 - Avast5 5.0.594.0 2010.09.16 - AVG 9.0.0.851 2010.09.16 - BitDefender 7.2 2010.09.16 - CAT-QuickHeal 11.00 2010.09.16 - ClamAV 0.96.2.0-git 2010.09.16 - Comodo 6097 2010.09.16 - DrWeb 5.0.2.03300 2010.09.16 - eSafe 7.0.17.0 2010.09.15 - eTrust-Vet 36.1.7859 2010.09.16 - F-Prot 4.6.1.107 2010.09.16 - F-Secure 9.0.15370.0 2010.09.16 - Fortinet 4.1.143.0 2010.09.16 - GData 21 2010.09.16 - Ikarus T3.1.1.88.0 2010.09.16 - Jiangmin 13.0.900 2010.09.16 - K7AntiVirus 9.63.2522 2010.09.15 - Kaspersky 7.0.0.125 2010.09.16 - McAfee 5.400.0.1158 2010.09.16 - McAfee-GW-Edition 2010.1C 2010.09.16 - Microsoft 1.6103 2010.09.16 - NOD32 5455 2010.09.16 - Norman 6.06.06 2010.09.15 - nProtect 2010-09-16.02 2010.09.16 - Panda 10.0.2.7 2010.09.16 - PCTools 7.0.3.5 2010.09.16 - Prevx 3.0 2010.09.16 - Rising 22.65.03.04 2010.09.16 - Sophos 4.57.0 2010.09.16 - Sunbelt 6882 2010.09.16 - SUPERAntiSpyware 4.40.0.1006 2010.09.16 - Symantec 20101.1.1.7 2010.09.16 - TheHacker 6.7.0.0.020 2010.09.16 - TrendMicro 9.120.0.1004 2010.09.16 - TrendMicro-HouseCall 9.120.0.1004 2010.09.16 - VBA32 3.12.14.0 2010.09.16 - ViRobot 2010.8.25.4006 2010.09.16 - VirusBuster 12.65.8.0 2010.09.15 - MD5 : 9e772adea078fa83a4c99bf76e375c13 SHA1 : 4a6eaea14a982aabccf645e64117927365a2156e SHA256: ca47dd0f496e31f908c239de52dff6c6376c25bf0a201a7cbccedba3ffa9ae22 Der System Look. txt liest sich dann wie folgt: SystemLook 04.09.10 by jpshortstuff Log created at 15:02 on 16/09/2010 by Peter Administrator - Elevation successful Invalid Context: filefilnd No Context: pci.sys -= EOF =- Glück im Unglück, ich habe tatsächlich ein original Windows samt CD Danke erstmal! |
16.09.2010, 14:16 | #10 |
| "Generic Host Process" Problem auf Win XP SP3 TDSSKiller scheint einen Volltreffer gehabt zu haben: 2010/09/16 15:10:16.0578 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44 2010/09/16 15:10:16.0578 ================================================================================ 2010/09/16 15:10:16.0578 SystemInfo: 2010/09/16 15:10:16.0578 2010/09/16 15:10:16.0578 OS Version: 5.1.2600 ServicePack: 3.0 2010/09/16 15:10:16.0578 Product type: Workstation 2010/09/16 15:10:16.0578 ComputerName: XXXX-C204A68EE 2010/09/16 15:10:16.0578 UserName: XXXX 2010/09/16 15:10:16.0578 Windows directory: C:\WINDOWS 2010/09/16 15:10:16.0578 System windows directory: C:\WINDOWS 2010/09/16 15:10:16.0578 Processor architecture: Intel x86 2010/09/16 15:10:16.0578 Number of processors: 2 2010/09/16 15:10:16.0578 Page size: 0x1000 2010/09/16 15:10:16.0578 Boot type: Normal boot 2010/09/16 15:10:16.0578 ================================================================================ 2010/09/16 15:10:16.0812 Initialize success 2010/09/16 15:10:20.0031 ================================================================================ 2010/09/16 15:10:20.0031 Scan started 2010/09/16 15:10:20.0031 Mode: Manual; 2010/09/16 15:10:20.0031 ================================================================================ 2010/09/16 15:10:21.0156 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/09/16 15:10:21.0203 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys 2010/09/16 15:10:21.0281 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2010/09/16 15:10:21.0312 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2010/09/16 15:10:21.0515 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2010/09/16 15:10:21.0796 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/09/16 15:10:21.0968 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/09/16 15:10:22.0046 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/09/16 15:10:22.0093 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/09/16 15:10:22.0156 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/09/16 15:10:22.0312 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/09/16 15:10:22.0359 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2010/09/16 15:10:22.0406 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/09/16 15:10:22.0437 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/09/16 15:10:22.0484 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/09/16 15:10:22.0640 cmudax (d7fcada6833a0e243ca89c03bd559bd9) C:\WINDOWS\system32\drivers\cmudax.sys 2010/09/16 15:10:22.0843 DELTAII (c5b7ac8d8a9237a2510a1092d19a5fa9) C:\WINDOWS\system32\DRIVERS\MAudioDelta.sys 2010/09/16 15:10:22.0890 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/09/16 15:10:22.0953 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys 2010/09/16 15:10:23.0046 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys 2010/09/16 15:10:23.0078 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/09/16 15:10:23.0140 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2010/09/16 15:10:23.0234 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/09/16 15:10:23.0296 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/09/16 15:10:23.0343 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2010/09/16 15:10:23.0359 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys 2010/09/16 15:10:23.0390 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2010/09/16 15:10:23.0453 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2010/09/16 15:10:23.0484 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/09/16 15:10:23.0515 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/09/16 15:10:23.0593 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys 2010/09/16 15:10:23.0640 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2010/09/16 15:10:23.0671 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/09/16 15:10:23.0734 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2010/09/16 15:10:23.0781 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/09/16 15:10:23.0875 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/09/16 15:10:23.0984 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/09/16 15:10:24.0015 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/09/16 15:10:24.0093 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys 2010/09/16 15:10:24.0125 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/09/16 15:10:24.0171 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2010/09/16 15:10:24.0203 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/09/16 15:10:24.0234 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/09/16 15:10:24.0281 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/09/16 15:10:24.0312 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/09/16 15:10:24.0359 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/09/16 15:10:24.0390 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/09/16 15:10:24.0515 ISWKL (7d546f37693797507bf3d9b318564774) C:\Programme\CheckPoint\ZAForceField\ISWKL.sys 2010/09/16 15:10:24.0562 iteraid (979836fc6dc05218b4e93e5ccea5654b) C:\WINDOWS\system32\DRIVERS\iteraid.sys 2010/09/16 15:10:24.0609 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/09/16 15:10:24.0671 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2010/09/16 15:10:24.0718 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/09/16 15:10:24.0781 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys 2010/09/16 15:10:24.0906 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/09/16 15:10:24.0953 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys 2010/09/16 15:10:24.0984 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/09/16 15:10:25.0046 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/09/16 15:10:25.0062 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/09/16 15:10:25.0125 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/09/16 15:10:25.0171 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/09/16 15:10:25.0218 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2010/09/16 15:10:25.0265 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/09/16 15:10:25.0296 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/09/16 15:10:25.0328 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/09/16 15:10:25.0375 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/09/16 15:10:25.0421 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2010/09/16 15:10:25.0468 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys 2010/09/16 15:10:25.0500 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2010/09/16 15:10:25.0531 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2010/09/16 15:10:25.0593 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2010/09/16 15:10:25.0625 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2010/09/16 15:10:25.0640 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/09/16 15:10:25.0718 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/09/16 15:10:25.0734 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/09/16 15:10:25.0765 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/09/16 15:10:25.0796 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/09/16 15:10:25.0828 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/09/16 15:10:25.0906 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2010/09/16 15:10:25.0953 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2010/09/16 15:10:26.0015 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/09/16 15:10:26.0062 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/09/16 15:10:26.0218 nv (f7ee020dc255b40a83899c53d4147746) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2010/09/16 15:10:26.0328 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/09/16 15:10:26.0359 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/09/16 15:10:26.0390 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2010/09/16 15:10:26.0437 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys 2010/09/16 15:10:26.0468 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/09/16 15:10:26.0515 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/09/16 15:10:26.0531 PCI (fee8866ae76ee58a51b92ac7daeebc3c) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/09/16 15:10:26.0531 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pci.sys. Real md5: fee8866ae76ee58a51b92ac7daeebc3c, Fake md5: 9e772adea078fa83a4c99bf76e375c13 2010/09/16 15:10:26.0546 PCI - detected Rootkit.Win32.TDSS.tdl3 (0) 2010/09/16 15:10:26.0609 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\drivers\PCIIde.sys 2010/09/16 15:10:26.0640 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys 2010/09/16 15:10:26.0875 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/09/16 15:10:26.0906 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/09/16 15:10:26.0937 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/09/16 15:10:27.0093 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/09/16 15:10:27.0125 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/09/16 15:10:27.0171 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/09/16 15:10:27.0187 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/09/16 15:10:27.0234 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/09/16 15:10:27.0265 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/09/16 15:10:27.0343 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/09/16 15:10:27.0390 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/09/16 15:10:27.0500 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/09/16 15:10:27.0531 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys 2010/09/16 15:10:27.0562 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2010/09/16 15:10:27.0593 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys 2010/09/16 15:10:27.0671 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2010/09/16 15:10:27.0765 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2010/09/16 15:10:28.0109 SNPSTD3 (11bb0e11d42cc3a43d741d9b30839be1) C:\WINDOWS\system32\DRIVERS\snpstd3.sys 2010/09/16 15:10:28.0531 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2010/09/16 15:10:28.0593 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys 2010/09/16 15:10:28.0671 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/09/16 15:10:28.0750 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/09/16 15:10:28.0812 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2010/09/16 15:10:28.0859 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/09/16 15:10:28.0890 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2010/09/16 15:10:29.0031 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/09/16 15:10:29.0093 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/09/16 15:10:29.0156 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/09/16 15:10:29.0187 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/09/16 15:10:29.0234 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/09/16 15:10:29.0343 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2010/09/16 15:10:29.0437 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2010/09/16 15:10:29.0500 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys 2010/09/16 15:10:29.0546 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2010/09/16 15:10:29.0578 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2010/09/16 15:10:29.0609 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/09/16 15:10:29.0671 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/09/16 15:10:29.0703 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2010/09/16 15:10:29.0750 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2010/09/16 15:10:29.0812 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/09/16 15:10:29.0843 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/09/16 15:10:29.0859 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2010/09/16 15:10:29.0937 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/09/16 15:10:30.0000 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/09/16 15:10:30.0093 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/09/16 15:10:30.0250 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2010/09/16 15:10:30.0328 yukonwxp (7578410b1512fad9c485b134561e8b78) C:\WINDOWS\system32\DRIVERS\yk51x86.sys 2010/09/16 15:10:30.0406 ================================================================================ 2010/09/16 15:10:30.0406 Scan finished 2010/09/16 15:10:30.0406 ================================================================================ 2010/09/16 15:10:30.0421 Detected object count: 1 2010/09/16 15:11:09.0468 PCI (fee8866ae76ee58a51b92ac7daeebc3c) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/09/16 15:11:09.0468 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pci.sys. Real md5: fee8866ae76ee58a51b92ac7daeebc3c, Fake md5: 9e772adea078fa83a4c99bf76e375c13 2010/09/16 15:11:11.0734 Backup copy found, using it.. 2010/09/16 15:11:11.0734 C:\WINDOWS\system32\DRIVERS\pci.sys - will be cured after reboot 2010/09/16 15:11:11.0734 Rootkit.Win32.TDSS.tdl3(PCI) - User select action: Cure 2010/09/16 15:11:21.0125 Deinitialize success |
16.09.2010, 14:18 | #11 |
| "Generic Host Process" Problem auf Win XP SP3 Hi, Du hast abgetippt, gell? Invalid Context: filefilnd Da muss ein : davor und filefind -> :filefind... Entweder wir haben einen Fehlalarm von CF vor uns, oder was gaaaanz Neues... (Ich versuche das mal zu prüfen).. Einstweilen: XP: sfc /scannow 1.) Start->ausführen cmd eingeben 2.) sfc /scannow eingeben 3.) XP-CD bereithalten, falls fehlerhafte Dateien gefunden werden (bei OEM-Rechnern befindet sich i. a. ein entsprechendes Verzeichnis bereits auf der Festplatte) 4.) warten... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
16.09.2010, 14:34 | #12 |
| "Generic Host Process" Problem auf Win XP SP3 haha, erwischt ich sitze hier mit dem macbook vor dem PC, der kommt mir im Moment nur noch für Virustotal ans Netz, den Rest transferiere ich mit Memorysticks hin und her; da hab ichs schnell abgetippt! SO hätte es wohl richtig aussehen sollen? SystemLook 04.09.10 by jpshortstuff Log created at 15:29 on 16/09/2010 by Peter Administrator - Elevation successful ========== filefind ========== Searching for "pci.sys" C:\WINDOWS\system32\drivers\pci.sys --a---- 68224 bytes [12:00 14/04/2008] [13:12 16/09/2010] 387E8DEDC343AA2D1EFBC30580273ACD -= EOF =- ---------------- sfc / scannow mache ich jetzt. Gibt es da dann auch ein Logfile, was ich posten soll? |
16.09.2010, 14:37 | #13 |
| "Generic Host Process" Problem auf Win XP SP3 Hi, ja, die Saubacken vom TDSS wiedermal... Es gibt tatsächlich kein Backup, lass den Killer mal weiterlaufen (Neu booten). Er wird versuchen die verseuchte Datei zu desinfizieren bzw. zu ersetzen... Lass mal das mit scannow, selbst wenn es funktioniert, wird die neue gleich wieder infiziert (der Rootkit läuft ja schon)... Ich frage mich nur, wo der Killer ein saubere Backup hernehmen will... Lege auf c: ein Unterverzeichnis I386 an und kopiere dann per Konsole (Start->ausführen cmd) die pci.sy_ in das eben angelegte Verzeichnis: copy CD-ROM-Laufwerksbuchstaben:\I386\pci.sy_ C:\I386, dann können wir sie noch auspacken expand CD-ROM-Laufwerksbuchstaben:\I386\pci.sy_ C:\I386\pci.sys. Sonst machen wir das über die Rettungskonsole, wenn was schief läuft... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) Geändert von Chris4You (16.09.2010 um 14:55 Uhr) |
16.09.2010, 14:47 | #14 |
| "Generic Host Process" Problem auf Win XP SP3 Scheint so, als ob wir jetzt in die Gefilde vordringen, von denen ich keine Ahnung mehr habe. Order C:\I386 habe ich also erstellt. Wenn ich das bei cmd.exe so reinschreibe, wie du es gemacht hast b - mit eckiger Klammer, dann bekomme ich die Meldung: "[b]copy" ist entweder falsch geschrieben oder konnte nicht gefunden werden... Geändert von mega.neon (16.09.2010 um 14:51 Uhr) Grund: vertippt |
16.09.2010, 14:55 | #15 |
| "Generic Host Process" Problem auf Win XP SP3 Hi, Formatfehler, habs geändert, besser verständlich? chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
Themen zu "Generic Host Process" Problem auf Win XP SP3 |
0x00000001, 7-zip, ad-aware, antivir, antivir guard, any video converter, audacity, avgntflt.sys, avira, checkpoint, components, conduit, desktop, email, firefox, firefox.exe, generic host process, hijack, hijack this, hijackthis, hkus\s-1-5-18, home, location, mozilla thunderbird, mp3, nicht mehr öffnen, nodrives, ntdll.dll, oldtimer, otl logfile, plug-in, problem, saver, scan, searchplugins, security, shell32.dll, siteadvisor, software, sptd.sys, system, trojaner, video converter, virus, vlc media player, win 32, windows, windows xp, wma, wurm |