|
Plagegeister aller Art und deren Bekämpfung: appconf32.exe und die (wahrscheinlich) nicht ganz richtige VorgehensweiseWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
15.04.2011, 09:34 | #1 |
| appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise Erstmal möchte ich ein Hallo in die Runde werfen, da dies mein erster Post hier auf dem Board ist. Nun zu meinem Problem: Gestern gab mir Avast die Warnung, dass o.g. Datei gefunden wurde. Ich habe diese löschen lassen und danach so einige Lösungsschritte vorgenommen welche ich auf diversen Seiten im Internet gefunden habe. Einer der Threats die ich wiederfinden konnte war dieser hier (ich poste den mal auch wenn es aus einem anderen Forum stammt, damit nachvollzogen werden kann welche Schritte ich bisher unternommen habe) hxxp://forum.avira.com/wbb/index.php?page=Thread&threadID=116658 Da ich vorhin dann mal hier genauer im Forum rumgeschaut habe und feststellte, dass es selten eine gute Idee ist die Lösungswege für solche Probleme anderer User blind nachzuvollziehen und ich dementsprechend vielleicht nicht die schlauste Variante gewählt habe, hab ich mich dazu entschieden mein Problem zu schildern in der Hoffnung, dass mir jemand dabei helfen kann zu klären ob mein System sauber ist, oder was ich dazu noch unternehmen muss. //edit: Falls das relevant ist: OS ist Windows XP SP3 Ich versuche mal chronologisch aufzulisten was ich bisher getan habe: Gestern: Avast: Datei gelöscht Avast Scan ohne Ergebnis MBAM Scan: 15 infizierte Objekte, Log ist im Anhang Hitman Pro 3.5: da meine kostenlose Lizenz abgelaufen ist wurden die Probleme nur angezeigt und nicht gefixt, es handelte sich dabei aber lediglich um einige Tracking-Cookies CCleaner: Temporäre Dateien entfernt und Registry bereinigt (um heute zu lesen, dass zweiteres keine besonders gute Idee ist) Combofix: nach o.g. Threat, Log ist im Anhang MBAM Scan: 0 infizierte Objekte, Log ist im Anhang Heute: entsprechend http://www.trojaner-board.de/69886-a...-beachten.html MBAM Scan: 0 infizierte Objekte, Log ist im Anhang OTL Scan: Log ist im Anhang Ich hoffe ich habe mich an alles erinnert, möchte aber nicht ausschließen, dass ich etwas vergessen habe :S Ich möchte mich schonmal im Voraus bedanken, falls sich jemand meines Problems annimmt. MfG Geändert von qupapa (15.04.2011 um 09:46 Uhr) |
15.04.2011, 11:53 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | appconf32.exe und die (wahrscheinlich) nicht ganz richtige VorgehensweiseZitat:
__________________ |
15.04.2011, 12:35 | #3 |
| appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise Niemand, wie gesagt ich habe die Lösungen nur grob überflogen und nach dem "Viel-hilft-viel" Prinzip so ziemlich alles gemacht was irgendwo stand.
__________________Dass dies nicht die schlauste Variante war ist mir inzwischen klar. Auf Combofix gestossen bin ich in o.g. Thread aus dem Avira Forum |
15.04.2011, 13:48 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise Dann poste wenigstens das Logfile!
__________________ Logfiles bitte immer in CODE-Tags posten |
15.04.2011, 14:01 | #5 |
| appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise Ist das nicht die ComboFix.txt in der angehängten Datei? Falls nicht, wo finde ich die denn ansonsten? Tut mir leid, falls ich unnötige Umstände verursachen sollte ... |
15.04.2011, 14:18 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise Sry, das Log ist mir entgangen
__________________ --> appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise |
15.04.2011, 14:20 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Kilaoa\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Kilaoa\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.01.17 16:05:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] [2011.03.21 11:35:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kilaoa\Anwendungsdaten\269511 [2011.03.21 11:35:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kilaoa\Anwendungsdaten\106311 :Files c:\windows\system32\5015 :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
15.04.2011, 14:57 | #8 |
| appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise Ok, danke schon mal soweit. Hier die OTL-Log Code:
ATTFilter All processes killed ========== OTL ========== Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0\ deleted successfully. File About:Home not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General\\WallPaper deleted successfully. C:\Dokumente und Einstellungen\Kilaoa\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General\\BackupWallPaper deleted successfully. File C:\Dokumente und Einstellungen\Kilaoa\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\ deleted successfully. C:\Programme\SUPERAntiSpyware\SASSEH.DLL moved successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\AUTOEXEC.BAT moved successfully. C:\Dokumente und Einstellungen\Kilaoa\Anwendungsdaten\269511 folder moved successfully. C:\Dokumente und Einstellungen\Kilaoa\Anwendungsdaten\106311 folder moved successfully. ========== FILES ========== c:\windows\system32\5015\components folder moved successfully. c:\windows\system32\5015 folder moved successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Kilaoa ->Temp folder emptied: 1441928 bytes ->Temporary Internet Files folder emptied: 538764 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 91864852 bytes ->Google Chrome cache emptied: 0 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 1102 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 38976 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 90,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04152011_154918 Files\Folders moved on Reboot... File\Folder C:\WINDOWS\temp\Perflib_Perfdata_65c.dat not found! Registry entries deleted on Reboot... |
15.04.2011, 15:03 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Falls du durch die Infektion auf die Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
15.04.2011, 15:12 | #10 |
| appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise Auf Dokumente und Einstellungen konnte ich ohne Probleme zugreifen. Hier die Log von TDSSKiller: Code:
ATTFilter 2011/04/15 16:06:34.0109 2584 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/15 16:06:34.0343 2584 ================================================================================ 2011/04/15 16:06:34.0343 2584 SystemInfo: 2011/04/15 16:06:34.0343 2584 2011/04/15 16:06:34.0343 2584 OS Version: 5.1.2600 ServicePack: 3.0 2011/04/15 16:06:34.0343 2584 Product type: Workstation 2011/04/15 16:06:34.0343 2584 ComputerName: KILAO 2011/04/15 16:06:34.0343 2584 UserName: Kilaoa 2011/04/15 16:06:34.0343 2584 Windows directory: C:\WINDOWS 2011/04/15 16:06:34.0343 2584 System windows directory: C:\WINDOWS 2011/04/15 16:06:34.0343 2584 Processor architecture: Intel x86 2011/04/15 16:06:34.0343 2584 Number of processors: 2 2011/04/15 16:06:34.0343 2584 Page size: 0x1000 2011/04/15 16:06:34.0343 2584 Boot type: Normal boot 2011/04/15 16:06:34.0343 2584 ================================================================================ 2011/04/15 16:06:34.0812 2584 Initialize success 2011/04/15 16:09:47.0687 1704 ================================================================================ 2011/04/15 16:09:47.0687 1704 Scan started 2011/04/15 16:09:47.0687 1704 Mode: Manual; 2011/04/15 16:09:47.0687 1704 ================================================================================ 2011/04/15 16:09:48.0156 1704 Aavmker4 (2ccfa74242741ca22a4267cce9b586f4) C:\WINDOWS\system32\drivers\Aavmker4.sys 2011/04/15 16:09:48.0234 1704 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/04/15 16:09:48.0250 1704 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/04/15 16:09:48.0296 1704 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/04/15 16:09:48.0328 1704 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys 2011/04/15 16:09:48.0421 1704 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/04/15 16:09:48.0500 1704 aswFsBlk (b4079a98f294a3e262872cb76f4849f0) C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys 2011/04/15 16:09:48.0515 1704 aswMon2 (dbee7b5ecb50fc2cf9323f52cbf41141) C:\WINDOWS\system32\drivers\aswMon2.sys 2011/04/15 16:09:48.0531 1704 aswRdr (8080d683489c99cbace813f6fa4069cc) C:\WINDOWS\system32\drivers\aswRdr.sys 2011/04/15 16:09:48.0546 1704 aswSP (2e5a2ad5004b55df39b7606130a88142) C:\WINDOWS\system32\drivers\aswSP.sys 2011/04/15 16:09:48.0578 1704 aswTdi (d4c83a37efadfa2c398362e0776e3773) C:\WINDOWS\system32\drivers\aswTdi.sys 2011/04/15 16:09:48.0593 1704 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/04/15 16:09:48.0609 1704 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/04/15 16:09:48.0640 1704 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/04/15 16:09:48.0671 1704 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/04/15 16:09:48.0718 1704 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/04/15 16:09:48.0750 1704 BLKWGU(Belkin) (ed910b63a75863a89aab65f2763d5b71) C:\WINDOWS\system32\DRIVERS\BLKWGU.sys 2011/04/15 16:09:48.0796 1704 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/04/15 16:09:48.0828 1704 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/04/15 16:09:48.0828 1704 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/04/15 16:09:48.0859 1704 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/04/15 16:09:48.0937 1704 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/04/15 16:09:49.0015 1704 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys 2011/04/15 16:09:49.0046 1704 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys 2011/04/15 16:09:49.0062 1704 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/04/15 16:09:49.0093 1704 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/04/15 16:09:49.0140 1704 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/04/15 16:09:49.0203 1704 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/04/15 16:09:49.0234 1704 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/04/15 16:09:49.0250 1704 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys 2011/04/15 16:09:49.0265 1704 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/04/15 16:09:49.0296 1704 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/04/15 16:09:49.0312 1704 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/04/15 16:09:49.0328 1704 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/04/15 16:09:49.0328 1704 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys 2011/04/15 16:09:49.0359 1704 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/04/15 16:09:49.0375 1704 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/04/15 16:09:49.0406 1704 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/04/15 16:09:49.0453 1704 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/04/15 16:09:49.0484 1704 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\drivers\i8042prt.sys 2011/04/15 16:09:49.0500 1704 iaStor (88b1943ecff661f765228099138cf6ab) C:\WINDOWS\system32\drivers\iaStor.sys 2011/04/15 16:09:49.0531 1704 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/04/15 16:09:49.0656 1704 IntcAzAudAddService (909d03b3b7fb7c830b74f74f4d0ea7ce) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/04/15 16:09:49.0687 1704 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/04/15 16:09:49.0718 1704 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/04/15 16:09:49.0750 1704 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/04/15 16:09:49.0765 1704 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/04/15 16:09:49.0781 1704 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/04/15 16:09:49.0796 1704 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/04/15 16:09:49.0812 1704 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/04/15 16:09:49.0843 1704 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/04/15 16:09:49.0875 1704 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/04/15 16:09:49.0875 1704 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/04/15 16:09:49.0906 1704 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/04/15 16:09:49.0937 1704 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/04/15 16:09:50.0000 1704 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/04/15 16:09:50.0015 1704 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys 2011/04/15 16:09:50.0031 1704 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/04/15 16:09:50.0046 1704 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/04/15 16:09:50.0062 1704 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/04/15 16:09:50.0093 1704 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/04/15 16:09:50.0125 1704 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/04/15 16:09:50.0171 1704 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/04/15 16:09:50.0203 1704 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/04/15 16:09:50.0218 1704 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/04/15 16:09:50.0234 1704 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/04/15 16:09:50.0265 1704 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/04/15 16:09:50.0265 1704 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/04/15 16:09:50.0296 1704 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/04/15 16:09:50.0312 1704 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/04/15 16:09:50.0328 1704 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/04/15 16:09:50.0328 1704 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/04/15 16:09:50.0359 1704 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/04/15 16:09:50.0375 1704 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/04/15 16:09:50.0406 1704 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/04/15 16:09:50.0437 1704 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/04/15 16:09:50.0453 1704 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/04/15 16:09:50.0484 1704 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/04/15 16:09:50.0500 1704 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/04/15 16:09:50.0718 1704 nv (cd9ed87b4fc6ec41d3b5be0b923843fc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/04/15 16:09:51.0031 1704 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/04/15 16:09:51.0187 1704 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/04/15 16:09:51.0218 1704 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/04/15 16:09:51.0250 1704 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/04/15 16:09:51.0265 1704 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/04/15 16:09:51.0296 1704 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/04/15 16:09:51.0312 1704 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/04/15 16:09:51.0343 1704 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/04/15 16:09:51.0375 1704 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/04/15 16:09:51.0484 1704 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/04/15 16:09:51.0500 1704 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/04/15 16:09:51.0515 1704 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/04/15 16:09:51.0546 1704 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/04/15 16:09:51.0625 1704 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/04/15 16:09:51.0656 1704 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/04/15 16:09:51.0671 1704 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/04/15 16:09:51.0671 1704 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/04/15 16:09:51.0703 1704 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/04/15 16:09:51.0718 1704 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/04/15 16:09:51.0750 1704 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/04/15 16:09:51.0781 1704 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/04/15 16:09:51.0828 1704 RTL8023xp (d6e1b1bd04fad422af17fc4b810cb9af) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 2011/04/15 16:09:51.0968 1704 SANDRA (230fd3749904ca045ea5ec0aa14006e9) C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP1\WNt500x86\Sandra.sys 2011/04/15 16:09:52.0000 1704 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS 2011/04/15 16:09:52.0031 1704 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Programme\SUPERAntiSpyware\SASENUM.SYS 2011/04/15 16:09:52.0046 1704 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS 2011/04/15 16:09:52.0078 1704 SCREAMINGBDRIVER (a689d522eedf89401e1da2fe883aa7ec) C:\WINDOWS\system32\drivers\ScreamingBAudio.sys 2011/04/15 16:09:52.0109 1704 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/04/15 16:09:52.0125 1704 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/04/15 16:09:52.0140 1704 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/04/15 16:09:52.0203 1704 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/04/15 16:09:52.0265 1704 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/04/15 16:09:52.0281 1704 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/04/15 16:09:52.0328 1704 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/04/15 16:09:52.0359 1704 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/04/15 16:09:52.0375 1704 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/04/15 16:09:52.0453 1704 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/04/15 16:09:52.0500 1704 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/04/15 16:09:52.0531 1704 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/04/15 16:09:52.0546 1704 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/04/15 16:09:52.0562 1704 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/04/15 16:09:52.0609 1704 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/04/15 16:09:52.0656 1704 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/04/15 16:09:52.0687 1704 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/04/15 16:09:52.0718 1704 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/04/15 16:09:52.0734 1704 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/04/15 16:09:52.0765 1704 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/04/15 16:09:52.0781 1704 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/04/15 16:09:52.0812 1704 VCSVADHWSer (b2abab4ca46bad182e27763dc19c780f) C:\WINDOWS\system32\DRIVERS\vcsvad.sys 2011/04/15 16:09:52.0828 1704 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/04/15 16:09:52.0875 1704 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/04/15 16:09:52.0890 1704 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/04/15 16:09:52.0953 1704 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/04/15 16:09:53.0031 1704 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys 2011/04/15 16:09:53.0171 1704 ================================================================================ 2011/04/15 16:09:53.0171 1704 Scan finished 2011/04/15 16:09:53.0171 1704 ================================================================================ |
15.04.2011, 17:44 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
15.04.2011, 19:28 | #12 |
| appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise Done. Kann es sein, dass ComboFix meinen Standardbrowser geändert hat? So oder so, hier die Log: Code:
ATTFilter ComboFix 11-04-14.03 - Kilaoa 15.04.2011 20:21:15.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.2047.1565 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\Kilaoa\Desktop\CoFi.exe AV: avast! antivirus 4.8.1368 [VPS 110415-0] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((( Dateien erstellt von 2011-03-15 bis 2011-04-15 )))))))))))))))))))))))))))))) . . 2011-04-15 07:19 . 2011-04-15 07:19 -------- d-----w- C:\_OTL 2011-04-13 08:29 . 2011-04-13 08:29 -------- d-----w- c:\dokumente und einstellungen\Kilaoa\Lokale Einstellungen\Anwendungsdaten\Opera 2011-04-13 08:29 . 2011-04-13 08:29 -------- d-----w- c:\programme\Opera 2011-04-13 07:21 . 2011-04-13 07:21 -------- d-----w- c:\dokumente und einstellungen\Kilaoa\Lokale Einstellungen\Anwendungsdaten\Chromium 2011-04-13 07:21 . 2011-04-13 07:21 -------- d-----w- c:\programme\SRWare Iron 2011-04-12 21:17 . 2011-04-12 21:18 -------- d-----w- c:\programme\FileZilla FTP Client 2011-04-06 08:11 . 2011-04-06 08:39 -------- d-----w- c:\programme\Google 2011-04-05 10:41 . 2011-04-05 10:41 -------- d--h--w- c:\windows\PIF 2011-03-18 08:28 . 2011-03-18 08:28 -------- d-----w- C:\msstyle 2011-03-17 10:00 . 2011-03-17 10:00 -------- d-----w- c:\dokumente und einstellungen\Kilaoa\Anwendungsdaten\CAD-KAS 2011-03-17 09:59 . 2011-03-20 11:29 -------- d-----w- c:\programme\PDF Editor 3 2011-03-17 09:59 . 2011-03-17 09:59 80896 ----a-w- c:\windows\cadkasdeinst01.exe . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-14 15:42 . 2011-02-16 13:07 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-03-21 22:03 . 2011-02-10 12:11 1629 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\xml12F.tmp 2011-03-21 22:03 . 2011-02-10 12:11 14229 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\xml12E.tmp 2011-03-21 22:03 . 2011-02-10 12:11 8114 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\xml12D.tmp 2011-03-07 05:33 . 2010-01-17 14:03 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:36 . 2003-04-02 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:53 . 2003-04-02 12:00 1858048 ----a-w- c:\windows\system32\win32k.sys 2011-02-22 23:05 . 2003-04-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-02-22 23:05 . 2003-04-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2011-02-22 23:05 . 2003-04-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-02-22 11:41 . 2010-01-17 15:22 385024 ----a-w- c:\windows\system32\html.iec 2011-02-17 13:18 . 2003-04-02 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-02-17 13:18 . 2003-04-02 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys 2011-02-17 12:54 . 2008-05-05 06:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll 2011-02-15 12:56 . 2003-04-02 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll 2011-02-10 15:40 . 2011-02-10 15:40 7952 ----a-w- c:\windows\system32\OODDRMBS.EXE 2011-02-09 13:53 . 2003-04-02 12:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2003-04-02 12:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-08 13:33 . 2003-04-02 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll 2011-02-08 13:33 . 2003-04-02 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll 2011-02-08 01:16 . 2011-02-08 01:16 922112 ------w- c:\windows\system32\imapi2fs.dll 2011-02-08 01:16 . 2011-02-08 01:16 426496 ------w- c:\windows\system32\imapi2.dll 2011-02-02 07:58 . 2010-01-17 14:02 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2010-01-17 14:02 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2003-04-02 12:00 440832 ----a-w- c:\windows\system32\shimgvw.dll 2011-03-18 17:56 . 2011-03-13 16:10 142296 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-04-14_16.54.37 ))))))))))))))))))))))))))))))))))))))))) . + 2011-04-15 15:45 . 2011-04-15 15:45 16384 c:\windows\Temp\Perflib_Perfdata_66c.dat + 2003-04-02 12:00 . 2011-04-15 13:10 84844 c:\windows\system32\perfc009.dat - 2003-04-02 12:00 . 2010-12-20 23:52 66560 c:\windows\system32\mshtmled.dll + 2003-04-02 12:00 . 2011-02-22 23:05 66560 c:\windows\system32\mshtmled.dll + 2009-03-08 03:31 . 2011-02-22 23:05 55296 c:\windows\system32\msfeedsbs.dll - 2009-03-08 03:31 . 2010-12-20 23:52 55296 c:\windows\system32\msfeedsbs.dll + 2003-04-02 12:00 . 2011-02-22 23:05 25600 c:\windows\system32\jsproxy.dll - 2003-04-02 12:00 . 2010-12-20 23:52 25600 c:\windows\system32\jsproxy.dll - 2003-04-02 12:00 . 2008-04-14 06:52 45568 c:\windows\system32\dnsrslvr.dll + 2003-04-02 12:00 . 2009-04-20 17:17 45568 c:\windows\system32\dnsrslvr.dll - 2010-05-01 07:55 . 2010-12-20 23:52 12800 c:\windows\system32\dllcache\xpshims.dll + 2010-05-01 07:55 . 2011-02-22 23:05 12800 c:\windows\system32\dllcache\xpshims.dll - 2009-03-08 03:31 . 2010-12-20 23:52 66560 c:\windows\system32\dllcache\mshtmled.dll + 2009-03-08 03:31 . 2011-02-22 23:05 66560 c:\windows\system32\dllcache\mshtmled.dll - 2010-05-01 07:55 . 2010-12-20 23:52 55296 c:\windows\system32\dllcache\msfeedsbs.dll + 2010-05-01 07:55 . 2011-02-22 23:05 55296 c:\windows\system32\dllcache\msfeedsbs.dll - 2009-03-08 03:34 . 2010-12-20 23:52 43520 c:\windows\system32\dllcache\licmgr10.dll + 2009-03-08 03:34 . 2011-02-22 23:05 43520 c:\windows\system32\dllcache\licmgr10.dll + 2009-03-08 03:33 . 2011-02-22 23:05 25600 c:\windows\system32\dllcache\jsproxy.dll - 2009-03-08 03:33 . 2010-12-20 23:52 25600 c:\windows\system32\dllcache\jsproxy.dll + 2009-04-20 17:17 . 2009-04-20 17:17 45568 c:\windows\system32\dllcache\dnsrslvr.dll - 2010-03-18 11:16 . 2010-03-18 11:16 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll + 2011-02-10 02:10 . 2011-02-10 02:10 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll - 2010-10-22 18:16 . 2010-10-22 18:16 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll + 2011-04-15 13:05 . 2011-04-15 13:05 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll + 2011-04-15 13:05 . 2011-04-15 13:05 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll - 2010-10-22 18:16 . 2010-10-22 18:16 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll - 2010-10-22 18:16 . 2010-10-22 18:16 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll + 2011-04-15 13:05 . 2011-04-15 13:05 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll - 2010-10-22 18:16 . 2010-10-22 18:16 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll + 2011-04-15 13:05 . 2011-04-15 13:05 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll + 2011-04-15 13:05 . 2011-04-15 13:05 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll - 2010-10-22 18:16 . 2010-10-22 18:16 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll - 2010-10-22 18:16 . 2010-10-22 18:16 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll + 2011-04-15 13:05 . 2011-04-15 13:05 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll - 2010-10-22 18:16 . 2010-10-22 18:16 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll + 2011-04-15 13:05 . 2011-04-15 13:05 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll + 2011-04-15 13:05 . 2011-04-15 13:05 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll - 2010-10-22 18:16 . 2010-10-22 18:16 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll - 2010-10-22 18:16 . 2010-10-22 18:16 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll + 2011-04-15 13:05 . 2011-04-15 13:05 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll - 2010-10-22 18:16 . 2010-10-22 18:16 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll + 2011-04-15 13:05 . 2011-04-15 13:05 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll + 2011-04-15 13:05 . 2011-04-15 13:05 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll - 2010-10-22 18:16 . 2010-10-22 18:16 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll + 2011-04-15 13:05 . 2011-04-15 13:05 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll - 2010-10-22 18:16 . 2010-10-22 18:16 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll - 2010-10-22 18:16 . 2010-10-22 18:16 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll + 2011-04-15 13:05 . 2011-04-15 13:05 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll - 2010-10-22 18:16 . 2010-10-22 18:16 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll + 2011-04-15 13:05 . 2011-04-15 13:05 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll - 2010-10-22 18:16 . 2010-10-22 18:16 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll + 2011-04-15 13:05 . 2011-04-15 13:05 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll + 2011-04-15 13:05 . 2011-04-15 13:05 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll - 2010-10-22 18:16 . 2010-10-22 18:16 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll + 2011-04-15 13:05 . 2011-04-15 13:05 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll - 2010-10-22 18:16 . 2010-10-22 18:16 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll + 2011-04-15 13:05 . 2011-04-15 13:05 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll - 2010-10-22 18:16 . 2010-10-22 18:16 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll + 2011-04-15 13:05 . 2011-04-15 13:05 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll - 2010-10-22 18:16 . 2010-10-22 18:16 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll + 2011-04-15 13:10 . 2010-12-20 23:52 12800 c:\windows\ie8updates\KB2497640-IE8\xpshims.dll + 2011-04-15 13:10 . 2010-12-20 23:52 66560 c:\windows\ie8updates\KB2497640-IE8\mshtmled.dll + 2011-04-15 13:10 . 2010-12-20 23:52 55296 c:\windows\ie8updates\KB2497640-IE8\msfeedsbs.dll + 2011-04-15 13:10 . 2010-12-20 23:52 43520 c:\windows\ie8updates\KB2497640-IE8\licmgr10.dll + 2011-04-15 13:10 . 2010-12-20 23:52 25600 c:\windows\ie8updates\KB2497640-IE8\jsproxy.dll + 2011-04-15 16:03 . 2011-04-15 16:03 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\9824b202ffe88c945577effdc7fc8fc3\UIAutomationProvider.ni.dll + 2011-04-15 16:29 . 2011-04-15 16:29 54784 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\8e97109a6278b73bf4fd77b61ce6c154\System.Xaml.Hosting.ni.dll + 2011-04-15 16:30 . 2011-04-15 16:30 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\6474ae2cebac637025eab3cbcdc9ffe6\System.Windows.Presentation.ni.dll + 2011-04-15 16:30 . 2011-04-15 16:30 24064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Routing\1070fda1dc17a4b0f121195f9c1ebcfe\System.Web.Routing.ni.dll + 2011-04-15 16:30 . 2011-04-15 16:30 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\5a41a2282d6b6ac525073db4f0604677\System.Web.DynamicData.Design.ni.dll + 2011-04-15 16:03 . 2011-04-15 16:03 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\50cbf014f60fa88f67a763dfbead1fee\System.Web.ApplicationServices.ni.dll + 2011-04-15 16:29 . 2011-04-15 16:29 24576 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Abstract#\8aa6f2e7225a8c20edda9ee3a260692a\System.Web.Abstractions.ni.dll + 2011-04-15 16:29 . 2011-04-15 16:29 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f472171edc898ea876f14b97b4f332b8\System.ServiceModel.Channels.ni.dll + 2011-04-15 16:29 . 2011-04-15 16:29 12288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\2f4398558c8128f92887fde8660f1ca8\System.ServiceModel.ServiceMoniker40.ni.dll + 2011-04-15 16:04 . 2011-04-15 16:04 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\473102f936b4a823e5e2b2e6282c5104\System.AddIn.Contract.ni.dll + 2011-04-15 16:03 . 2011-04-15 16:03 37376 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Workflow.#\c4eae41feecde838e71941f5b7359b48\Microsoft.Workflow.Compiler.ni.exe + 2011-04-15 16:03 . 2011-04-15 16:03 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\1a21a54acf18fabfddb0b94d40e509a1\Microsoft.VisualC.ni.dll + 2011-04-15 16:02 . 2011-04-15 16:02 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\7600f9d2a3bc01ba15674667283c2e53\Accessibility.ni.dll + 2011-04-15 13:46 . 2011-04-15 13:46 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\368187bcb570d202a019fc7c53b1df4c\UIAutomationProvider.ni.dll + 2011-04-15 16:02 . 2011-04-15 16:02 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\3f621b90371e67197bd4d0b86aa6f21d\System.Windows.Presentation.ni.dll + 2011-04-15 16:02 . 2011-04-15 16:02 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\577b049541803541e6b00e2c36c00852\System.Web.DynamicData.Design.ni.dll + 2011-04-15 16:00 . 2011-04-15 16:00 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\636ed65b7e5481320e3010b78a5e6cfa\System.ComponentModel.DataAnnotations.ni.dll + 2011-04-15 16:00 . 2011-04-15 16:00 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f83b1e8dd8c90490c8d924826c8b107d\System.AddIn.Contract.ni.dll + 2011-04-15 13:45 . 2011-04-15 13:45 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2740ba673b1040f1995f13c6044da64c\PresentationFontCache.ni.exe + 2011-04-15 13:10 . 2011-04-15 13:10 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\8514e7de63d46b6f8232ef70d93a1650\PresentationCFFRasterizer.ni.dll + 2011-04-15 16:01 . 2011-04-15 16:01 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\108426b4dc654100c9a99bfa71f69886\Microsoft.Vsa.ni.dll + 2011-04-15 16:00 . 2011-04-15 16:00 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\61ae638a8173b053fc3e6dde41df25a3\Microsoft.VisualC.ni.dll + 2011-04-15 16:00 . 2011-04-15 16:00 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\8905268997c77a27c7f9c54aeba37f24\Microsoft.Build.Framework.ni.dll + 2011-04-15 16:00 . 2011-04-15 16:00 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\11bb8ef375848eb1c074da1afd5cecdc\Microsoft.Build.Framework.ni.dll + 2011-04-15 16:00 . 2011-04-15 16:00 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\6d74b9308a1517bfe959e597c3dd2427\dfsvc.ni.exe + 2011-04-15 15:59 . 2011-04-15 15:59 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\fdf7f1404f4a5c7f5a0463d8e7a442e4\Accessibility.ni.dll - 2010-10-27 15:54 . 2010-10-27 15:54 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll + 2011-04-15 13:09 . 2011-04-15 13:09 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll + 2011-04-15 13:09 . 2011-04-15 13:09 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll - 2010-10-27 15:54 . 2010-10-27 15:54 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll + 2011-04-15 13:09 . 2011-04-15 13:09 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll - 2010-10-27 15:54 . 2010-10-27 15:54 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll + 2011-04-15 13:09 . 2011-04-15 13:09 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll - 2010-10-27 15:54 . 2010-10-27 15:54 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll + 2011-04-15 13:09 . 2011-04-15 13:09 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll - 2010-10-27 15:54 . 2010-10-27 15:54 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll + 2011-04-15 13:09 . 2011-04-15 13:09 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll - 2010-10-27 15:54 . 2010-10-27 15:54 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll + 2011-04-15 13:09 . 2011-04-15 13:09 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll - 2010-10-27 15:54 . 2010-10-27 15:54 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll + 2011-04-15 13:09 . 2011-04-15 13:09 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll - 2010-10-27 15:54 . 2010-10-27 15:54 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll + 2011-04-15 13:09 . 2011-04-15 13:09 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll - 2010-10-27 15:54 . 2010-10-27 15:54 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll - 2010-10-27 15:54 . 2010-10-27 15:54 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll + 2011-04-15 13:09 . 2011-04-15 13:09 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll - 2010-10-27 15:54 . 2010-10-27 15:54 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll + 2011-04-15 13:09 . 2011-04-15 13:09 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll - 2010-10-27 15:54 . 2010-10-27 15:54 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll + 2011-04-15 13:09 . 2011-04-15 13:09 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll - 2010-10-27 15:54 . 2010-10-27 15:54 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll + 2011-04-15 13:09 . 2011-04-15 13:09 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll - 2010-10-27 15:54 . 2010-10-27 15:54 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll + 2011-04-15 13:09 . 2011-04-15 13:09 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll + 2011-04-15 13:10 . 2011-04-15 13:10 2688 c:\windows\SoftwareDistribution\EventCache\{FCC119B7-C2EC-4B11-88C9-2664CA973400}.bin + 2011-04-15 16:02 . 2011-04-15 16:02 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\1a4701c5a061d081b78353bd04349c3e\dfsvc.ni.exe + 2011-04-15 13:09 . 2011-04-15 13:09 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll - 2010-10-27 15:54 . 2010-10-27 15:54 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll + 2011-04-15 13:09 . 2011-04-15 13:09 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll - 2010-10-27 15:54 . 2010-10-27 15:54 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll + 2011-04-15 13:09 . 2011-04-15 13:09 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll - 2010-10-27 15:54 . 2010-10-27 15:54 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll + 2011-04-15 13:09 . 2011-04-15 13:09 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll - 2010-10-27 15:54 . 2010-10-27 15:54 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll - 2010-10-22 18:16 . 2010-10-22 18:16 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll + 2011-04-15 13:05 . 2011-04-15 13:05 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll + 2011-04-15 13:05 . 2011-04-15 13:05 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll - 2010-10-22 18:16 . 2010-10-22 18:16 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll - 2010-10-27 15:54 . 2010-10-27 15:54 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll + 2011-04-15 13:09 . 2011-04-15 13:09 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll - 2010-10-27 15:54 . 2010-10-27 15:54 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll + 2011-04-15 13:09 . 2011-04-15 13:09 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll + 2003-04-02 12:00 . 2011-04-15 13:10 494300 c:\windows\system32\perfh009.dat + 2003-04-02 12:00 . 2011-04-15 13:10 517632 c:\windows\system32\perfh007.dat + 2003-04-02 12:00 . 2011-04-15 13:10 101784 c:\windows\system32\perfc007.dat - 2003-04-02 12:00 . 2010-12-20 23:52 206848 c:\windows\system32\occache.dll + 2003-04-02 12:00 . 2011-02-22 23:05 206848 c:\windows\system32\occache.dll - 2003-04-02 12:00 . 2008-06-20 17:46 247296 c:\windows\system32\mswsock.dll + 2003-04-02 12:00 . 2008-06-20 16:02 247296 c:\windows\system32\mswsock.dll - 2003-04-02 12:00 . 2010-12-20 23:52 611840 c:\windows\system32\mstime.dll + 2003-04-02 12:00 . 2011-02-22 23:05 611840 c:\windows\system32\mstime.dll + 2009-03-08 03:32 . 2011-02-22 23:05 602112 c:\windows\system32\msfeeds.dll - 2009-03-08 03:32 . 2010-12-20 23:52 602112 c:\windows\system32\msfeeds.dll - 2003-04-02 12:00 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll + 2003-04-02 12:00 . 2011-03-04 06:36 726528 c:\windows\system32\jscript.dll + 2003-04-02 12:00 . 2011-02-22 23:05 184320 c:\windows\system32\iepeers.dll - 2003-04-02 12:00 . 2010-12-20 23:52 184320 c:\windows\system32\iepeers.dll + 2003-04-02 12:00 . 2011-02-22 23:05 387584 c:\windows\system32\iedkcs32.dll - 2003-04-02 12:00 . 2010-12-20 23:52 387584 c:\windows\system32\iedkcs32.dll + 2003-04-02 12:00 . 2011-02-18 11:49 173568 c:\windows\system32\ie4uinit.exe - 2003-04-02 12:00 . 2010-12-20 12:55 173568 c:\windows\system32\ie4uinit.exe + 2010-01-17 13:46 . 2011-04-15 13:42 359344 c:\windows\system32\FNTCACHE.DAT - 2010-01-17 13:46 . 2011-04-14 14:45 359344 c:\windows\system32\FNTCACHE.DAT + 2003-04-02 12:00 . 2008-10-16 14:43 138496 c:\windows\system32\drivers\afd.sys - 2003-04-02 12:00 . 2008-08-14 10:04 138496 c:\windows\system32\drivers\afd.sys + 2003-04-02 12:00 . 2011-03-03 06:54 149504 c:\windows\system32\dnsapi.dll + 2009-10-29 05:24 . 2011-02-22 23:05 916480 c:\windows\system32\dllcache\wininet.dll - 2009-10-29 05:24 . 2010-12-20 23:52 916480 c:\windows\system32\dllcache\wininet.dll + 2008-05-09 10:54 . 2011-03-04 06:36 420864 c:\windows\system32\dllcache\vbscript.dll + 2010-01-17 18:11 . 2011-02-17 13:18 357888 c:\windows\system32\dllcache\srv.sys + 2009-03-08 03:34 . 2011-02-22 23:05 206848 c:\windows\system32\dllcache\occache.dll - 2009-03-08 03:34 . 2010-12-20 23:52 206848 c:\windows\system32\dllcache\occache.dll - 2008-06-20 17:46 . 2008-06-20 17:46 247296 c:\windows\system32\dllcache\mswsock.dll + 2008-06-20 17:46 . 2008-06-20 16:02 247296 c:\windows\system32\dllcache\mswsock.dll - 2009-03-08 03:32 . 2010-12-20 23:52 611840 c:\windows\system32\dllcache\mstime.dll + 2009-03-08 03:32 . 2011-02-22 23:05 611840 c:\windows\system32\dllcache\mstime.dll - 2010-05-01 07:55 . 2010-12-20 23:52 602112 c:\windows\system32\dllcache\msfeeds.dll + 2010-05-01 07:55 . 2011-02-22 23:05 602112 c:\windows\system32\dllcache\msfeeds.dll + 2010-01-17 18:11 . 2011-02-17 13:18 455936 c:\windows\system32\dllcache\mrxsmb.sys - 2010-09-18 10:22 . 2010-09-18 10:22 974848 c:\windows\system32\dllcache\mfc42u.dll + 2010-09-18 10:22 . 2011-02-08 13:33 974848 c:\windows\system32\dllcache\mfc42u.dll + 2010-10-13 14:15 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll - 2010-01-17 18:06 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll + 2010-01-17 18:06 . 2011-03-04 06:36 726528 c:\windows\system32\dllcache\jscript.dll - 2010-01-17 18:09 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll + 2010-01-17 18:09 . 2011-03-07 05:33 692736 c:\windows\system32\dllcache\inetcomm.dll + 2010-05-01 07:55 . 2011-02-22 23:05 247808 c:\windows\system32\dllcache\ieproxy.dll - 2010-05-01 07:55 . 2010-12-20 23:52 247808 c:\windows\system32\dllcache\ieproxy.dll + 2010-02-26 05:41 . 2011-02-22 23:05 184320 c:\windows\system32\dllcache\iepeers.dll - 2010-02-26 05:41 . 2010-12-20 23:52 184320 c:\windows\system32\dllcache\iepeers.dll - 2010-06-11 13:32 . 2010-12-20 23:52 743424 c:\windows\system32\dllcache\iedvtool.dll + 2010-06-11 13:32 . 2011-02-22 23:05 743424 c:\windows\system32\dllcache\iedvtool.dll + 2009-03-08 13:09 . 2011-02-22 23:05 387584 c:\windows\system32\dllcache\iedkcs32.dll - 2009-03-08 13:09 . 2010-12-20 23:52 387584 c:\windows\system32\dllcache\iedkcs32.dll - 2009-03-08 03:32 . 2010-12-20 12:55 173568 c:\windows\system32\dllcache\ie4uinit.exe + 2009-03-08 03:32 . 2011-02-18 11:49 173568 c:\windows\system32\dllcache\ie4uinit.exe + 2008-06-20 17:46 . 2011-03-03 06:54 149504 c:\windows\system32\dllcache\dnsapi.dll + 2010-04-20 05:29 . 2011-02-15 12:56 290432 c:\windows\system32\dllcache\atmfd.dll - 2008-06-20 11:40 . 2008-08-14 10:04 138496 c:\windows\system32\dllcache\afd.sys + 2008-06-20 11:40 . 2008-10-16 14:43 138496 c:\windows\system32\dllcache\afd.sys - 2010-03-18 11:16 . 2010-03-18 11:16 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll + 2011-02-10 02:10 . 2011-02-10 02:10 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll - 2010-03-18 11:16 . 2010-03-18 11:16 955728 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll + 2011-02-10 02:10 . 2011-02-10 02:10 955728 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll - 2010-03-18 11:16 . 2010-03-18 11:16 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll + 2011-02-10 02:10 . 2011-02-10 02:10 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll + 2011-01-18 02:39 . 2011-01-18 02:39 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll - 2010-05-11 04:40 . 2010-05-11 04:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll + 2011-01-18 02:39 . 2011-01-18 02:39 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll + 2011-01-18 02:39 . 2011-01-18 02:39 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll - 2010-05-11 04:40 . 2010-05-11 04:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll + 2011-04-15 13:05 . 2011-04-15 13:05 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll - 2010-10-22 18:16 . 2010-10-22 18:16 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll - 2010-10-22 18:16 . 2010-10-22 18:16 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll + 2011-04-15 13:05 . 2011-04-15 13:05 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll - 2010-10-22 18:16 . 2010-10-22 18:16 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll + 2011-04-15 13:05 . 2011-04-15 13:05 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll + 2011-04-15 13:05 . 2011-04-15 13:05 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll - 2010-10-22 18:16 . 2010-10-22 18:16 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll + 2011-04-15 13:05 . 2011-04-15 13:05 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll - 2010-10-22 18:16 . 2010-10-22 18:16 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll + 2011-04-15 13:05 . 2011-04-15 13:05 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll - 2010-10-22 18:16 . 2010-10-22 18:16 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll + 2011-04-15 13:05 . 2011-04-15 13:05 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll - 2010-10-22 18:16 . 2010-10-22 18:16 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll - 2010-10-22 18:16 . 2010-10-22 18:16 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll + 2011-04-15 13:05 . 2011-04-15 13:05 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll - 2010-10-22 18:16 . 2010-10-22 18:16 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll + 2011-04-15 13:05 . 2011-04-15 13:05 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll + 2011-04-15 13:05 . 2011-04-15 13:05 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll - 2010-10-22 18:16 . 2010-10-22 18:16 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll + 2011-04-15 13:05 . 2011-04-15 13:05 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll - 2010-10-22 18:16 . 2010-10-22 18:16 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll - 2010-10-22 18:16 . 2010-10-22 18:16 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2011-04-15 13:05 . 2011-04-15 13:05 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2011-04-15 13:05 . 2011-04-15 13:05 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll - 2010-10-22 18:16 . 2010-10-22 18:16 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll - 2010-10-22 18:16 . 2010-10-22 18:16 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll + 2011-04-15 13:05 . 2011-04-15 13:05 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll + 2011-04-15 13:05 . 2011-04-15 13:05 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll - 2010-10-22 18:16 . 2010-10-22 18:16 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll - 2010-10-22 18:16 . 2010-10-22 18:16 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll + 2011-04-15 13:05 . 2011-04-15 13:05 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll - 2010-10-22 18:16 . 2010-10-22 18:16 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll + 2011-04-15 13:05 . 2011-04-15 13:05 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll - 2010-10-22 18:16 . 2010-10-22 18:16 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll + 2011-04-15 13:05 . 2011-04-15 13:05 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll + 2011-04-15 13:05 . 2011-04-15 13:05 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll - 2010-10-22 18:16 . 2010-10-22 18:16 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll + 2011-04-15 13:05 . 2011-04-15 13:05 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll - 2010-10-22 18:16 . 2010-10-22 18:16 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll + 2011-04-15 13:05 . 2011-04-15 13:05 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll - 2010-10-22 18:16 . 2010-10-22 18:16 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll - 2010-10-22 18:16 . 2010-10-22 18:16 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll + 2011-04-15 13:05 . 2011-04-15 13:05 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll - 2010-10-22 18:16 . 2010-10-22 18:16 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll + 2011-04-15 13:05 . 2011-04-15 13:05 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll + 2011-04-15 13:05 . 2011-04-15 13:05 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll - 2010-10-22 18:16 . 2010-10-22 18:16 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll - 2010-10-22 18:16 . 2010-10-22 18:16 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll + 2011-04-15 13:05 . 2011-04-15 13:05 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll + 2011-04-15 13:05 . 2011-04-15 13:05 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll - 2010-10-22 18:16 . 2010-10-22 18:16 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll - 2010-10-22 18:16 . 2010-10-22 18:16 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll + 2011-04-15 13:05 . 2011-04-15 13:05 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll + 2011-04-15 13:05 . 2011-04-15 13:05 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll - 2010-10-22 18:16 . 2010-10-22 18:16 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll + 2011-04-15 13:05 . 2011-04-15 13:05 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll - 2010-10-22 18:16 . 2010-10-22 18:16 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll - 2010-10-22 18:16 . 2010-10-22 18:16 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll + 2011-04-15 13:05 . 2011-04-15 13:05 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll + 2011-04-15 13:05 . 2011-04-15 13:05 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll - 2010-10-22 18:16 . 2010-10-22 18:16 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll - 2010-10-22 18:16 . 2010-10-22 18:16 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll + 2011-04-15 13:05 . 2011-04-15 13:05 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll + 2011-04-15 13:05 . 2011-04-15 13:05 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll - 2010-10-22 18:16 . 2010-10-22 18:16 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll - 2010-10-22 18:16 . 2010-10-22 18:16 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll + 2011-04-15 13:05 . 2011-04-15 13:05 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll - 2010-10-22 18:16 . 2010-10-22 18:16 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll + 2011-04-15 13:05 . 2011-04-15 13:05 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll - 2010-10-22 18:16 . 2010-10-22 18:16 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll + 2011-04-15 13:05 . 2011-04-15 13:05 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll - 2010-10-22 18:16 . 2010-10-22 18:16 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll + 2011-04-15 13:05 . 2011-04-15 13:05 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll + 2011-04-15 13:05 . 2011-04-15 13:05 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll - 2010-10-22 18:16 . 2010-10-22 18:16 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll - 2010-10-22 18:16 . 2010-10-22 18:16 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll + 2011-04-15 13:05 . 2011-04-15 13:05 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll + 2011-04-15 13:05 . 2011-04-15 13:05 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll - 2010-10-22 18:16 . 2010-10-22 18:16 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll + 2011-04-15 13:05 . 2011-04-15 13:05 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll - 2010-10-22 18:16 . 2010-10-22 18:16 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll + 2011-04-15 13:05 . 2011-04-15 13:05 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll - 2010-10-22 18:16 . 2010-10-22 18:16 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll + 2011-04-15 13:05 . 2011-04-15 13:05 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll - 2010-10-22 18:16 . 2010-10-22 18:16 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll - 2010-10-22 18:16 . 2010-10-22 18:16 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll + 2011-04-15 13:05 . 2011-04-15 13:05 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll + 2011-04-15 13:05 . 2011-04-15 13:05 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll - 2010-10-22 18:16 . 2010-10-22 18:16 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll + 2011-04-15 13:05 . 2011-04-15 13:05 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll - 2010-10-22 18:16 . 2010-10-22 18:16 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2011-04-15 13:05 . 2011-04-15 13:05 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll - 2010-10-22 18:16 . 2010-10-22 18:16 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll - 2010-10-22 18:16 . 2010-10-22 18:16 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll + 2011-04-15 13:05 . 2011-04-15 13:05 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll + 2011-04-15 13:05 . 2011-04-15 13:05 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll - 2010-10-22 18:16 . 2010-10-22 18:16 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll - 2010-10-22 18:16 . 2010-10-22 18:16 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll + 2011-04-15 13:05 . 2011-04-15 13:05 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll + 2011-04-15 13:05 . 2011-04-15 13:05 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2010-10-22 18:16 . 2010-10-22 18:16 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2010-10-22 18:16 . 2010-10-22 18:16 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll + 2011-04-15 13:05 . 2011-04-15 13:05 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll + 2011-04-15 13:02 . 2010-03-10 06:15 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll + 2011-04-15 13:02 . 2010-07-05 13:14 388984 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll + 2011-04-15 13:02 . 2010-07-05 13:14 234872 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe + 2011-04-15 13:02 . 2009-12-09 05:53 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll + 2011-04-15 13:10 . 2010-12-20 23:52 916480 c:\windows\ie8updates\KB2497640-IE8\wininet.dll + 2011-04-15 13:10 . 2010-07-05 13:14 388984 c:\windows\ie8updates\KB2497640-IE8\spuninst\updspapi.dll + 2011-04-15 13:10 . 2010-07-05 13:14 234872 c:\windows\ie8updates\KB2497640-IE8\spuninst\spuninst.exe + 2011-04-15 13:10 . 2010-12-20 23:52 206848 c:\windows\ie8updates\KB2497640-IE8\occache.dll + 2011-04-15 13:10 . 2010-12-20 23:52 611840 c:\windows\ie8updates\KB2497640-IE8\mstime.dll + 2011-04-15 13:10 . 2010-12-20 23:52 602112 c:\windows\ie8updates\KB2497640-IE8\msfeeds.dll + 2011-04-15 13:10 . 2010-12-20 23:52 247808 c:\windows\ie8updates\KB2497640-IE8\ieproxy.dll + 2011-04-15 13:10 . 2010-12-20 23:52 184320 c:\windows\ie8updates\KB2497640-IE8\iepeers.dll + 2011-04-15 13:10 . 2010-12-20 23:52 743424 c:\windows\ie8updates\KB2497640-IE8\iedvtool.dll + 2011-04-15 13:10 . 2010-12-20 23:52 387584 c:\windows\ie8updates\KB2497640-IE8\iedkcs32.dll + 2011-04-15 13:10 . 2010-12-20 12:55 173568 c:\windows\ie8updates\KB2497640-IE8\ie4uinit.exe + 2010-01-17 18:11 . 2011-02-17 13:18 455936 c:\windows\Driver Cache\i386\mrxsmb.sys + 2011-04-15 16:30 . 2011-04-15 16:30 399360 c:\windows\assembly\NativeImages_v4.0.30319_32\XamlBuildTask\071230a3e7b1d19779210ed709761da4\XamlBuildTask.ni.dll + 2011-04-15 16:02 . 2011-04-15 16:02 353792 c:\windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\308200c3a43e5cd40f7ca07328be5d56\WsatConfig.ni.exe + 2011-04-15 16:30 . 2011-04-15 16:30 245760 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\c854ff737035c79fdf1b56b95e28fdbc\WindowsFormsIntegration.ni.dll + 2011-04-15 16:03 . 2011-04-15 16:03 195584 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\c085fc0d222fb39afe14cc8e5eb32eee\UIAutomationTypes.ni.dll + 2011-04-15 16:30 . 2011-04-15 16:30 481792 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\974f99cb0c5b67484ce5a3fd1fc5e7dd\UIAutomationClient.ni.dll + 2011-04-15 16:03 . 2011-04-15 16:03 391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\6d7c87b19bf40f2bc57ec4429b628c9a\System.Xml.Linq.ni.dll + 2011-04-15 16:03 . 2011-04-15 16:03 187904 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\21eb4743be4fdd8df5f0a9cd0dd52f5d\System.Windows.Input.Manipulations.ni.dll + 2011-04-15 16:30 . 2011-04-15 16:30 192512 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\506e5c072114a604751e589a03818287\System.Windows.Forms.DataVisualization.Design.ni.dll + 2011-04-15 16:03 . 2011-04-15 16:03 218624 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.RegularE#\4f6ed094f67cf65019b24b7ae4950047\System.Web.RegularExpressions.ni.dll + 2011-04-15 16:30 . 2011-04-15 16:30 858112 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\e48ad421c99a1dff1680d775abf7fdec\System.Web.Extensions.Design.ni.dll + 2011-04-15 16:30 . 2011-04-15 16:30 332288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\25f74ac76ed1a5762f05984a8e8f675c\System.Web.Entity.ni.dll + 2011-04-15 16:30 . 2011-04-15 16:30 296448 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\022f7f8e65394aab269df0a14f3f8757\System.Web.Entity.Design.ni.dll + 2011-04-15 16:30 . 2011-04-15 16:30 705536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\c1a917d7d45e2e5731ab1a2c69bc3c79\System.Web.DynamicData.ni.dll + 2011-04-15 16:29 . 2011-04-15 16:29 256512 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\79696f4c00767d1db7c4a93b9e417359\System.Web.DataVisualization.Design.ni.dll + 2011-04-15 16:03 . 2011-04-15 16:03 645632 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\1fac5b5769af4e4dd0aa3f09d9834734\System.Transactions.ni.dll + 2011-04-15 16:03 . 2011-04-15 16:03 220672 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\4e5c6a1e261c43961b19f4712359234f\System.ServiceProcess.ni.dll + 2011-04-15 16:29 . 2011-04-15 16:29 421888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d1f5920c45a89d29bfcaaf3e913f5b43\System.ServiceModel.Activation.ni.dll + 2011-04-15 16:29 . 2011-04-15 16:29 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\9fc58e83505ef6bf05a4529665c7737d\System.ServiceModel.Routing.ni.dll + 2011-04-15 13:06 . 2011-04-15 13:06 721920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\df00a90a0ca189eb49b071dfd9530347\System.Security.ni.dll + 2011-04-15 16:03 . 2011-04-15 16:03 310272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\7de8fccb064fff0d219e8594a014b600\System.Runtime.Serialization.Formatters.Soap.ni.dll + 2011-04-15 16:03 . 2011-04-15 16:03 767488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\585f1cfab91fc0c2c3e2a9f483a2a4a2\System.Runtime.Remoting.ni.dll + 2011-04-15 16:03 . 2011-04-15 16:03 239616 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\46ecc1e6de3fba31062fe27e5bc2ef9c\System.Runtime.Caching.ni.dll + 2011-04-15 13:06 . 2011-04-15 13:06 144896 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\f2304201110addb8170997ff442e87fc\System.Numerics.ni.dll + 2011-04-15 16:29 . 2011-04-15 16:29 651264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\56158e581a3dfce8f930fe7388cfe156\System.Net.ni.dll + 2011-04-15 16:29 . 2011-04-15 16:29 625152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\8b3e59239912537657fc7f9c6b88dd8a\System.Messaging.ni.dll + 2011-04-15 16:29 . 2011-04-15 16:29 392704 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\117067671949b80852b0a7c112888b7b\System.Management.Instrumentation.ni.dll + 2011-04-15 16:29 . 2011-04-15 16:29 405504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\a483116d4df8444911c9d47fd99b8b95\System.IO.Log.ni.dll + 2011-04-15 16:29 . 2011-04-15 16:29 228352 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\3891b868ee83ca630686d547c328da31\System.IdentityModel.Selectors.ni.dll + 2011-04-15 16:03 . 2011-04-15 16:03 230912 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\547669d593c2ac7c94391e153ea6068f\System.EnterpriseServices.Wrapper.dll + 2011-04-15 16:03 . 2011-04-15 16:03 784896 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\547669d593c2ac7c94391e153ea6068f\System.EnterpriseServices.ni.dll + 2011-04-15 13:06 . 2011-04-15 13:06 373248 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\f9b335b9f86afcae5a54949288010a0f\System.Dynamic.ni.dll + 2011-04-15 13:07 . 2011-04-15 13:07 223744 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\bbb1323c2a613d3f4e9cfce17e03ee70\System.Drawing.Design.ni.dll + 2011-04-15 16:29 . 2011-04-15 16:29 911872 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\8a7ceaec74327e2be758e7291b8a5849\System.DirectoryServices.AccountManagement.ni.dll + 2011-04-15 16:03 . 2011-04-15 16:03 461824 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\698dd101afeceb8ffc4a435b9be82038\System.DirectoryServices.Protocols.ni.dll + 2011-04-15 16:29 . 2011-04-15 16:29 112128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\65b4592d5d04a0c5b6f102f8d1e065e8\System.Device.ni.dll + 2011-04-15 16:29 . 2011-04-15 16:29 499712 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\1cebe528201f40151fb29cb835f76ef2\System.Data.Services.Design.ni.dll + 2011-04-15 16:04 . 2011-04-15 16:04 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\ee0a48c4f9340f1002baa71004a14932\System.Data.DataSetExtensions.ni.dll + 2011-04-15 13:06 . 2011-04-15 13:06 973312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\f7f7d2aa985906327e256d05472bdeb3\System.Configuration.ni.dll + 2011-04-15 16:03 . 2011-04-15 16:03 145920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\9a074aee02c2c27bd8a64bd39bb0f954\System.Configuration.Install.ni.dll + 2011-04-15 16:04 . 2011-04-15 16:04 193536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\f02a6c23986ba9eee3699717437b0f94\System.ComponentModel.DataAnnotations.ni.dll + 2011-04-15 13:07 . 2011-04-15 13:07 690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\50925baa7781cd6b13b345750b78cac2\System.ComponentModel.Composition.ni.dll + 2011-04-15 16:04 . 2011-04-15 16:04 613888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\d5de48c1c29a8498c89ed5da48e40690\System.AddIn.ni.dll + 2011-04-15 16:04 . 2011-04-15 16:04 402944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\d60de251f6401ab42fe195f6bf25ca73\System.Activities.DurableInstancing.ni.dll + 2011-04-15 16:02 . 2011-04-15 16:02 316928 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\d42aded7e797fe07a002cec27071b509\SMSvcHost.ni.exe + 2011-04-15 16:03 . 2011-04-15 16:03 142336 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\22f477b2dad8700e564daead57f5b825\SMDiagnostics.ni.dll + 2011-04-15 13:07 . 2011-04-15 13:07 656896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ea81a1bfc0d3e8840be37dffb83fc12e\PresentationFramework.Luna.ni.dll + 2011-04-15 13:07 . 2011-04-15 13:07 327168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e4498a63f9913a5d47d26de0da220fdc\PresentationFramework.Royale.ni.dll + 2011-04-15 13:07 . 2011-04-15 13:07 283648 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\debfd1ead83df514b9a663bf3601669f\PresentationFramework.Classic.ni.dll + 2011-04-15 13:07 . 2011-04-15 13:07 450048 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bc6292c4e40c4bf27d35ec5a8065893f\PresentationFramework.Aero.ni.dll + 2011-04-15 16:02 . 2011-04-15 16:02 273920 c:\windows\assembly\NativeImages_v4.0.30319_32\MSBuild\f648f2557a7075889949469f0531b7c9\MSBuild.ni.exe + 2011-04-15 16:03 . 2011-04-15 16:03 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\e6c8530bfd8c9a39e07a5401b3acba04\Microsoft.VisualBasic.Compatibility.Data.ni.dll + 2011-04-15 16:03 . 2011-04-15 16:03 418304 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\a78fa250714cf42472bc22d0b7ea14e5\Microsoft.Transactions.Bridge.Dtc.ni.dll + 2011-04-15 16:03 . 2011-04-15 16:03 629248 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Uti#\9c42659b778392df8680d350075a2e5b\Microsoft.Build.Utilities.v4.0.ni.dll + 2011-04-15 16:02 . 2011-04-15 16:02 257536 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Fra#\9f1f00f55897b6fd12e65be9869fffa7\Microsoft.Build.Framework.ni.dll + 2011-04-15 16:02 . 2011-04-15 16:02 135680 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Con#\c9519340c17ccff490727172072a7ff7\Microsoft.Build.Conversion.v4.0.ni.dll + 2011-04-15 16:02 . 2011-04-15 16:02 193024 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\e665571fbfd43f6f3f715b715dd01f14\CustomMarshalers.ni.dll + 2011-04-15 16:02 . 2011-04-15 16:02 471040 c:\windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\1b247637f0106a0bbc4f19d822e5a13c\ComSvcConfig.ni.exe + 2011-04-15 16:02 . 2011-04-15 16:02 842752 c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\a1fca84c7a934ce073bce166101bc58e\AspNetMMCExt.ni.dll + 2011-04-15 16:00 . 2011-04-15 16:00 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\95de80b860252231b46014f58226e473\WsatConfig.ni.exe + 2011-04-15 13:46 . 2011-04-15 13:46 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\715710f5a31a494ed5c0ec0874dafe3e\WindowsFormsIntegration.ni.dll + 2011-04-15 13:46 . 2011-04-15 13:46 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\017be0e6c5f1810f15a696157cd5e2c2\UIAutomationTypes.ni.dll + 2011-04-15 13:46 . 2011-04-15 13:46 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\bec5b0a93df12eb26c02c877a4eae678\UIAutomationClient.ni.dll + 2011-04-15 16:02 . 2011-04-15 16:02 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\3d8f787002439f4942c33f376cfd8555\System.Xml.Linq.ni.dll + 2011-04-15 16:02 . 2011-04-15 16:02 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\4b746fea8062a10ccc6e5331914e7dad\System.Web.Routing.ni.dll + 2011-04-15 16:02 . 2011-04-15 16:02 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\103956fdb019bce8a173fe9cb9da3e02\System.Web.RegularExpressions.ni.dll + 2011-04-15 16:02 . 2011-04-15 16:02 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c0a156fbf46ad272ac262e45eaa998f4\System.Web.Extensions.Design.ni.dll + 2011-04-15 16:02 . 2011-04-15 16:02 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\e3651e13567ce4e3fa7bb2fbab737d9a\System.Web.Entity.ni.dll + 2011-04-15 16:02 . 2011-04-15 16:02 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\834d7769f39e4d937eda1ad3707d4716\System.Web.Entity.Design.ni.dll + 2011-04-15 16:02 . 2011-04-15 16:02 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\032c96c6206b53bca122d1fbaf5f8ca2\System.Web.DynamicData.ni.dll + 2011-04-15 16:02 . 2011-04-15 16:02 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6ce0e4fb33afcfcce43c427e82b987db\System.Web.Abstractions.ni.dll + 2011-04-15 16:01 . 2011-04-15 16:01 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\990d96810a21e0fa95f916ffc66f3a94\System.Transactions.ni.dll + 2011-04-15 16:02 . 2011-04-15 16:02 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e0d56c0582316e9ecb4c18186e37217c\System.ServiceProcess.ni.dll + 2011-04-15 16:00 . 2011-04-15 16:00 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\9e91cca51a5ed6fb13b67558109d2726\System.Security.ni.dll + 2011-04-15 16:00 . 2011-04-15 16:00 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\fa6a58394a1f162eecce4cd8af0875c3\System.Runtime.Serialization.Formatters.Soap.ni.dll + 2011-04-15 16:01 . 2011-04-15 16:01 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1d03df7f7548613e8beab2cc21e57910\System.Runtime.Remoting.ni.dll + 2011-04-15 16:02 . 2011-04-15 16:02 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\6194eb4bc1e0133d0183d086b747f512\System.Net.ni.dll + 2011-04-15 16:01 . 2011-04-15 16:01 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\fd6bd402916af28b2c2fa49ebb8a76d1\System.Messaging.ni.dll + 2011-04-15 16:01 . 2011-04-15 16:01 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\042658de519bb1e22ec5925092061892\System.Management.ni.dll + 2011-04-15 16:01 . 2011-04-15 16:01 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\d6ae8171ae6fd4fe83add34e6d70e5b5\System.Management.Instrumentation.ni.dll + 2011-04-15 15:59 . 2011-04-15 15:59 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\abd5a61d39e474f12b30ccbbe6277667\System.IO.Log.ni.dll + 2011-04-15 15:59 . 2011-04-15 15:59 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\12c4dba6d4ff0278d208c283d9ed7670\System.IdentityModel.Selectors.ni.dll + 2011-04-15 16:01 . 2011-04-15 16:01 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ff5c7a52497d892f3a3206384d46b5e7\System.EnterpriseServices.Wrapper.dll + 2011-04-15 16:01 . 2011-04-15 16:01 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ff5c7a52497d892f3a3206384d46b5e7\System.EnterpriseServices.ni.dll + 2011-04-15 13:45 . 2011-04-15 13:45 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e6b7128278d8c0e8382a5685f5b196c6\System.Drawing.Design.ni.dll + 2011-04-15 16:01 . 2011-04-15 16:01 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8ef56bf47fc2fc4204e0fcc1f32bab01\System.DirectoryServices.AccountManagement.ni.dll + 2011-04-15 16:01 . 2011-04-15 16:01 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\447d7b4a7d0add13f8d2086088bcc41c\System.DirectoryServices.Protocols.ni.dll + 2011-04-15 16:01 . 2011-04-15 16:01 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ce2afe8854ee9cdc834b6f392348c882\System.Data.Services.Design.ni.dll + 2011-04-15 16:01 . 2011-04-15 16:01 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\03d4658290e300e437e745ef4a613b59\System.Data.Services.Client.ni.dll + 2011-04-15 16:01 . 2011-04-15 16:01 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\7ce21a2855bb7731de4dab797e69f3f6\System.Data.Entity.Design.ni.dll + 2011-04-15 16:00 . 2011-04-15 16:00 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\ea57694aea47c05853516c9bb2ad54b4\System.Data.DataSetExtensions.ni.dll + 2011-04-15 16:00 . 2011-04-15 16:00 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d6b4509225efde2a4e3db77205f8a51\System.Configuration.ni.dll + 2011-04-15 16:00 . 2011-04-15 16:00 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f312bb844670ebc7458fec9e6b2568b3\System.Configuration.Install.ni.dll + 2011-04-15 16:00 . 2011-04-15 16:00 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\afd9595f07a8c68b26e81cf995957f56\System.AddIn.ni.dll + 2011-04-15 16:00 . 2011-04-15 16:00 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\3a42b2fbafe93d7b9395e328bea35afa\SMSvcHost.ni.exe + 2011-04-15 16:00 . 2011-04-15 16:00 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\97ff96d3fc8d0b10ea294f320acf821e\SMDiagnostics.ni.dll + 2011-04-15 16:00 . 2011-04-15 16:00 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\28ed0e9efd938b05b4f53e0d90046701\ServiceModelReg.ni.exe + 2011-04-15 13:45 . 2011-04-15 13:45 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ffe13679e6b3e36e5cb6c47f8c4faf9c\PresentationFramework.Aero.ni.dll + 2011-04-15 13:45 . 2011-04-15 13:45 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dbb40299379f2009c140ddadb04231b4\PresentationFramework.Classic.ni.dll + 2011-04-15 13:45 . 2011-04-15 13:45 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a34cd33cec1bdfebe4a3910bceb8723b\PresentationFramework.Royale.ni.dll + 2011-04-15 13:45 . 2011-04-15 13:45 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\689bb394bcb437ed085c22a43aba30c6\PresentationFramework.Luna.ni.dll + 2011-04-15 16:00 . 2011-04-15 16:00 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5670e74887ef1025c6a8c056ffe86b38\MSBuild.ni.exe + 2011-04-15 16:00 . 2011-04-15 16:00 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\653732002ebf5c68f69150a60e145e6a\Microsoft.Transactions.Bridge.Dtc.ni.dll + 2011-04-15 16:00 . 2011-04-15 16:00 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\cc62770393640302bd4d7e442b1e49a4\Microsoft.Build.Utilities.v3.5.ni.dll + 2011-04-15 16:00 . 2011-04-15 16:00 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\352bff1ee71ce114e225f849038dc48d\Microsoft.Build.Utilities.ni.dll + 2011-04-15 16:00 . 2011-04-15 16:00 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\7345f4d2d7157bf49de4158e8f2b6847\Microsoft.Build.Engine.ni.dll + 2011-04-15 16:00 . 2011-04-15 16:00 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\d7dba901ddd410ca1a0156d0f2a27533\Microsoft.Build.Conversion.v3.5.ni.dll + 2011-04-15 16:00 . 2011-04-15 16:00 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\010552e529d130ce914765b0801e2367\CustomMarshalers.ni.dll + 2011-04-15 16:00 . 2011-04-15 16:00 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\6861f639b13967e9b014b44bbb7c5d4c\ComSvcConfig.ni.exe + 2011-04-15 15:59 . 2011-04-15 15:59 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\800da7dec567fadf3392091e9f01ecb9\AspNetMMCExt.ni.dll - 2010-10-27 15:54 . 2010-10-27 15:54 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll + 2011-04-15 13:09 . 2011-04-15 13:09 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll - 2010-10-27 15:54 . 2010-10-27 15:54 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll + 2011-04-15 13:09 . 2011-04-15 13:09 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll - 2010-10-27 15:54 . 2010-10-27 15:54 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll + 2011-04-15 13:09 . 2011-04-15 13:09 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll + 2011-04-15 13:09 . 2011-04-15 13:09 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll - 2010-10-27 15:54 . 2010-10-27 15:54 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll - 2010-10-27 15:54 . 2010-10-27 15:54 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2011-04-15 13:09 . 2011-04-15 13:09 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll - 2010-10-27 15:54 . 2010-10-27 15:54 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll + 2011-04-15 13:09 . 2011-04-15 13:09 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll + 2011-04-15 13:09 . 2011-04-15 13:09 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll - 2010-10-27 15:54 . 2010-10-27 15:54 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll + 2011-04-15 13:09 . 2011-04-15 13:09 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll - 2010-10-27 15:54 . 2010-10-27 15:54 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll + 2011-04-15 13:09 . 2011-04-15 13:09 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll - 2010-10-27 15:54 . 2010-10-27 15:54 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll - 2010-10-27 15:54 . 2010-10-27 15:54 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll + 2011-04-15 13:09 . 2011-04-15 13:09 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll - 2010-10-27 15:54 . 2010-10-27 15:54 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll + 2011-04-15 13:09 . 2011-04-15 13:09 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll - 2010-10-27 15:54 . 2010-10-27 15:54 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll + 2011-04-15 13:09 . 2011-04-15 13:09 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll + 2011-04-15 13:09 . 2011-04-15 13:09 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll - 2010-10-27 15:54 . 2010-10-27 15:54 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll + 2011-04-15 13:09 . 2011-04-15 13:09 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll - 2010-10-27 15:54 . 2010-10-27 15:54 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll + 2011-04-15 13:09 . 2011-04-15 13:09 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll - 2010-10-27 15:54 . 2010-10-27 15:54 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll - 2010-10-27 15:54 . 2010-10-27 15:54 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll + 2011-04-15 13:09 . 2011-04-15 13:09 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll - 2010-10-27 15:54 . 2010-10-27 15:54 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll + 2011-04-15 13:09 . 2011-04-15 13:09 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll + 2011-04-15 13:09 . 2011-04-15 13:09 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll - 2010-10-27 15:54 . 2010-10-27 15:54 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll + 2011-04-15 13:09 . 2011-04-15 13:09 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll - 2010-10-27 15:54 . 2010-10-27 15:54 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2011-04-15 13:09 . 2011-04-15 13:09 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll - 2010-10-27 15:54 . 2010-10-27 15:54 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll - 2010-10-27 15:54 . 2010-10-27 15:54 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll + 2011-04-15 13:09 . 2011-04-15 13:09 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll + 2011-04-15 13:09 . 2011-04-15 13:09 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll - 2010-10-27 15:54 . 2010-10-27 15:54 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll + 2011-04-15 13:09 . 2011-04-15 13:09 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll - 2010-10-27 15:54 . 2010-10-27 15:54 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll + 2011-04-15 13:09 . 2011-04-15 13:09 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll - 2010-10-27 15:54 . 2010-10-27 15:54 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll + 2011-04-15 13:09 . 2011-04-15 13:09 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2010-10-27 15:54 . 2010-10-27 15:54 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2010-10-27 15:54 . 2010-10-27 15:54 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll + 2011-04-15 13:09 . 2011-04-15 13:09 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll + 2011-04-15 07:17 . 2010-10-23 00:50 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll + 2003-04-02 12:00 . 2011-02-22 23:05 1210880 c:\windows\system32\urlmon.dll - 2003-04-02 12:00 . 2010-12-20 23:52 1210880 c:\windows\system32\urlmon.dll + 2003-04-02 12:00 . 2011-02-22 23:05 5962240 c:\windows\system32\mshtml.dll - 2009-03-08 03:32 . 2010-12-20 23:52 1991680 c:\windows\system32\iertutil.dll + 2009-03-08 03:32 . 2011-02-22 23:05 1991680 c:\windows\system32\iertutil.dll + 2009-08-14 15:10 . 2011-03-03 13:53 1858048 c:\windows\system32\dllcache\win32k.sys - 2009-10-29 05:24 . 2010-12-20 23:52 1210880 c:\windows\system32\dllcache\urlmon.dll + 2009-10-29 05:24 . 2011-02-22 23:05 1210880 c:\windows\system32\dllcache\urlmon.dll + 2009-10-29 18:54 . 2011-02-22 23:05 5962240 c:\windows\system32\dllcache\mshtml.dll - 2010-05-01 07:55 . 2010-12-20 23:52 1991680 c:\windows\system32\dllcache\iertutil.dll + 2010-05-01 07:55 . 2011-02-22 23:05 1991680 c:\windows\system32\dllcache\iertutil.dll - 2010-03-18 11:16 . 2010-03-18 11:16 5196112 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll + 2011-02-10 02:10 . 2011-02-10 02:10 5196112 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll + 2011-02-10 02:10 . 2011-02-10 02:10 1142104 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll + 2011-02-10 02:10 . 2011-02-10 02:10 6735176 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll + 2011-01-18 02:39 . 2011-01-18 02:39 5813072 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - 2010-05-11 04:40 . 2010-05-11 04:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll + 2011-01-18 02:39 . 2011-01-18 02:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll - 2010-10-22 18:16 . 2010-10-22 18:16 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll + 2011-04-15 13:05 . 2011-04-15 13:05 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll + 2011-04-15 13:05 . 2011-04-15 13:05 3481928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll - 2010-10-22 18:16 . 2010-10-22 18:16 3481928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll - 2010-10-22 18:16 . 2010-10-22 18:16 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll + 2011-04-15 13:05 . 2011-04-15 13:05 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll + 2011-04-15 13:05 . 2011-04-15 13:05 4982120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - 2010-10-22 18:16 . 2010-10-22 18:16 4982120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll + 2011-04-15 13:05 . 2011-04-15 13:05 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll - 2010-10-22 18:16 . 2010-10-22 18:16 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll - 2010-10-22 18:16 . 2010-10-22 18:16 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll + 2011-04-15 13:05 . 2011-04-15 13:05 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll + 2011-04-15 13:05 . 2011-04-15 13:05 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll - 2010-10-22 18:16 . 2010-10-22 18:16 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll + 2011-04-15 13:05 . 2011-04-15 13:05 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll - 2010-10-22 18:16 . 2010-10-22 18:16 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll + 2011-04-15 13:05 . 2011-04-15 13:05 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll - 2010-10-22 18:16 . 2010-10-22 18:16 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll - 2010-10-22 18:16 . 2010-10-22 18:16 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll + 2011-04-15 13:05 . 2011-04-15 13:05 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll + 2011-04-15 13:05 . 2011-04-15 13:05 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll - 2010-10-22 18:16 . 2010-10-22 18:16 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll - 2010-10-22 18:16 . 2010-10-22 18:16 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll + 2011-04-15 13:05 . 2011-04-15 13:05 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll + 2011-04-15 13:05 . 2011-04-15 13:05 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll - 2010-10-22 18:16 . 2010-10-22 18:16 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll + 2011-04-15 13:05 . 2011-04-15 13:05 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll - 2010-10-22 18:16 . 2010-10-22 18:16 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll - 2010-10-22 18:16 . 2010-10-22 18:16 5196112 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll + 2011-04-15 13:05 . 2011-04-15 13:05 5196112 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll + 2011-04-15 13:05 . 2011-04-15 13:05 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll - 2010-10-22 18:16 . 2010-10-22 18:16 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll + 2011-04-15 13:10 . 2010-12-20 23:52 1210880 c:\windows\ie8updates\KB2497640-IE8\urlmon.dll + 2011-04-15 13:10 . 2010-12-20 23:52 5961216 c:\windows\ie8updates\KB2497640-IE8\mshtml.dll + 2011-04-15 13:10 . 2010-12-20 23:52 1991680 c:\windows\ie8updates\KB2497640-IE8\iertutil.dll + 2011-04-15 13:07 . 2011-04-15 13:07 3779072 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8d8cf1d60737d945a526fb11577d4b8a\WindowsBase.ni.dll + 2011-04-15 16:30 . 2011-04-15 16:30 1055744 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\28121866e3d6d8b0dc72d9e250b0af1c\UIAutomationClientsideProviders.ni.dll + 2011-04-15 13:06 . 2011-04-15 13:06 9000960 c:\windows\assembly\NativeImages_v4.0.30319_32\System\7abfd34ae39103ceccdfb8b262ed6a97\System.ni.dll + 2011-04-15 13:06 . 2011-04-15 13:06 5571584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\eb45dda4b68ae7f29995c3a3d909fbe7\System.Xml.ni.dll + 2011-04-15 16:02 . 2011-04-15 16:02 1776640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\738a078bc59722d6b06b5ae5e99569f9\System.Xaml.ni.dll + 2011-04-15 16:30 . 2011-04-15 16:30 1203712 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\304d3a73f1164fd6a479d2ce3ce92eeb\System.WorkflowServices.ni.dll + 2011-04-15 16:30 . 2011-04-15 16:30 1956352 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Run#\2ad10d83d89a523c6de788549af858d7\System.Workflow.Runtime.ni.dll + 2011-04-15 16:30 . 2011-04-15 16:30 4428800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\8195c01c967fc24ccb087de40259b8f9\System.Workflow.ComponentModel.ni.dll + 2011-04-15 16:30 . 2011-04-15 16:30 2839552 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\2d7c20df276d8353c5816f4bc765859d\System.Workflow.Activities.ni.dll + 2011-04-15 16:30 . 2011-04-15 16:30 4496384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\eec21f9b08bbed54d9e36038badaf289\System.Windows.Forms.DataVisualization.ni.dll + 2011-04-15 16:03 . 2011-04-15 16:03 1864704 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\9a95136bec3e5267c7577404920d1d45\System.Web.Services.ni.dll + 2011-04-15 16:30 . 2011-04-15 16:30 2324992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\12fe8461716ebb37f3c239be705a3346\System.Web.Mobile.ni.dll + 2011-04-15 16:29 . 2011-04-15 16:29 3079168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\aeb23319f1c21615a69b9dabb3eed1e5\System.Web.Extensions.ni.dll + 2011-04-15 16:29 . 2011-04-15 16:29 4429312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\5eb25b0fc92317024404b1c2f2c47e01\System.Web.DataVisualization.ni.dll + 2011-04-15 16:29 . 2011-04-15 16:29 1992192 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\01a3b3bf7fadd971e17400c8502ec886\System.Speech.ni.dll + 2011-04-15 16:28 . 2011-04-15 16:28 1046528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\809ed279c5eecfa3e211dfe4c3d891e1\System.ServiceModel.Web.ni.dll + 2011-04-15 16:29 . 2011-04-15 16:29 1127424 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\6856341eadab4c3ace0e39182649bba2\System.ServiceModel.Discovery.ni.dll + 2011-04-15 16:29 . 2011-04-15 16:29 1388032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\4048a5620b0fa66a7414cff30155d30c\System.ServiceModel.Activities.ni.dll + 2011-04-15 16:03 . 2011-04-15 16:03 2625024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\c46375bba06671d2a9369e630752987a\System.Runtime.Serialization.ni.dll + 2011-04-15 16:03 . 2011-04-15 16:03 1011200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\6b6309a2e7f384bac4ccbdf1eca34c30\System.Runtime.DurableInstancing.ni.dll + 2011-04-15 16:04 . 2011-04-15 16:04 1047040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\24f97354b0a95ef77b2db8de9e7374fe\System.Printing.ni.dll + 2011-04-15 16:29 . 2011-04-15 16:29 1159168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\05a0937d76f565aa728348fc24f6c2eb\System.Management.ni.dll + 2011-04-15 16:29 . 2011-04-15 16:29 1065984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1f045fc92d6402b27f6b9fb9291d44c3\System.IdentityModel.ni.dll + 2011-04-15 13:06 . 2011-04-15 13:06 1651200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\526f0a9717cbd8a50d09a10b5ce81c0d\System.Drawing.ni.dll + 2011-04-15 16:03 . 2011-04-15 16:03 1151488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\6dc0ed081400ec315f895bdc7fd016c4\System.DirectoryServices.ni.dll + 2011-04-15 16:03 . 2011-04-15 16:03 1872384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\2a2a921350a9651e9bd681197edeb88d\System.Deployment.ni.dll + 2011-04-15 13:07 . 2011-04-15 13:07 6754816 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\adc8f2f7dff3233f2d72bcef8e58226a\System.Data.ni.dll + 2011-04-15 13:06 . 2011-04-15 13:06 2538496 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\c25dda9b477a33f9f235292114bb535c\System.Data.SqlXml.ni.dll + 2011-04-15 16:28 . 2011-04-15 16:28 2008576 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services\f6a18d8564d85567667671e65c1fac93\System.Data.Services.ni.dll + 2011-04-15 16:29 . 2011-04-15 16:29 1332736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\aa778d274523b93d389e581e58698918\System.Data.Services.Client.ni.dll + 2011-04-15 16:03 . 2011-04-15 16:03 1183744 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\f1dd156de604f1a10aeea7108afd5e1f\System.Data.OracleClient.ni.dll + 2011-04-15 13:06 . 2011-04-15 13:06 2499072 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\8e0d083a7ad85b579d176e3594b5f3b8\System.Data.Linq.ni.dll + 2011-04-15 16:28 . 2011-04-15 16:28 1398272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity.#\579e5f92bb6bcc68549c796d2650ea8c\System.Data.Entity.Design.ni.dll + 2011-04-15 13:06 . 2011-04-15 13:06 7025664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\69b1f8a15cdfb26e30c8761fa4f96940\System.Core.ni.dll + 2011-04-15 16:04 . 2011-04-15 16:04 4103168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\ec488a50a47246a625159744ad8e0931\System.Activities.ni.dll + 2011-04-15 16:04 . 2011-04-15 16:04 3691520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\00fb4f96c610880aeee34d8670347a6d\System.Activities.Presentation.ni.dll + 2011-04-15 16:04 . 2011-04-15 16:04 1506304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\a965a0f825fb91ce7cf78d99263968b4\System.Activities.Core.Presentation.ni.dll + 2011-04-15 16:04 . 2011-04-15 16:04 2842624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\3f04b2ab8961aceac03f8ae2ccabe947\ReachFramework.ni.dll + 2011-04-15 16:03 . 2011-04-15 16:03 1622528 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\3aebfb1497141c9466ee8ce68a3bf805\PresentationUI.ni.dll + 2011-04-15 16:03 . 2011-04-15 16:03 1467904 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationBuildTa#\04c896ef9acdfb2e0f068d78f3bb2dfc\PresentationBuildTasks.ni.dll + 2011-04-15 16:03 . 2011-04-15 16:03 1819648 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\ff572ca3a119cd72903df8c6ed667b62\Microsoft.VisualBasic.ni.dll + 2011-04-15 16:03 . 2011-04-15 16:03 1133056 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\e2d6ac83d5e42065b088e086479a1632\Microsoft.VisualBasic.Compatibility.ni.dll + 2011-04-15 16:03 . 2011-04-15 16:03 1167872 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\320f1578082f1de1f8562ce92c0c2dab\Microsoft.VisualBasic.Activities.Compiler.ni.dll + 2011-04-15 16:03 . 2011-04-15 16:03 1079808 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\ac03be8a96bd10965da87208d81eb07d\Microsoft.Transactions.Bridge.ni.dll + 2011-04-15 16:29 . 2011-04-15 16:29 2441728 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\d4572ad085979b16261058f1433e73e9\Microsoft.JScript.ni.dll + 2011-04-15 13:07 . 2011-04-15 13:07 1612288 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\32454400da56267e19961852345d7a62\Microsoft.CSharp.ni.dll + 2011-04-15 16:02 . 2011-04-15 16:02 4226560 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build\9eb482fd45d38ed674a400e280532e83\Microsoft.Build.ni.dll + 2011-04-15 16:03 . 2011-04-15 16:03 2850816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\dfdc36ac2dd7d51f61a05e15fe35c721\Microsoft.Build.Tasks.v4.0.ni.dll + 2011-04-15 16:02 . 2011-04-15 16:02 1914368 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Eng#\bb1cb4e6b20acc14abb6850cd4eecd0a\Microsoft.Build.Engine.ni.dll + 2011-04-15 13:10 . 2011-04-15 13:10 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\76e431fde1b252312b331f7108259fda\WindowsBase.ni.dll + 2011-04-15 13:46 . 2011-04-15 13:46 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\9e022c95e79f2b6f383a501ad99f08a9\UIAutomationClientsideProviders.ni.dll + 2011-04-15 13:10 . 2011-04-15 13:10 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll + 2011-04-15 13:46 . 2011-04-15 13:46 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b06e49ed8cbe07dbb90e313fa634b27b\System.Xml.ni.dll + 2011-04-15 16:02 . 2011-04-15 16:02 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\6346221cecf631e5c0b754d842aad102\System.WorkflowServices.ni.dll + 2011-04-15 16:02 . 2011-04-15 16:02 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\1fbcd203ff8d77d561df8bf806417ab6\System.Workflow.Runtime.ni.dll + 2011-04-15 16:02 . 2011-04-15 16:02 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\efbaf3696c44fd7d4b3cd925e0437b36\System.Workflow.ComponentModel.ni.dll + 2011-04-15 16:02 . 2011-04-15 16:02 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\52a9bc5dd1fa497af7c7f4600bd8e6d1\System.Workflow.Activities.ni.dll + 2011-04-15 16:01 . 2011-04-15 16:01 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f5ebeeb0a8aaba9db15ec3df591339ba\System.Web.Services.ni.dll + 2011-04-15 16:02 . 2011-04-15 16:02 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\92d6b75e3b63b528d4069bf4ee01983a\System.Web.Mobile.ni.dll + 2011-04-15 16:02 . 2011-04-15 16:02 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\02d53154634c8000382942e0f43ead41\System.Web.Extensions.ni.dll + 2011-04-15 13:46 . 2011-04-15 13:46 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\dd128c8e21e7fa14c12b71df9892d046\System.Speech.ni.dll + 2011-04-15 16:02 . 2011-04-15 16:02 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\8b0bb430bb6af96c18b43e3c54cfafe8\System.ServiceModel.Web.ni.dll + 2011-04-15 15:59 . 2011-04-15 15:59 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\85090bd451617e204ffda625b8d9fc30\System.Runtime.Serialization.ni.dll + 2011-04-15 13:46 . 2011-04-15 13:46 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\85a7a7aace114e78fc6c9b219bcd5551\System.Printing.ni.dll + 2011-04-15 15:59 . 2011-04-15 15:59 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\86c59378e9a43bf101a10ad452a4bb8e\System.IdentityModel.ni.dll + 2011-04-15 13:45 . 2011-04-15 13:45 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d912066086a59f09424c7c69f95e2c55\System.Drawing.ni.dll + 2011-04-15 16:01 . 2011-04-15 16:01 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c05d9332116964104c721e97f7ce1058\System.DirectoryServices.ni.dll + 2011-04-15 16:00 . 2011-04-15 16:00 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\0118c0c73ea5c77bda7b10b188102ab6\System.Deployment.ni.dll + 2011-04-15 13:45 . 2011-04-15 13:45 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\1337829e3df6888464a17aab78bb9b8f\System.Data.ni.dll + 2011-04-15 16:00 . 2011-04-15 16:00 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ba3ca7a93e227c32ce7b50d0a7ba935f\System.Data.SqlXml.ni.dll + 2011-04-15 16:01 . 2011-04-15 16:01 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\2de52be5da96059651b5bec800cb4605\System.Data.Services.ni.dll + 2011-04-15 16:01 . 2011-04-15 16:01 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\5018d7d39ee99a18c2c17d68837a7a6d\System.Data.OracleClient.ni.dll + 2011-04-15 13:45 . 2011-04-15 13:45 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\11f1306e0e311a0d0cbd139fb2fa4c36\System.Data.Linq.ni.dll + 2011-04-15 16:01 . 2011-04-15 16:01 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6f83243158f28669aac9577fdb3d5aaf\System.Data.Entity.ni.dll + 2011-04-15 13:45 . 2011-04-15 13:45 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\684fe21837d3cf3e5935bbd0a7f53141\System.Core.ni.dll + 2011-04-15 13:45 . 2011-04-15 13:45 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\12efddabe6fe35be21246c88ed9bf8ab\ReachFramework.ni.dll + 2011-04-15 13:45 . 2011-04-15 13:45 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\257c9327ba9cc5cd87f58de224aa2e0d\PresentationUI.ni.dll + 2011-04-15 13:10 . 2011-04-15 13:10 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\2faf279f73d492469a21f3e74d18955d\PresentationBuildTasks.ni.dll + 2011-04-15 16:00 . 2011-04-15 16:00 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\269103939243ec6929739c8b9a645c0d\Microsoft.VisualBasic.ni.dll + 2011-04-15 16:00 . 2011-04-15 16:00 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\bf7bd26d2828e35156814018939ce4f6\Microsoft.Transactions.Bridge.ni.dll + 2011-04-15 16:01 . 2011-04-15 16:01 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\6594c17d7e112b0507b701d5b8a67bba\Microsoft.JScript.ni.dll + 2011-04-15 16:00 . 2011-04-15 16:00 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\f5eb1e42ccd0f67f7496b94a31949cd0\Microsoft.Build.Tasks.ni.dll + 2011-04-15 16:00 . 2011-04-15 16:00 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\cc7f05675a5cd8014222be1483d6beaf\Microsoft.Build.Tasks.v3.5.ni.dll + 2011-04-15 16:00 . 2011-04-15 16:00 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\41cf95aa4ff5765b515d3252abc6353b\Microsoft.Build.Engine.ni.dll - 2010-10-27 15:54 . 2010-10-27 15:54 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll + 2011-04-15 13:09 . 2011-04-15 13:09 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll + 2011-04-15 13:09 . 2011-04-15 13:09 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll - 2010-10-27 15:54 . 2010-10-27 15:54 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll + 2011-04-15 13:09 . 2011-04-15 13:09 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - 2010-10-27 15:54 . 2010-10-27 15:54 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - 2010-10-27 15:54 . 2010-10-27 15:54 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll + 2011-04-15 13:09 . 2011-04-15 13:09 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll + 2011-04-15 13:09 . 2011-04-15 13:09 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll - 2010-10-27 15:54 . 2010-10-27 15:54 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll + 2011-04-15 13:09 . 2011-04-15 13:09 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll - 2010-10-27 15:54 . 2010-10-27 15:54 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll - 2010-10-27 15:54 . 2010-10-27 15:54 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll + 2011-04-15 13:09 . 2011-04-15 13:09 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll + 2010-01-18 08:39 . 2011-04-15 13:02 39828936 c:\windows\system32\MRT.exe - 2009-03-08 03:39 . 2010-12-21 04:22 11080704 c:\windows\system32\ieframe.dll + 2009-03-08 03:39 . 2011-02-22 23:05 11080704 c:\windows\system32\ieframe.dll + 2010-02-25 09:45 . 2011-02-22 23:05 11080704 c:\windows\system32\dllcache\ieframe.dll - 2010-02-25 09:45 . 2010-12-21 04:22 11080704 c:\windows\system32\dllcache\ieframe.dll + 2011-02-11 18:47 . 2011-02-11 18:47 12028928 c:\windows\Installer\13aa0f3.msp + 2011-02-11 06:43 . 2011-02-11 06:43 10951168 c:\windows\Installer\13aa0e8.msp + 2011-04-15 13:10 . 2010-12-21 04:22 11080704 c:\windows\ie8updates\KB2497640-IE8\ieframe.dll + 2011-04-15 13:06 . 2011-04-15 13:06 13006336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\85b61e27d3c08c0c8ff19deb75912e1d\System.Windows.Forms.ni.dll + 2011-04-15 16:03 . 2011-04-15 16:03 11917312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\cbb8ea4c34417e0f8bb28173fa144b15\System.Web.ni.dll + 2011-04-15 16:28 . 2011-04-15 16:28 17919488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\8964b15d32028ef9dfe776216af8524d\System.ServiceModel.ni.dll + 2011-04-15 13:07 . 2011-04-15 13:07 10847744 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\52846d07f7717330921b70d23e36b34c\System.Design.ni.dll + 2011-04-15 16:28 . 2011-04-15 16:28 13273600 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\38409bc0ee7cdb9fbc981fefea83ab23\System.Data.Entity.ni.dll + 2011-04-15 13:07 . 2011-04-15 13:07 17629184 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f1e3e74b135fcd61fa30090a2c2596a6\PresentationFramework.ni.dll + 2011-04-15 13:07 . 2011-04-15 13:07 11058176 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\3fe193ac81b9eafd76aafeec99bdbf6a\PresentationCore.ni.dll + 2011-04-15 13:06 . 2011-04-15 13:06 14415872 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\eb4e1e70734f6efb9c7de7ec5f452c9e\mscorlib.ni.dll + 2011-04-15 13:46 . 2011-04-15 13:46 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ed2bf0d86229128c194a872f70fe15ee\System.Windows.Forms.ni.dll + 2011-04-15 16:01 . 2011-04-15 16:01 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d7b7ee04166212533ae21eaeb584fb0d\System.Web.ni.dll + 2011-04-15 16:00 . 2011-04-15 16:00 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\b5f24d96334ea08b99350421450d3ba4\System.ServiceModel.ni.dll + 2011-04-15 13:45 . 2011-04-15 13:45 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\5aeadb9ff9a86f49130de5976a9f1744\System.Design.ni.dll + 2011-04-15 13:45 . 2011-04-15 13:45 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1a5d89d569e2e12842daf4d87c57361a\PresentationFramework.ni.dll + 2011-04-15 13:45 . 2011-04-15 13:45 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\46c57d845e55232a89e98101075cd455\PresentationCore.ni.dll + 2011-04-15 13:10 . 2011-04-15 13:10 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll . -- Snapshot auf jetziges Datum zurückgesetzt -- . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320] "SkyTel"="SkyTel.EXE" [2006-05-16 2879488] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504] . c:\dokumente und einstellungen\Kilaoa\Startmen\Programme\Autostart\ Stardock ObjectDock.lnk - c:\programme\Stardock\ObjectDockFree\ObjectDock.exe [N/A] . c:\dokumente und einstellungen\Kilaoa\Startmen\Programme\Autostart\ Stardock ObjectDock.lnk - c:\programme\Stardock\ObjectDockFree\ObjectDock.exe [N/A] . c:\dokumente und einstellungen\Kilaoa\Startmen\Programme\Autostart\ Stardock ObjectDock.lnk - c:\programme\Stardock\ObjectDockFree\ObjectDock.exe [N/A] . c:\dokumente und einstellungen\Kilaoa\Startmen\Programme\Autostart\ Stardock ObjectDock.lnk - c:\programme\Stardock\ObjectDockFree\ObjectDock.exe [N/A] . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsNetHood"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "NAUpdate"=2 (0x2) "SandraAgentSrv"=3 (0x3) "npggsvc"=3 (0x3) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\mIRC\\mirc.exe"= "c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\NexonEU\\NGM\\NGM.exe"= "e:\\Spiele\\World of Warcraft\\Launcher.exe"= "c:\\Programme\\Mozilla Firefox\\firefox.exe"= "e:\\Spiele\\World of Warcraft\\WoW-3.3.2.11403-to-3.3.3.11685-deDE-downloader.exe"= "c:\\Programme\\Java\\jre6\\bin\\javaw.exe"= "e:\\Spiele\\World of Warcraft\\WoW-3.2.0-deDE-downloader.exe"= "e:\\Spiele\\World of Warcraft\\WoW-3.3.3.11685-to-3.3.3.11723-deDE-downloader.exe"= "c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2011.SP1\\RpcAgentSrv.exe"= "c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2011.SP1\\WNt500x86\\RpcSandraSrv.exe"= "c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programme\\Opera\\opera.exe"= "c:\\Dokumente und Einstellungen\\Kilaoa\\Lokale Einstellungen\\Apps\\2.0\\NDB1HLDX.2MH\\Z37R629G.YHD\\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\\CurseClient.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "1036:TCP"= 1036:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [17.01.2010 18:15 114768] R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [17.02.2010 11:25 12872] R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [17.02.2010 11:15 67656] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.01.2010 18:15 20560] R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [27.06.2010 22:26 17792] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 13:16 130384] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\62.tmp --> c:\windows\system32\62.tmp [?] S3 SASENUM;SASENUM;c:\programme\SUPERAntiSpyware\SASENUM.SYS [17.02.2010 11:15 12872] S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [01.12.2009 15:49 34896] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 13:16 753504] S4 NAUpdate;@c:\programme\Nero\Update\NASvc.exe,-200;c:\programme\Nero\Update\NASvc.exe [04.05.2010 12:07 503080] S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] . Inhalt des "geplante Tasks" Ordners . 2011-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1343024091-725345543-1004Core.job - c:\dokumente und einstellungen\Kilaoa\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2010-11-04 22:24] . 2011-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1343024091-725345543-1004UA.job - c:\dokumente und einstellungen\Kilaoa\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2010-11-04 22:24] . . ------- Zusätzlicher Suchlauf ------- . uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local> FF - ProfilePath - c:\dokumente und einstellungen\Kilaoa\Anwendungsdaten\Mozilla\Firefox\Profiles\f33atzoq.default\ FF - prefs.js: browser.startup.homepage - about:blank . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2011-04-15 20:23 Windows 5.1.2600 Service Pack 3 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\62.tmp" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-1454471165-1343024091-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}] @DACL=(02 0000) @="Microsoft-Datenträgerkontingent" "NoMachinePolicy"=dword:00000000 "NoUserPolicy"=dword:00000001 "NoSlowLink"=dword:00000001 "NoBackgroundPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 "PerUserLocalSettings"=dword:00000000 "RequiresSuccessfulRegistry"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000000 "DllName"=expand:"dskquota.dll" "ProcessGroupPolicy"="ProcessGroupPolicy" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}] @DACL=(02 0000) @="Internet Explorer Zonemapping" "DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll" "ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap" "NoGPOListChanges"=dword:00000001 "RequiresSucessfulRegistry"=dword:00000001 "DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051" "RequiresSuccessfulRegistry"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}] @DACL=(02 0000) @="Internet Explorer User Accelerators" "DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051" "DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll" "NoGPOListChanges"=dword:00000001 "ProcessGroupPolicy"="ProcessGroupPolicyForActivities" "ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx" "RequiresSuccessfulRegistry"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}] @DACL=(02 0000) "ProcessGroupPolicy"="SceProcessSecurityPolicyGPO" "GenerateGroupPolicy"="SceGenerateGroupPolicy" "ExtensionRsopPlanningDebugLevel"=dword:00000001 "ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx" "ExtensionDebugLevel"=dword:00000001 "DllName"=expand:"scecli.dll" @="Security" "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000001 "MaxNoGPOListChangesInterval"=dword:000003c0 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}] @DACL=(02 0000) "ProcessGroupPolicyEx"="ProcessGroupPolicyEx" "GenerateGroupPolicy"="GenerateGroupPolicy" "ProcessGroupPolicy"="ProcessGroupPolicy" "DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll" @="Internet Explorer Branding" "NoSlowLink"=dword:00000001 "NoBackgroundPolicy"=dword:00000000 "NoGPOListChanges"=dword:00000001 "NoMachinePolicy"=dword:00000001 "DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3014" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}] @DACL=(02 0000) "ProcessGroupPolicy"="SceProcessEFSRecoveryGPO" "DllName"=expand:"scecli.dll" @="EFS recovery" "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 "RequiresSuccessfulRegistry"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}] @DACL=(02 0000) @="802.3 Group Policy" "DisplayName"=expand:"@dot3gpclnt.dll,-100" "ProcessGroupPolicyEx"="ProcessLANPolicyEx" "GenerateGroupPolicy"="GenerateLANPolicy" "DllName"=expand:"dot3gpclnt.dll" "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}] @DACL=(02 0000) @="Microsoft Offline Files" "DllName"=expand:"%SystemRoot%\\System32\\cscui.dll" "EnableAsynchronousProcessing"=dword:00000000 "NoBackgroundPolicy"=dword:00000000 "NoGPOListChanges"=dword:00000000 "NoMachinePolicy"=dword:00000000 "NoSlowLink"=dword:00000000 "NoUserPolicy"=dword:00000001 "PerUserLocalSettings"=dword:00000000 "ProcessGroupPolicy"="ProcessGroupPolicy" "RequiresSuccessfulRegistry"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}] @DACL=(02 0000) @="Softwareinstallation" "DllName"=expand:"appmgmts.dll" "ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx" "GenerateGroupPolicy"="GenerateGroupPolicy" "NoBackgroundPolicy"=dword:00000000 "RequiresSucessfulRegistry"=dword:00000000 "NoSlowLink"=dword:00000001 "PerUserLocalSettings"=dword:00000001 "EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}] @DACL=(02 0000) @="Internet Explorer Machine Accelerators" "DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051" "DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll" "NoGPOListChanges"=dword:00000001 "ProcessGroupPolicy"="ProcessGroupPolicyForActivities" "ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx" "RequiresSuccessfulRegistry"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] @DACL=(02 0000) "DllName"="c:\\Programme\\SUPERAntiSpyware\\SASWINLO.dll" "Logon"="SABWINLOLogon" "Logoff"="SABWINLOLogoff" "Startup"="SABWINLOStartup" "Shutdown"="SABWINLOShutdown" "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] @DACL=(02 0000) "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=expand:"crypt32.dll" "Logoff"="ChainWlxLogoffEvent" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] @DACL=(02 0000) "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=expand:"cryptnet.dll" "Logoff"="CryptnetWlxLogoffEvent" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] @DACL=(02 0000) "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy] @DACL=(02 0000) "Asynchronous"=dword:00000001 "DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll" "Startup"="WlDimsStartup" "Shutdown"="WlDimsShutdown" "Logon"="WlDimsLogon" "Logoff"="WlDimsLogoff" "StartShell"="WlDimsStartShell" "Lock"="WlDimsLock" "Unlock"="WlDimsUnlock" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] @DACL=(02 0000) "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] @DACL=(02 0000) "Asynchronous"=dword:00000000 "DllName"=expand:"wlnotify.dll" "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] @DACL=(02 0000) "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=expand:"sclgntfy.dll" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] @DACL=(02 0000) "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] @DACL=(02 0000) "Asynchronous"=dword:00000000 "DllName"=expand:"wlnotify.dll" "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] @DACL=(02 0000) "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList] @DACL=(02 0000) "Hilfeassistent"=dword:00000000 "TsInternetUser"=dword:00000000 "SQLAgentCmdExec"=dword:00000000 "NetShowServices"=dword:00000000 "HelpAssistant"=dword:00000000 "IWAM_"=dword:00010000 "IUSR_"=dword:00010000 "VUSR_"=dword:00010000 "ASPNET"=dword:00000000 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'explorer.exe'(2636) c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll . Zeit der Fertigstellung: 2011-04-15 20:24:50 ComboFix-quarantined-files.txt 2011-04-15 18:24 ComboFix2.txt 2011-04-14 16:56 . Vor Suchlauf: 13 Verzeichnis(se), 80.502.054.912 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 80.498.671.616 Bytes frei . - - End Of File - - 038B83F79FFCBD47B145D09EB4EECD53 |
15.04.2011, 20:51 | #13 |
/// Winkelfunktion /// TB-Süch-Tiger™ | appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
15.04.2011, 22:30 | #14 |
| appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise So und weiter geht's. GMER lief sauber durch, hat nur fast 1 1/2 Std. gebraucht. Bei OSAM war mir aufgefallen, dass da irgendwas mit der Logonui.exe war, die hatte ich mal manuell verändert (keine Ahnung ob das relevant ist) Nun hier die Logs: Gmer: Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net Rootkit scan 2011-04-15 23:14:23 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.1AC0 Running: 5f9ftjlg.exe; Driver: C:\DOKUME~1\Kilaoa\LOKALE~1\Temp\uxtdqpow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA4FC76B8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA4FC7574] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA4FC7A52] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA4FC714C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA4FC764E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA4FC708C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA4FC70F0] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA4FC776E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA4FC772E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA4FC78AE] Code \??\C:\DOKUME~1\Kilaoa\LOKALE~1\Temp\catchme.sys pIofCallDriver ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6543380, 0x566465, 0xE8000020] ? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. ! ? C:\DOKUME~1\Kilaoa\LOKALE~1\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. ! ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[916] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002 IAT C:\WINDOWS\system32\services.exe[916] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000 ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@ Microsoft-Datentr?gerkontingent Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoMachinePolicy 0 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoUserPolicy 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoSlowLink 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoBackgroundPolicy 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoGPOListChanges 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@PerUserLocalSettings 0 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@RequiresSuccessfulRegistry 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@EnableAsynchronousProcessing 0 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@DllName dskquota.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@ProcessGroupPolicy ProcessGroupPolicy Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@ Internet Explorer Zonemapping Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@DllName C:\WINDOWS\system32\iedkcs32.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@ProcessGroupPolicy ProcessGroupPolicyForZoneMap Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@NoGPOListChanges 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@RequiresSucessfulRegistry 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@DisplayName @C:\WINDOWS\system32\iedkcs32.dll.mui,-3051 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@RequiresSuccessfulRegistry 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@ Internet Explorer User Accelerators Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@DisplayName @C:\WINDOWS\system32\iedkcs32.dll.mui,-3051 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@DllName C:\WINDOWS\system32\iedkcs32.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@NoGPOListChanges 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@ProcessGroupPolicy ProcessGroupPolicyForActivities Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@ProcessGroupPolicyEx ProcessGroupPolicyForActivitiesEx Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@RequiresSuccessfulRegistry 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicy SceProcessSecurityPolicyGPO Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@GenerateGroupPolicy SceGenerateGroupPolicy Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ExtensionRsopPlanningDebugLevel 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicyEx SceProcessSecurityPolicyGPOEx Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ExtensionDebugLevel 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@DllName scecli.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ Security Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@NoUserPolicy 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@NoGPOListChanges 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@EnableAsynchronousProcessing 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@MaxNoGPOListChangesInterval 960 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ProcessGroupPolicyEx ProcessGroupPolicyEx Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@GenerateGroupPolicy GenerateGroupPolicy Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ProcessGroupPolicy ProcessGroupPolicy Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@DllName C:\WINDOWS\system32\iedkcs32.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ Internet Explorer Branding Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoSlowLink 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoBackgroundPolicy 0 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoGPOListChanges 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoMachinePolicy 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@DisplayName @C:\WINDOWS\system32\iedkcs32.dll.mui,-3014 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicy SceProcessEFSRecoveryGPO Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@DllName scecli.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@ EFS recovery Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@NoUserPolicy 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@NoGPOListChanges 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@RequiresSuccessfulRegistry 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@ 802.3 Group Policy Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@DisplayName @dot3gpclnt.dll,-100 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@ProcessGroupPolicyEx ProcessLANPolicyEx Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@GenerateGroupPolicy GenerateLANPolicy Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@DllName dot3gpclnt.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@NoUserPolicy 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@NoGPOListChanges 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@ Microsoft Offline Files Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@DllName %SystemRoot%\System32\cscui.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@EnableAsynchronousProcessing 0 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoBackgroundPolicy 0 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoGPOListChanges 0 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoMachinePolicy 0 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoSlowLink 0 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoUserPolicy 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@PerUserLocalSettings 0 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@ProcessGroupPolicy ProcessGroupPolicy Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@RequiresSuccessfulRegistry 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@ Softwareinstallation Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@DllName appmgmts.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@ProcessGroupPolicyEx ProcessGroupPolicyObjectsEx Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@GenerateGroupPolicy GenerateGroupPolicy Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@NoBackgroundPolicy 0 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@RequiresSucessfulRegistry 0 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@NoSlowLink 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@PerUserLocalSettings 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@EventSources (Application Management,Application)?(MsiInstaller,Application)? Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@ Internet Explorer Machine Accelerators Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@DisplayName @C:\WINDOWS\system32\iedkcs32.dll.mui,-3051 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@DllName C:\WINDOWS\system32\iedkcs32.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@NoGPOListChanges 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@ProcessGroupPolicy ProcessGroupPolicyForActivities Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@ProcessGroupPolicyEx ProcessGroupPolicyForActivitiesEx Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@RequiresSuccessfulRegistry 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@DllName C:\Programme\SUPERAntiSpyware\SASWINLO.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Logon SABWINLOLogon Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Logoff SABWINLOLogoff Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Startup SABWINLOStartup Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Shutdown SABWINLOShutdown Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Asynchronous 0 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Impersonate 0 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@Asynchronous 0 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@Impersonate 0 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@DllName crypt32.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@Logoff ChainWlxLogoffEvent Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@Asynchronous 0 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@Impersonate 0 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@DllName cryptnet.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@Logoff CryptnetWlxLogoffEvent Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@DLLName cscdll.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Logon WinlogonLogonEvent Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Logoff WinlogonLogoffEvent Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@ScreenSaver WinlogonScreenSaverEvent Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Startup WinlogonStartupEvent Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Shutdown WinlogonShutdownEvent Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@StartShell WinlogonStartShellEvent Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Impersonate 0 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Asynchronous 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Asynchronous 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@DllName %SystemRoot%\System32\dimsntfy.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Startup WlDimsStartup Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Shutdown WlDimsShutdown Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Logon WlDimsLogon Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Logoff WlDimsLogoff Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@StartShell WlDimsStartShell Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Lock WlDimsLock Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Unlock WlDimsUnlock Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@DLLName wlnotify.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Logon SCardStartCertProp Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Logoff SCardStopCertProp Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Lock SCardSuspendCertProp Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Unlock SCardResumeCertProp Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Enabled 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Impersonate 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Asynchronous 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@Asynchronous 0 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@DllName wlnotify.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@Impersonate 0 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@StartShell SchedStartShell Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@Logoff SchedEventLogOff Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@Logoff WLEventLogoff Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@Impersonate 0 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@Asynchronous 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@DllName sclgntfy.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@DLLName WlNotify.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Lock SensLockEvent Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Logon SensLogonEvent Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Logoff SensLogoffEvent Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Safe 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@MaxWait 600 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@StartScreenSaver SensStartScreenSaverEvent Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@StopScreenSaver SensStopScreenSaverEvent Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Startup SensStartupEvent Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Shutdown SensShutdownEvent Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@StartShell SensStartShellEvent Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@PostShell SensPostShellEvent Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Disconnect SensDisconnectEvent Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Reconnect SensReconnectEvent Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Unlock SensUnlockEvent Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Impersonate 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Asynchronous 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Asynchronous 0 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@DllName wlnotify.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Impersonate 0 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Logoff TSEventLogoff Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Logon TSEventLogon Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@PostShell TSEventPostShell Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Shutdown TSEventShutdown Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@StartShell TSEventStartShell Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Startup TSEventStartup Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@MaxWait 600 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Reconnect TSEventReconnect Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Disconnect TSEventDisconnect Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@DLLName wlnotify.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Logon RegisterTicketExpiredNotificationEvent Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Logoff UnregisterTicketExpiredNotificationEvent Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Impersonate 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Asynchronous 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@Hilfeassistent 0 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@TsInternetUser 0 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@SQLAgentCmdExec 0 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@NetShowServices 0 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@HelpAssistant 0 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@IWAM_ 65536 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@IUSR_ 65536 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@VUSR_ 65536 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@ASPNET 0 ---- EOF - GMER 1.0.15 ---- Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 23:34:01 on 15.04.2011 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskUserS-1-5-21-1454471165-1343024091-725345543-1004Core.job" - "Google Inc." - C:\Dokumente und Einstellungen\Kilaoa\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-1454471165-1343024091-725345543-1004UA.job" - "Google Inc." - C:\Dokumente und Einstellungen\Kilaoa\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile USB Driver" (USBAAPL) - ? - C:\WINDOWS\System32\Drivers\usbaapl.sys (File not found) "aswFsBlk" (aswFsBlk) - "ALWIL Software" - C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys "aswRdr" (aswRdr) - "ALWIL Software" - C:\WINDOWS\system32\drivers\aswRdr.sys "avast! Asynchronous Virus Monitor" (Aavmker4) - "ALWIL Software" - C:\WINDOWS\system32\drivers\Aavmker4.sys "avast! Network Shield Support" (aswTdi) - "ALWIL Software" - C:\WINDOWS\system32\drivers\aswTdi.sys "avast! Self Protection" (aswSP) - "ALWIL Software" - C:\WINDOWS\system32\drivers\aswSP.sys "avast! Standard Shield Support" (aswMon2) - "ALWIL Software" - C:\WINDOWS\system32\drivers\aswMon2.sys "Avnex Virtual Audio Device (WDM)" (VCSVADHWSer) - "Avnex" - C:\WINDOWS\System32\DRIVERS\vcsvad.sys "Belkin Wireless G USB Network Adapter(Belkin)" (BLKWGU(Belkin)) - "Belkin Corporation" - C:\WINDOWS\System32\DRIVERS\BLKWGU.sys "catchme" (catchme) - ? - C:\DOKUME~1\Kilaoa\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "EagleNT" (EagleNT) - ? - C:\WINDOWS\system32\drivers\EagleNT.sys (File not found) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "mbr" (mbr) - ? - C:\CoFi\mbr.sys (Hidden registry entry, rootkit activity | File not found) "MEMSWEEP2" (MEMSWEEP2) - ? - C:\WINDOWS\system32\62.tmp (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "SANDRA" (SANDRA) - ? - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP1\WNt500x86\Sandra.sys (File not found) "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS "SASENUM" (SASENUM) - " SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASENUM.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS "StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys (File not found) "uxtdqpow" (uxtdqpow) - ? - C:\DOKUME~1\Kilaoa\LOKALE~1\Temp\uxtdqpow.sys (Hidden registry entry, rootkit activity | File not found) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "ZDPSp50 NDIS Protocol Driver" (ZDPSp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\System32\Drivers\ZDPSp50.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll {472083B0-C522-11CF-8763-00608CC02F24} "avast" - "ALWIL Software" - C:\Programme\Alwil Software\Avast4\ashShell.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? - (File not found | COM-object registry key not found) {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll {1984D045-52CF-49cd-DB77-08F378FEA4DB} "ObjectDockShlExt" - ? - (File not found | COM-object registry key not found) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll {1984D045-52CF-49cd-DB77-08F378FEA4DB} {000214e8-0000-0000-c000-000000000046} 0x401 "{1984D045-52CF-49cd-DB77-08F378FEA4DB} {000214e8-0000-0000-c000-000000000046} 0x401" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Programme\Spybot\SDHelper.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Programme\Spybot\SDHelper.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Kilaoa\Startmenü\Programme\Autostart\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avast!" - "ALWIL Software" - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "avast! Antivirus" (avast! Antivirus) - "ALWIL Software" - C:\Programme\Alwil Software\Avast4\ashServ.exe "avast! iAVS4 Control Service" (aswUpdSv) - "ALWIL Software" - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe "avast! Mail Scanner" (avast! Mail Scanner) - "ALWIL Software" - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe "avast! Web Scanner" (avast! Web Scanner) - "ALWIL Software" - C:\Programme\Alwil Software\Avast4\ashWebSv.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )----- "UIHost" - "Microsoft Corporation" - C:\WINDOWS\system32\logonui.exe -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {B587E2B1-4D59-4e7e-AED9-22B9DF11D053} "802.3 Group Policy" - "Microsoft Corporation" - C:\WINDOWS\system32\dot3gpclnt.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A} "EFS recovery" - "Microsoft Corporation" - C:\WINDOWS\system32\scecli.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B} "Internet Explorer Branding" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} "Internet Explorer Machine Accelerators" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {7B849a69-220F-451E-B3FE-2CB811AF94AE} "Internet Explorer User Accelerators" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3} "Internet Explorer Zonemapping" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {C631DF4C-088F-4156-B058-4375F0853CD8} "Microsoft Offline Files" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {3610eda5-77ef-11d2-8dc5-00c04fa31a66} "Microsoft-Datenträgerkontingent" - "Microsoft Corporation" - C:\WINDOWS\system32\dskquota.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {827D319E-6EAC-11D2-A4EA-00C04F79F83A} "Security" - "Microsoft Corporation" - C:\WINDOWS\system32\scecli.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (Hidden registry entry, rootkit activity | File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (Hidden registry entry, rootkit activity) "crypt32chain" - "Microsoft Corporation" - C:\WINDOWS\system32\crypt32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "cryptnet" - "Microsoft Corporation" - C:\WINDOWS\system32\cryptnet.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "cscdll" - "Microsoft Corporation" - C:\WINDOWS\system32\cscdll.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "dimsntfy" - "Microsoft Corporation" - C:\WINDOWS\System32\dimsntfy.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "ScCertProp" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "Schedule" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "sclgntfy" - "Microsoft Corporation" - C:\WINDOWS\system32\sclgntfy.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "SensLogn" - "Microsoft Corporation" - C:\WINDOWS\system32\WlNotify.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "termsrv" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "wlballoon" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows XP Home Edition Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000001d Kernel Drivers (total 124): 0x804D7000 \WINDOWS\system32\ntoskrnl.exe 0x80701000 \WINDOWS\system32\hal.dll 0xF7987000 \WINDOWS\system32\KDCOM.DLL 0xF7897000 \WINDOWS\system32\BOOTVID.dll 0xF75A7000 ACPI.sys 0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS 0xF7596000 pci.sys 0xF75F7000 ohci1394.sys 0xF7607000 \WINDOWS\System32\DRIVERS\1394BUS.SYS 0xF7617000 isapnp.sys 0xF7A4F000 pciide.sys 0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS 0xF7627000 MountMgr.sys 0xF74D7000 ftdisk.sys 0xF770F000 PartMgr.sys 0xF7637000 VolSnap.sys 0xF74BF000 atapi.sys 0xF7B1F000 iaStor.sys 0xF7647000 disk.sys 0xF7657000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS 0xF749F000 fltmgr.sys 0xF748D000 sr.sys 0xF7476000 KSecDD.sys 0xB8773000 Ntfs.sys 0xB8746000 NDIS.sys 0xB872C000 Mup.sys 0xF76A7000 \SystemRoot\System32\DRIVERS\nic1394.sys 0xB8233000 \SystemRoot\System32\DRIVERS\intelppm.sys 0xB6543000 \SystemRoot\system32\DRIVERS\nv4_mini.sys 0xB652F000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xB6507000 \SystemRoot\System32\DRIVERS\HDAudBus.sys 0xB64F3000 \SystemRoot\System32\DRIVERS\Rtenicxp.sys 0xF7757000 \SystemRoot\System32\DRIVERS\usbuhci.sys 0xB64CF000 \SystemRoot\System32\DRIVERS\USBPORT.SYS 0xF775F000 \SystemRoot\System32\DRIVERS\usbehci.sys 0xF7767000 \SystemRoot\System32\DRIVERS\fdc.sys 0xB64BB000 \SystemRoot\System32\DRIVERS\parport.sys 0xB8608000 \SystemRoot\System32\DRIVERS\gameenum.sys 0xB8223000 \SystemRoot\System32\DRIVERS\serial.sys 0xB8604000 \SystemRoot\System32\DRIVERS\serenum.sys 0xB8213000 \SystemRoot\System32\DRIVERS\imapi.sys 0xB8203000 \SystemRoot\System32\DRIVERS\cdrom.sys 0xB81F3000 \SystemRoot\System32\DRIVERS\redbook.sys 0xB6498000 \SystemRoot\System32\DRIVERS\ks.sys 0xF776F000 \SystemRoot\system32\DRIVERS\vcsvad.sys 0xB6474000 \SystemRoot\system32\DRIVERS\portcls.sys 0xB81E3000 \SystemRoot\system32\DRIVERS\drmk.sys 0xF7A9F000 \SystemRoot\System32\DRIVERS\audstub.sys 0xB81D3000 \SystemRoot\System32\DRIVERS\rasl2tp.sys 0xB85FC000 \SystemRoot\System32\DRIVERS\ndistapi.sys 0xB645D000 \SystemRoot\System32\DRIVERS\ndiswan.sys 0xB81C3000 \SystemRoot\System32\DRIVERS\raspppoe.sys 0xB81B3000 \SystemRoot\System32\DRIVERS\raspptp.sys 0xF7777000 \SystemRoot\System32\DRIVERS\TDI.SYS 0xB644C000 \SystemRoot\System32\DRIVERS\psched.sys 0xB6F96000 \SystemRoot\System32\DRIVERS\msgpc.sys 0xF777F000 \SystemRoot\System32\DRIVERS\ptilink.sys 0xF7787000 \SystemRoot\System32\DRIVERS\raspti.sys 0xB6F86000 \SystemRoot\System32\DRIVERS\termdd.sys 0xF778F000 \SystemRoot\System32\DRIVERS\kbdclass.sys 0xF7797000 \SystemRoot\System32\DRIVERS\mouclass.sys 0xF79CD000 \SystemRoot\System32\DRIVERS\swenum.sys 0xB63EE000 \SystemRoot\System32\DRIVERS\update.sys 0xB85F4000 \SystemRoot\System32\DRIVERS\mssmbios.sys 0xB863C000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xA6AB0000 \SystemRoot\system32\drivers\RtkHDAud.sys 0xAA3A3000 \SystemRoot\System32\DRIVERS\usbhub.sys 0xF79A5000 \SystemRoot\System32\DRIVERS\USBD.SYS 0xAFCBC000 \SystemRoot\System32\DRIVERS\flpydisk.sys 0xF79A7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xAEE5B000 \SystemRoot\System32\Drivers\Null.SYS 0xF79A9000 \SystemRoot\System32\Drivers\Beep.SYS 0xAFCAC000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS 0xAFCA4000 \SystemRoot\System32\drivers\vga.sys 0xF79AB000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF79AD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xAFC9C000 \SystemRoot\System32\Drivers\Msfs.SYS 0xAFC94000 \SystemRoot\System32\Drivers\Npfs.SYS 0xB32DE000 \SystemRoot\System32\DRIVERS\rasacd.sys 0xA6A41000 \SystemRoot\System32\DRIVERS\ipsec.sys 0xA69E8000 \SystemRoot\System32\DRIVERS\tcpip.sys 0xA69C2000 \SystemRoot\System32\DRIVERS\ipnat.sys 0xAA373000 \SystemRoot\System32\Drivers\aswTdi.SYS 0xAA363000 \SystemRoot\System32\DRIVERS\wanarp.sys 0xA699A000 \SystemRoot\System32\DRIVERS\netbt.sys 0xAA353000 \SystemRoot\System32\DRIVERS\arp1394.sys 0xA6978000 \SystemRoot\System32\drivers\afd.sys 0xAA343000 \SystemRoot\System32\DRIVERS\netbios.sys 0xA6956000 \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS 0xAD0DC000 \??\C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS 0xA692B000 \SystemRoot\System32\DRIVERS\rdbss.sys 0xA68BB000 \SystemRoot\System32\DRIVERS\mrxsmb.sys 0xA9688000 \SystemRoot\System32\Drivers\Fips.SYS 0xA4FBF000 \SystemRoot\System32\Drivers\aswSP.SYS 0xAD094000 \SystemRoot\System32\Drivers\Aavmker4.SYS 0xA9704000 \SystemRoot\System32\DRIVERS\usbccgp.sys 0xAFCFC000 \SystemRoot\System32\DRIVERS\hidusb.sys 0xA8D98000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS 0x9EFA1000 \SystemRoot\System32\DRIVERS\BLKWGU.sys 0xA14A2000 \SystemRoot\System32\DRIVERS\kbdhid.sys 0xA1034000 \SystemRoot\System32\DRIVERS\mouhid.sys 0xA115B000 \SystemRoot\System32\Drivers\Cdfs.SYS 0x9EEE1000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0xBF800000 \SystemRoot\System32\win32k.sys 0xA0124000 \SystemRoot\System32\drivers\Dxapi.sys 0xB35E1000 \SystemRoot\System32\watchdog.sys 0xBD000000 \SystemRoot\System32\drivers\dxg.sys 0x9FFD2000 \SystemRoot\System32\drivers\dxgthk.sys 0xBD012000 \SystemRoot\System32\nv4_disp.dll 0xBD635000 \SystemRoot\System32\ATMFD.DLL 0xA57B0000 \SystemRoot\system32\DRIVERS\aswFsBlk.sys 0xA240D000 \SystemRoot\System32\DRIVERS\ndisuio.sys 0x9ECCB000 \SystemRoot\System32\Drivers\aswMon2.SYS 0x9EBC6000 \SystemRoot\system32\drivers\wdmaud.sys 0xA9628000 \SystemRoot\system32\drivers\sysaudio.sys 0x9EA09000 \SystemRoot\System32\DRIVERS\mrxdav.sys 0xB1760000 \SystemRoot\System32\Drivers\ParVdm.SYS 0x9E989000 \SystemRoot\System32\DRIVERS\srv.sys 0x9E560000 \SystemRoot\System32\Drivers\HTTP.sys 0x9E60D000 \SystemRoot\System32\Drivers\aswRdr.SYS 0xF79D1000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 0xF77F7000 \??\C:\DOKUME~1\Kilaoa\LOKALE~1\Temp\catchme.sys 0x9C1B0000 \??\C:\DOKUME~1\Kilaoa\LOKALE~1\Temp\uxtdqpow.sys 0x7C910000 \WINDOWS\system32\ntdll.dll Processes (total 25): 0 System Idle Process 4 System 636 C:\WINDOWS\system32\smss.exe 848 csrss.exe 872 C:\WINDOWS\system32\winlogon.exe 916 C:\WINDOWS\system32\services.exe 928 C:\WINDOWS\system32\lsass.exe 1092 C:\WINDOWS\system32\nvsvc32.exe 1116 C:\WINDOWS\system32\svchost.exe 1168 svchost.exe 1208 C:\WINDOWS\system32\svchost.exe 1328 svchost.exe 1356 svchost.exe 1580 C:\Programme\Alwil Software\Avast4\aswUpdSv.exe 1644 C:\Programme\Alwil Software\Avast4\ashServ.exe 332 C:\WINDOWS\system32\spoolsv.exe 1424 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 472 svchost.exe 3372 alg.exe 2804 C:\WINDOWS\system32\svchost.exe 3556 C:\WINDOWS\explorer.exe 1028 C:\Programme\SRWare Iron\iron.exe 1436 C:\Programme\SRWare Iron\iron.exe 2084 C:\Dokumente und Einstellungen\Kilaoa\Desktop\osam.exe 1836 C:\Dokumente und Einstellungen\Kilaoa\Eigene Dateien\Downloads\MBRCheck (1).exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\E: --> \\.\PhysicalDrive0 at offset 0x00000018`69e61600 (NTFS) PhysicalDrive0 Model Number: SAMSUNGHD322HJ, Rev: 1AC01118 Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11 Done! -------------------------------------------------------------------- P.S. hatte zuerst deinen Hinweis überlesen, dass ich die online Abfrage überspringen soll und hatte es so gemacht wie es unter http://www.trojaner-board.de/84180-a...n-manager.html stand. Weiss nicht ob das wichtig/anders ist aber vorsichtshalber hier auch noch diese Log: OSAM: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 23:22:54 on 15.04.2011 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskUserS-1-5-21-1454471165-1343024091-725345543-1004Core.job" - "Google Inc." - C:\Dokumente und Einstellungen\Kilaoa\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-1454471165-1343024091-725345543-1004UA.job" - "Google Inc." - C:\Dokumente und Einstellungen\Kilaoa\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile USB Driver" (USBAAPL) - ? - C:\WINDOWS\System32\Drivers\usbaapl.sys (File not found) "aswFsBlk" (aswFsBlk) - "ALWIL Software" - C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys "aswRdr" (aswRdr) - "ALWIL Software" - C:\WINDOWS\system32\drivers\aswRdr.sys "avast! Asynchronous Virus Monitor" (Aavmker4) - "ALWIL Software" - C:\WINDOWS\system32\drivers\Aavmker4.sys "avast! Network Shield Support" (aswTdi) - "ALWIL Software" - C:\WINDOWS\system32\drivers\aswTdi.sys "avast! Self Protection" (aswSP) - "ALWIL Software" - C:\WINDOWS\system32\drivers\aswSP.sys "avast! Standard Shield Support" (aswMon2) - "ALWIL Software" - C:\WINDOWS\system32\drivers\aswMon2.sys "Avnex Virtual Audio Device (WDM)" (VCSVADHWSer) - "Avnex" - C:\WINDOWS\System32\DRIVERS\vcsvad.sys "Belkin Wireless G USB Network Adapter(Belkin)" (BLKWGU(Belkin)) - "Belkin Corporation" - C:\WINDOWS\System32\DRIVERS\BLKWGU.sys "catchme" (catchme) - ? - C:\DOKUME~1\Kilaoa\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "EagleNT" (EagleNT) - ? - C:\WINDOWS\system32\drivers\EagleNT.sys (File not found) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "mbr" (mbr) - ? - C:\CoFi\mbr.sys (Hidden registry entry, rootkit activity | File not found) "MEMSWEEP2" (MEMSWEEP2) - ? - C:\WINDOWS\system32\62.tmp (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "SANDRA" (SANDRA) - ? - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP1\WNt500x86\Sandra.sys (File not found) "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS "SASENUM" (SASENUM) - " SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASENUM.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS "StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys (File not found) "uxtdqpow" (uxtdqpow) - ? - C:\DOKUME~1\Kilaoa\LOKALE~1\Temp\uxtdqpow.sys (Hidden registry entry, rootkit activity | File not found) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "ZDPSp50 NDIS Protocol Driver" (ZDPSp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\System32\Drivers\ZDPSp50.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll {472083B0-C522-11CF-8763-00608CC02F24} "avast" - "ALWIL Software" - C:\Programme\Alwil Software\Avast4\ashShell.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? - (File not found | COM-object registry key not found) {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll {1984D045-52CF-49cd-DB77-08F378FEA4DB} "ObjectDockShlExt" - ? - (File not found | COM-object registry key not found) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll {1984D045-52CF-49cd-DB77-08F378FEA4DB} {000214e8-0000-0000-c000-000000000046} 0x401 "{1984D045-52CF-49cd-DB77-08F378FEA4DB} {000214e8-0000-0000-c000-000000000046} 0x401" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Programme\Spybot\SDHelper.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Programme\Spybot\SDHelper.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Kilaoa\Startmenü\Programme\Autostart\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avast!" - "ALWIL Software" - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "avast! Antivirus" (avast! Antivirus) - "ALWIL Software" - C:\Programme\Alwil Software\Avast4\ashServ.exe "avast! iAVS4 Control Service" (aswUpdSv) - "ALWIL Software" - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe "avast! Mail Scanner" (avast! Mail Scanner) - "ALWIL Software" - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe "avast! Web Scanner" (avast! Web Scanner) - "ALWIL Software" - C:\Programme\Alwil Software\Avast4\ashWebSv.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )----- "UIHost" - "Microsoft Corporation" - C:\WINDOWS\system32\logonui.exe -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {B587E2B1-4D59-4e7e-AED9-22B9DF11D053} "802.3 Group Policy" - "Microsoft Corporation" - C:\WINDOWS\system32\dot3gpclnt.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A} "EFS recovery" - "Microsoft Corporation" - C:\WINDOWS\system32\scecli.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B} "Internet Explorer Branding" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} "Internet Explorer Machine Accelerators" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {7B849a69-220F-451E-B3FE-2CB811AF94AE} "Internet Explorer User Accelerators" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3} "Internet Explorer Zonemapping" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {C631DF4C-088F-4156-B058-4375F0853CD8} "Microsoft Offline Files" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {3610eda5-77ef-11d2-8dc5-00c04fa31a66} "Microsoft-Datenträgerkontingent" - "Microsoft Corporation" - C:\WINDOWS\system32\dskquota.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {827D319E-6EAC-11D2-A4EA-00C04F79F83A} "Security" - "Microsoft Corporation" - C:\WINDOWS\system32\scecli.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (Hidden registry entry, rootkit activity | File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (Hidden registry entry, rootkit activity) "crypt32chain" - "Microsoft Corporation" - C:\WINDOWS\system32\crypt32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "cryptnet" - "Microsoft Corporation" - C:\WINDOWS\system32\cryptnet.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "cscdll" - "Microsoft Corporation" - C:\WINDOWS\system32\cscdll.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "dimsntfy" - "Microsoft Corporation" - C:\WINDOWS\System32\dimsntfy.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "ScCertProp" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "Schedule" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "sclgntfy" - "Microsoft Corporation" - C:\WINDOWS\system32\sclgntfy.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "SensLogn" - "Microsoft Corporation" - C:\WINDOWS\system32\WlNotify.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "termsrv" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "wlballoon" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Geändert von qupapa (15.04.2011 um 22:39 Uhr) |
16.04.2011, 11:36 | #15 |
/// Winkelfunktion /// TB-Süch-Tiger™ | appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise |
anderen, avast, bli, board, datei, dateien, diverse, entfernt, forum, infizierte, internet, kostenlose, lizenz, löschen, problem, probleme, registry, runde, scan, seite, seiten, system, temporäre, variante, warnung |