Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise

appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise


Plagegeister aller Art und deren Bekämpfung: appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 15.04.2011, 09:34   #1
qupapa
 
appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise - Standard

appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise


Erstmal möchte ich ein Hallo in die Runde werfen, da dies mein erster Post hier auf dem Board ist.

Nun zu meinem Problem:

Gestern gab mir Avast die Warnung, dass o.g. Datei gefunden wurde. Ich habe diese löschen lassen und danach so einige Lösungsschritte vorgenommen welche ich auf diversen Seiten im Internet gefunden habe.
Einer der Threats die ich wiederfinden konnte war dieser hier (ich poste den mal auch wenn es aus einem anderen Forum stammt, damit nachvollzogen werden kann welche Schritte ich bisher unternommen habe)

hxxp://forum.avira.com/wbb/index.php?page=Thread&threadID=116658

Da ich vorhin dann mal hier genauer im Forum rumgeschaut habe und feststellte, dass es selten eine gute Idee ist die Lösungswege für solche Probleme anderer User blind nachzuvollziehen und ich dementsprechend vielleicht nicht die schlauste Variante gewählt habe, hab ich mich dazu entschieden mein Problem zu schildern in der Hoffnung, dass mir jemand dabei helfen kann zu klären ob mein System sauber ist, oder was ich dazu noch unternehmen muss.

//edit: Falls das relevant ist: OS ist Windows XP SP3

Ich versuche mal chronologisch aufzulisten was ich bisher getan habe:

Gestern:
Avast: Datei gelöscht
Avast Scan ohne Ergebnis
MBAM Scan: 15 infizierte Objekte, Log ist im Anhang
Hitman Pro 3.5: da meine kostenlose Lizenz abgelaufen ist wurden die Probleme nur angezeigt und nicht gefixt, es handelte sich dabei aber lediglich um einige Tracking-Cookies
CCleaner: Temporäre Dateien entfernt und Registry bereinigt (um heute zu lesen, dass zweiteres keine besonders gute Idee ist)
Combofix: nach o.g. Threat, Log ist im Anhang
MBAM Scan: 0 infizierte Objekte, Log ist im Anhang

Heute:
entsprechend http://www.trojaner-board.de/69886-a...-beachten.html
MBAM Scan: 0 infizierte Objekte, Log ist im Anhang
OTL Scan: Log ist im Anhang

Ich hoffe ich habe mich an alles erinnert, möchte aber nicht ausschließen, dass ich etwas vergessen habe :S

Ich möchte mich schonmal im Voraus bedanken, falls sich jemand meines Problems annimmt.

MfG
Geändert von qupapa (15.04.2011 um 09:46 Uhr)

Alt 15.04.2011, 11:53   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise - Standard

appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise


Zitat:
[2011.04.14 18:44:34 | 000,000,000 | ---D | C] -- C:\Qoobox
Wer hat dich angewiesen combofix auszuführen?!
__________________

__________________
Alt 15.04.2011, 12:35   #3
qupapa
 
appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise - Standard

appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise


Niemand, wie gesagt ich habe die Lösungen nur grob überflogen und nach dem "Viel-hilft-viel" Prinzip so ziemlich alles gemacht was irgendwo stand.
Dass dies nicht die schlauste Variante war ist mir inzwischen klar.

Auf Combofix gestossen bin ich in o.g. Thread aus dem Avira Forum
__________________
Alt 15.04.2011, 13:48   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise - Standard

appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise


Dann poste wenigstens das Logfile!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.04.2011, 14:01   #5
qupapa
 
appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise - Standard

appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise


Ist das nicht die ComboFix.txt in der angehängten Datei?
Falls nicht, wo finde ich die denn ansonsten?

Tut mir leid, falls ich unnötige Umstände verursachen sollte ...


Alt 15.04.2011, 14:18   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise - Standard

appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise


Sry, das Log ist mir entgangen
__________________
--> appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise

Alt 15.04.2011, 14:20   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise - Standard

appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise


Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Kilaoa\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Kilaoa\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.17 16:05:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
[2011.03.21 11:35:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kilaoa\Anwendungsdaten\269511
[2011.03.21 11:35:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kilaoa\Anwendungsdaten\106311
:Files
c:\windows\system32\5015
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.04.2011, 14:57   #8
qupapa
 
appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise - Standard

appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise


Ok, danke schon mal soweit.
Hier die OTL-Log

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0\ deleted successfully.
File About:Home not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General\\WallPaper deleted successfully.
C:\Dokumente und Einstellungen\Kilaoa\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General\\BackupWallPaper deleted successfully.
File C:\Dokumente und Einstellungen\Kilaoa\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\ deleted successfully.
C:\Programme\SUPERAntiSpyware\SASSEH.DLL moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
C:\Dokumente und Einstellungen\Kilaoa\Anwendungsdaten\269511 folder moved successfully.
C:\Dokumente und Einstellungen\Kilaoa\Anwendungsdaten\106311 folder moved successfully.
========== FILES ==========
c:\windows\system32\5015\components folder moved successfully.
c:\windows\system32\5015 folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Kilaoa
->Temp folder emptied: 1441928 bytes
->Temporary Internet Files folder emptied: 538764 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 91864852 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1102 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 38976 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 90,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 04152011_154918

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_65c.dat not found!

Registry entries deleted on Reboot...

Alt 15.04.2011, 15:03   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise - Standard

appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise


Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html


Falls du durch die Infektion auf die Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.04.2011, 15:12   #10
qupapa
 
appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise - Standard

appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise


Auf Dokumente und Einstellungen konnte ich ohne Probleme zugreifen.

Hier die Log von TDSSKiller:

Code:
ATTFilter
2011/04/15 16:06:34.0109 2584	TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/15 16:06:34.0343 2584	================================================================================
2011/04/15 16:06:34.0343 2584	SystemInfo:
2011/04/15 16:06:34.0343 2584	
2011/04/15 16:06:34.0343 2584	OS Version: 5.1.2600 ServicePack: 3.0
2011/04/15 16:06:34.0343 2584	Product type: Workstation
2011/04/15 16:06:34.0343 2584	ComputerName: KILAO
2011/04/15 16:06:34.0343 2584	UserName: Kilaoa
2011/04/15 16:06:34.0343 2584	Windows directory: C:\WINDOWS
2011/04/15 16:06:34.0343 2584	System windows directory: C:\WINDOWS
2011/04/15 16:06:34.0343 2584	Processor architecture: Intel x86
2011/04/15 16:06:34.0343 2584	Number of processors: 2
2011/04/15 16:06:34.0343 2584	Page size: 0x1000
2011/04/15 16:06:34.0343 2584	Boot type: Normal boot
2011/04/15 16:06:34.0343 2584	================================================================================
2011/04/15 16:06:34.0812 2584	Initialize success
2011/04/15 16:09:47.0687 1704	================================================================================
2011/04/15 16:09:47.0687 1704	Scan started
2011/04/15 16:09:47.0687 1704	Mode: Manual; 
2011/04/15 16:09:47.0687 1704	================================================================================
2011/04/15 16:09:48.0156 1704	Aavmker4        (2ccfa74242741ca22a4267cce9b586f4) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/04/15 16:09:48.0234 1704	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/15 16:09:48.0250 1704	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/15 16:09:48.0296 1704	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/15 16:09:48.0328 1704	AFD             (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/04/15 16:09:48.0421 1704	Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/04/15 16:09:48.0500 1704	aswFsBlk        (b4079a98f294a3e262872cb76f4849f0) C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
2011/04/15 16:09:48.0515 1704	aswMon2         (dbee7b5ecb50fc2cf9323f52cbf41141) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/04/15 16:09:48.0531 1704	aswRdr          (8080d683489c99cbace813f6fa4069cc) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/04/15 16:09:48.0546 1704	aswSP           (2e5a2ad5004b55df39b7606130a88142) C:\WINDOWS\system32\drivers\aswSP.sys
2011/04/15 16:09:48.0578 1704	aswTdi          (d4c83a37efadfa2c398362e0776e3773) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/04/15 16:09:48.0593 1704	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/15 16:09:48.0609 1704	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/15 16:09:48.0640 1704	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/15 16:09:48.0671 1704	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/15 16:09:48.0718 1704	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/15 16:09:48.0750 1704	BLKWGU(Belkin)  (ed910b63a75863a89aab65f2763d5b71) C:\WINDOWS\system32\DRIVERS\BLKWGU.sys
2011/04/15 16:09:48.0796 1704	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/15 16:09:48.0828 1704	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/15 16:09:48.0828 1704	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/15 16:09:48.0859 1704	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/15 16:09:48.0937 1704	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/15 16:09:49.0015 1704	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/15 16:09:49.0046 1704	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/15 16:09:49.0062 1704	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/15 16:09:49.0093 1704	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/15 16:09:49.0140 1704	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/15 16:09:49.0203 1704	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/15 16:09:49.0234 1704	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/15 16:09:49.0250 1704	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/15 16:09:49.0265 1704	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/15 16:09:49.0296 1704	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/15 16:09:49.0312 1704	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/15 16:09:49.0328 1704	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/15 16:09:49.0328 1704	gameenum        (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/04/15 16:09:49.0359 1704	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/15 16:09:49.0375 1704	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/04/15 16:09:49.0406 1704	hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/15 16:09:49.0453 1704	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/15 16:09:49.0484 1704	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\drivers\i8042prt.sys
2011/04/15 16:09:49.0500 1704	iaStor          (88b1943ecff661f765228099138cf6ab) C:\WINDOWS\system32\drivers\iaStor.sys
2011/04/15 16:09:49.0531 1704	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/15 16:09:49.0656 1704	IntcAzAudAddService (909d03b3b7fb7c830b74f74f4d0ea7ce) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/04/15 16:09:49.0687 1704	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/15 16:09:49.0718 1704	ip6fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/15 16:09:49.0750 1704	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/15 16:09:49.0765 1704	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/15 16:09:49.0781 1704	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/15 16:09:49.0796 1704	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/15 16:09:49.0812 1704	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/15 16:09:49.0843 1704	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/15 16:09:49.0875 1704	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/15 16:09:49.0875 1704	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/15 16:09:49.0906 1704	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/15 16:09:49.0937 1704	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/15 16:09:50.0000 1704	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/15 16:09:50.0015 1704	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/15 16:09:50.0031 1704	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/15 16:09:50.0046 1704	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/15 16:09:50.0062 1704	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/15 16:09:50.0093 1704	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/15 16:09:50.0125 1704	MRxSmb          (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/15 16:09:50.0171 1704	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/15 16:09:50.0203 1704	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/15 16:09:50.0218 1704	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/15 16:09:50.0234 1704	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/15 16:09:50.0265 1704	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/15 16:09:50.0265 1704	Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/15 16:09:50.0296 1704	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/15 16:09:50.0312 1704	NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/15 16:09:50.0328 1704	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/15 16:09:50.0328 1704	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/15 16:09:50.0359 1704	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/15 16:09:50.0375 1704	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/15 16:09:50.0406 1704	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/15 16:09:50.0437 1704	NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/04/15 16:09:50.0453 1704	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/15 16:09:50.0484 1704	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/15 16:09:50.0500 1704	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/15 16:09:50.0718 1704	nv              (cd9ed87b4fc6ec41d3b5be0b923843fc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/15 16:09:51.0031 1704	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/15 16:09:51.0187 1704	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/15 16:09:51.0218 1704	ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/04/15 16:09:51.0250 1704	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/15 16:09:51.0265 1704	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/15 16:09:51.0296 1704	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/15 16:09:51.0312 1704	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/15 16:09:51.0343 1704	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/15 16:09:51.0375 1704	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/15 16:09:51.0484 1704	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/15 16:09:51.0500 1704	Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/04/15 16:09:51.0515 1704	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/15 16:09:51.0546 1704	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/15 16:09:51.0625 1704	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/15 16:09:51.0656 1704	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/15 16:09:51.0671 1704	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/15 16:09:51.0671 1704	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/15 16:09:51.0703 1704	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/15 16:09:51.0718 1704	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/15 16:09:51.0750 1704	RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/15 16:09:51.0781 1704	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/15 16:09:51.0828 1704	RTL8023xp       (d6e1b1bd04fad422af17fc4b810cb9af) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/04/15 16:09:51.0968 1704	SANDRA          (230fd3749904ca045ea5ec0aa14006e9) C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP1\WNt500x86\Sandra.sys
2011/04/15 16:09:52.0000 1704	SASDIFSV        (a3281aec37e0720a2bc28034c2df2a56) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
2011/04/15 16:09:52.0031 1704	SASENUM         (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Programme\SUPERAntiSpyware\SASENUM.SYS
2011/04/15 16:09:52.0046 1704	SASKUTIL        (61db0d0756a99506207fd724e3692b25) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
2011/04/15 16:09:52.0078 1704	SCREAMINGBDRIVER (a689d522eedf89401e1da2fe883aa7ec) C:\WINDOWS\system32\drivers\ScreamingBAudio.sys
2011/04/15 16:09:52.0109 1704	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/15 16:09:52.0125 1704	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/15 16:09:52.0140 1704	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/15 16:09:52.0203 1704	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/15 16:09:52.0265 1704	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/15 16:09:52.0281 1704	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/15 16:09:52.0328 1704	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/15 16:09:52.0359 1704	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/15 16:09:52.0375 1704	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/15 16:09:52.0453 1704	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/15 16:09:52.0500 1704	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/15 16:09:52.0531 1704	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/15 16:09:52.0546 1704	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/15 16:09:52.0562 1704	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/15 16:09:52.0609 1704	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/15 16:09:52.0656 1704	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/15 16:09:52.0687 1704	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/15 16:09:52.0718 1704	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/15 16:09:52.0734 1704	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/15 16:09:52.0765 1704	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/15 16:09:52.0781 1704	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/15 16:09:52.0812 1704	VCSVADHWSer     (b2abab4ca46bad182e27763dc19c780f) C:\WINDOWS\system32\DRIVERS\vcsvad.sys
2011/04/15 16:09:52.0828 1704	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/15 16:09:52.0875 1704	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/15 16:09:52.0890 1704	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/15 16:09:52.0953 1704	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/15 16:09:53.0031 1704	ZDPSp50         (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys
2011/04/15 16:09:53.0171 1704	================================================================================
2011/04/15 16:09:53.0171 1704	Scan finished
2011/04/15 16:09:53.0171 1704	================================================================================

Alt 15.04.2011, 17:44   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise - Standard

appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise


Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.04.2011, 19:28   #12
qupapa
 
appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise - Standard

appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise


Done.

Kann es sein, dass ComboFix meinen Standardbrowser geändert hat?

So oder so, hier die Log:

Code:
ATTFilter
ComboFix 11-04-14.03 - Kilaoa 15.04.2011  20:21:15.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.2047.1565 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Kilaoa\Desktop\CoFi.exe
AV: avast! antivirus 4.8.1368 [VPS 110415-0] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-03-15 bis 2011-04-15  ))))))))))))))))))))))))))))))
.
.
2011-04-15 07:19 . 2011-04-15 07:19	--------	d-----w-	C:\_OTL
2011-04-13 08:29 . 2011-04-13 08:29	--------	d-----w-	c:\dokumente und einstellungen\Kilaoa\Lokale Einstellungen\Anwendungsdaten\Opera
2011-04-13 08:29 . 2011-04-13 08:29	--------	d-----w-	c:\programme\Opera
2011-04-13 07:21 . 2011-04-13 07:21	--------	d-----w-	c:\dokumente und einstellungen\Kilaoa\Lokale Einstellungen\Anwendungsdaten\Chromium
2011-04-13 07:21 . 2011-04-13 07:21	--------	d-----w-	c:\programme\SRWare Iron
2011-04-12 21:17 . 2011-04-12 21:18	--------	d-----w-	c:\programme\FileZilla FTP Client
2011-04-06 08:11 . 2011-04-06 08:39	--------	d-----w-	c:\programme\Google
2011-04-05 10:41 . 2011-04-05 10:41	--------	d--h--w-	c:\windows\PIF
2011-03-18 08:28 . 2011-03-18 08:28	--------	d-----w-	C:\msstyle
2011-03-17 10:00 . 2011-03-17 10:00	--------	d-----w-	c:\dokumente und einstellungen\Kilaoa\Anwendungsdaten\CAD-KAS
2011-03-17 09:59 . 2011-03-20 11:29	--------	d-----w-	c:\programme\PDF Editor 3
2011-03-17 09:59 . 2011-03-17 09:59	80896	----a-w-	c:\windows\cadkasdeinst01.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 15:42 . 2011-02-16 13:07	16968	----a-w-	c:\windows\system32\drivers\hitmanpro35.sys
2011-03-21 22:03 . 2011-02-10 12:11	1629	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\xml12F.tmp
2011-03-21 22:03 . 2011-02-10 12:11	14229	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\xml12E.tmp
2011-03-21 22:03 . 2011-02-10 12:11	8114	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\xml12D.tmp
2011-03-07 05:33 . 2010-01-17 14:03	692736	----a-w-	c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2003-04-02 12:00	420864	----a-w-	c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2003-04-02 12:00	1858048	----a-w-	c:\windows\system32\win32k.sys
2011-02-22 23:05 . 2003-04-02 12:00	916480	----a-w-	c:\windows\system32\wininet.dll
2011-02-22 23:05 . 2003-04-02 12:00	43520	------w-	c:\windows\system32\licmgr10.dll
2011-02-22 23:05 . 2003-04-02 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2010-01-17 15:22	385024	----a-w-	c:\windows\system32\html.iec
2011-02-17 13:18 . 2003-04-02 12:00	455936	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2003-04-02 12:00	357888	----a-w-	c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 06:25	5632	----a-w-	c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2003-04-02 12:00	290432	----a-w-	c:\windows\system32\atmfd.dll
2011-02-10 15:40 . 2011-02-10 15:40	7952	----a-w-	c:\windows\system32\OODDRMBS.EXE
2011-02-09 13:53 . 2003-04-02 12:00	270848	----a-w-	c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2003-04-02 12:00	186880	----a-w-	c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2003-04-02 12:00	978944	----a-w-	c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2003-04-02 12:00	974848	----a-w-	c:\windows\system32\mfc42u.dll
2011-02-08 01:16 . 2011-02-08 01:16	922112	------w-	c:\windows\system32\imapi2fs.dll
2011-02-08 01:16 . 2011-02-08 01:16	426496	------w-	c:\windows\system32\imapi2.dll
2011-02-02 07:58 . 2010-01-17 14:02	2067456	----a-w-	c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-01-17 14:02	677888	----a-w-	c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2003-04-02 12:00	440832	----a-w-	c:\windows\system32\shimgvw.dll
2011-03-18 17:56 . 2011-03-13 16:10	142296	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
2006-05-03 09:06	163328	--sh--r-	c:\windows\system32\flvDX.dll
2007-02-21 10:47	31232	--sh--r-	c:\windows\system32\msfDX.dll
2008-03-16 12:30	216064	--sh--r-	c:\windows\system32\nbDX.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-04-14_16.54.37   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-15 15:45 . 2011-04-15 15:45	16384              c:\windows\Temp\Perflib_Perfdata_66c.dat
+ 2003-04-02 12:00 . 2011-04-15 13:10	84844              c:\windows\system32\perfc009.dat
- 2003-04-02 12:00 . 2010-12-20 23:52	66560              c:\windows\system32\mshtmled.dll
+ 2003-04-02 12:00 . 2011-02-22 23:05	66560              c:\windows\system32\mshtmled.dll
+ 2009-03-08 03:31 . 2011-02-22 23:05	55296              c:\windows\system32\msfeedsbs.dll
- 2009-03-08 03:31 . 2010-12-20 23:52	55296              c:\windows\system32\msfeedsbs.dll
+ 2003-04-02 12:00 . 2011-02-22 23:05	25600              c:\windows\system32\jsproxy.dll
- 2003-04-02 12:00 . 2010-12-20 23:52	25600              c:\windows\system32\jsproxy.dll
- 2003-04-02 12:00 . 2008-04-14 06:52	45568              c:\windows\system32\dnsrslvr.dll
+ 2003-04-02 12:00 . 2009-04-20 17:17	45568              c:\windows\system32\dnsrslvr.dll
- 2010-05-01 07:55 . 2010-12-20 23:52	12800              c:\windows\system32\dllcache\xpshims.dll
+ 2010-05-01 07:55 . 2011-02-22 23:05	12800              c:\windows\system32\dllcache\xpshims.dll
- 2009-03-08 03:31 . 2010-12-20 23:52	66560              c:\windows\system32\dllcache\mshtmled.dll
+ 2009-03-08 03:31 . 2011-02-22 23:05	66560              c:\windows\system32\dllcache\mshtmled.dll
- 2010-05-01 07:55 . 2010-12-20 23:52	55296              c:\windows\system32\dllcache\msfeedsbs.dll
+ 2010-05-01 07:55 . 2011-02-22 23:05	55296              c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-03-08 03:34 . 2010-12-20 23:52	43520              c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-08 03:34 . 2011-02-22 23:05	43520              c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-08 03:33 . 2011-02-22 23:05	25600              c:\windows\system32\dllcache\jsproxy.dll
- 2009-03-08 03:33 . 2010-12-20 23:52	25600              c:\windows\system32\dllcache\jsproxy.dll
+ 2009-04-20 17:17 . 2009-04-20 17:17	45568              c:\windows\system32\dllcache\dnsrslvr.dll
- 2010-03-18 11:16 . 2010-03-18 11:16	56656              c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2011-02-10 02:10 . 2011-02-10 02:10	56656              c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	87408              c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	87408              c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	93024              c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	93024              c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	35688              c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	35688              c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	17784              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	17784              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	58240              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	58240              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	44920              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	44920              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	37240              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	37240              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	64352              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	64352              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	51032              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	51032              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	50552              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	50552              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	81784              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	81784              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	81800              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	81800              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	39784              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	39784              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	68952              c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	68952              c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	12128              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	12128              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	97680              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	97680              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	17240              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	17240              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	78168              c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	78168              c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	81248              c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	81248              c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-04-15 13:10 . 2010-12-20 23:52	12800              c:\windows\ie8updates\KB2497640-IE8\xpshims.dll
+ 2011-04-15 13:10 . 2010-12-20 23:52	66560              c:\windows\ie8updates\KB2497640-IE8\mshtmled.dll
+ 2011-04-15 13:10 . 2010-12-20 23:52	55296              c:\windows\ie8updates\KB2497640-IE8\msfeedsbs.dll
+ 2011-04-15 13:10 . 2010-12-20 23:52	43520              c:\windows\ie8updates\KB2497640-IE8\licmgr10.dll
+ 2011-04-15 13:10 . 2010-12-20 23:52	25600              c:\windows\ie8updates\KB2497640-IE8\jsproxy.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03	96768              c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\9824b202ffe88c945577effdc7fc8fc3\UIAutomationProvider.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29	54784              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\8e97109a6278b73bf4fd77b61ce6c154\System.Xaml.Hosting.ni.dll
+ 2011-04-15 16:30 . 2011-04-15 16:30	35328              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\6474ae2cebac637025eab3cbcdc9ffe6\System.Windows.Presentation.ni.dll
+ 2011-04-15 16:30 . 2011-04-15 16:30	24064              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Routing\1070fda1dc17a4b0f121195f9c1ebcfe\System.Web.Routing.ni.dll
+ 2011-04-15 16:30 . 2011-04-15 16:30	46592              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\5a41a2282d6b6ac525073db4f0604677\System.Web.DynamicData.Design.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03	71680              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\50cbf014f60fa88f67a763dfbead1fee\System.Web.ApplicationServices.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29	24576              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Abstract#\8aa6f2e7225a8c20edda9ee3a260692a\System.Web.Abstractions.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29	82432              c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f472171edc898ea876f14b97b4f332b8\System.ServiceModel.Channels.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29	12288              c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\2f4398558c8128f92887fde8660f1ca8\System.ServiceModel.ServiceMoniker40.ni.dll
+ 2011-04-15 16:04 . 2011-04-15 16:04	78848              c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\473102f936b4a823e5e2b2e6282c5104\System.AddIn.Contract.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03	37376              c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Workflow.#\c4eae41feecde838e71941f5b7359b48\Microsoft.Workflow.Compiler.ni.exe
+ 2011-04-15 16:03 . 2011-04-15 16:03	11776              c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\1a21a54acf18fabfddb0b94d40e509a1\Microsoft.VisualC.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02	44544              c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\7600f9d2a3bc01ba15674667283c2e53\Accessibility.ni.dll
+ 2011-04-15 13:46 . 2011-04-15 13:46	60928              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\368187bcb570d202a019fc7c53b1df4c\UIAutomationProvider.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02	37888              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\3f621b90371e67197bd4d0b86aa6f21d\System.Windows.Presentation.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02	36864              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\577b049541803541e6b00e2c36c00852\System.Web.DynamicData.Design.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00	94208              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\636ed65b7e5481320e3010b78a5e6cfa\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00	82944              c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f83b1e8dd8c90490c8d924826c8b107d\System.AddIn.Contract.ni.dll
+ 2011-04-15 13:45 . 2011-04-15 13:45	47104              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2740ba673b1040f1995f13c6044da64c\PresentationFontCache.ni.exe
+ 2011-04-15 13:10 . 2011-04-15 13:10	39424              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\8514e7de63d46b6f8232ef70d93a1650\PresentationCFFRasterizer.ni.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01	55296              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\108426b4dc654100c9a99bfa71f69886\Microsoft.Vsa.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00	15872              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\61ae638a8173b053fc3e6dde41df25a3\Microsoft.VisualC.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00	74752              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\8905268997c77a27c7f9c54aeba37f24\Microsoft.Build.Framework.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00	65024              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\11bb8ef375848eb1c074da1afd5cecdc\Microsoft.Build.Framework.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00	14336              c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\6d74b9308a1517bfe959e597c3dd2427\dfsvc.ni.exe
+ 2011-04-15 15:59 . 2011-04-15 15:59	25600              c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\fdf7f1404f4a5c7f5a0463d8e7a442e4\Accessibility.ni.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	77824              c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	77824              c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	81920              c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	81920              c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	81920              c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	81920              c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	32768              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	32768              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	12800              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	12800              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	28672              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	28672              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	77824              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	77824              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	36864              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	36864              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	77824              c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	77824              c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	13312              c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	13312              c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	10752              c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	10752              c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	72192              c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	72192              c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	69120              c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	69120              c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	8192              c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	8192              c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2011-04-15 13:10 . 2011-04-15 13:10	2688              c:\windows\SoftwareDistribution\EventCache\{FCC119B7-C2EC-4B11-88C9-2664CA973400}.bin
+ 2011-04-15 16:02 . 2011-04-15 16:02	9728              c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\1a4701c5a061d081b78353bd04349c3e\dfsvc.ni.exe
+ 2011-04-15 13:09 . 2011-04-15 13:09	7168              c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	7168              c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	5632              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-10-27 15:54 . 2010-10-27 15:54	5632              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	6656              c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	6656              c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	8192              c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	8192              c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	109568              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	109568              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	246128              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	246128              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	113664              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	113664              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2003-04-02 12:00 . 2011-04-15 13:10	494300              c:\windows\system32\perfh009.dat
+ 2003-04-02 12:00 . 2011-04-15 13:10	517632              c:\windows\system32\perfh007.dat
+ 2003-04-02 12:00 . 2011-04-15 13:10	101784              c:\windows\system32\perfc007.dat
- 2003-04-02 12:00 . 2010-12-20 23:52	206848              c:\windows\system32\occache.dll
+ 2003-04-02 12:00 . 2011-02-22 23:05	206848              c:\windows\system32\occache.dll
- 2003-04-02 12:00 . 2008-06-20 17:46	247296              c:\windows\system32\mswsock.dll
+ 2003-04-02 12:00 . 2008-06-20 16:02	247296              c:\windows\system32\mswsock.dll
- 2003-04-02 12:00 . 2010-12-20 23:52	611840              c:\windows\system32\mstime.dll
+ 2003-04-02 12:00 . 2011-02-22 23:05	611840              c:\windows\system32\mstime.dll
+ 2009-03-08 03:32 . 2011-02-22 23:05	602112              c:\windows\system32\msfeeds.dll
- 2009-03-08 03:32 . 2010-12-20 23:52	602112              c:\windows\system32\msfeeds.dll
- 2003-04-02 12:00 . 2009-12-09 05:53	726528              c:\windows\system32\jscript.dll
+ 2003-04-02 12:00 . 2011-03-04 06:36	726528              c:\windows\system32\jscript.dll
+ 2003-04-02 12:00 . 2011-02-22 23:05	184320              c:\windows\system32\iepeers.dll
- 2003-04-02 12:00 . 2010-12-20 23:52	184320              c:\windows\system32\iepeers.dll
+ 2003-04-02 12:00 . 2011-02-22 23:05	387584              c:\windows\system32\iedkcs32.dll
- 2003-04-02 12:00 . 2010-12-20 23:52	387584              c:\windows\system32\iedkcs32.dll
+ 2003-04-02 12:00 . 2011-02-18 11:49	173568              c:\windows\system32\ie4uinit.exe
- 2003-04-02 12:00 . 2010-12-20 12:55	173568              c:\windows\system32\ie4uinit.exe
+ 2010-01-17 13:46 . 2011-04-15 13:42	359344              c:\windows\system32\FNTCACHE.DAT
- 2010-01-17 13:46 . 2011-04-14 14:45	359344              c:\windows\system32\FNTCACHE.DAT
+ 2003-04-02 12:00 . 2008-10-16 14:43	138496              c:\windows\system32\drivers\afd.sys
- 2003-04-02 12:00 . 2008-08-14 10:04	138496              c:\windows\system32\drivers\afd.sys
+ 2003-04-02 12:00 . 2011-03-03 06:54	149504              c:\windows\system32\dnsapi.dll
+ 2009-10-29 05:24 . 2011-02-22 23:05	916480              c:\windows\system32\dllcache\wininet.dll
- 2009-10-29 05:24 . 2010-12-20 23:52	916480              c:\windows\system32\dllcache\wininet.dll
+ 2008-05-09 10:54 . 2011-03-04 06:36	420864              c:\windows\system32\dllcache\vbscript.dll
+ 2010-01-17 18:11 . 2011-02-17 13:18	357888              c:\windows\system32\dllcache\srv.sys
+ 2009-03-08 03:34 . 2011-02-22 23:05	206848              c:\windows\system32\dllcache\occache.dll
- 2009-03-08 03:34 . 2010-12-20 23:52	206848              c:\windows\system32\dllcache\occache.dll
- 2008-06-20 17:46 . 2008-06-20 17:46	247296              c:\windows\system32\dllcache\mswsock.dll
+ 2008-06-20 17:46 . 2008-06-20 16:02	247296              c:\windows\system32\dllcache\mswsock.dll
- 2009-03-08 03:32 . 2010-12-20 23:52	611840              c:\windows\system32\dllcache\mstime.dll
+ 2009-03-08 03:32 . 2011-02-22 23:05	611840              c:\windows\system32\dllcache\mstime.dll
- 2010-05-01 07:55 . 2010-12-20 23:52	602112              c:\windows\system32\dllcache\msfeeds.dll
+ 2010-05-01 07:55 . 2011-02-22 23:05	602112              c:\windows\system32\dllcache\msfeeds.dll
+ 2010-01-17 18:11 . 2011-02-17 13:18	455936              c:\windows\system32\dllcache\mrxsmb.sys
- 2010-09-18 10:22 . 2010-09-18 10:22	974848              c:\windows\system32\dllcache\mfc42u.dll
+ 2010-09-18 10:22 . 2011-02-08 13:33	974848              c:\windows\system32\dllcache\mfc42u.dll
+ 2010-10-13 14:15 . 2011-02-08 13:33	978944              c:\windows\system32\dllcache\mfc42.dll
- 2010-01-17 18:06 . 2009-12-09 05:53	726528              c:\windows\system32\dllcache\jscript.dll
+ 2010-01-17 18:06 . 2011-03-04 06:36	726528              c:\windows\system32\dllcache\jscript.dll
- 2010-01-17 18:09 . 2010-06-09 07:43	692736              c:\windows\system32\dllcache\inetcomm.dll
+ 2010-01-17 18:09 . 2011-03-07 05:33	692736              c:\windows\system32\dllcache\inetcomm.dll
+ 2010-05-01 07:55 . 2011-02-22 23:05	247808              c:\windows\system32\dllcache\ieproxy.dll
- 2010-05-01 07:55 . 2010-12-20 23:52	247808              c:\windows\system32\dllcache\ieproxy.dll
+ 2010-02-26 05:41 . 2011-02-22 23:05	184320              c:\windows\system32\dllcache\iepeers.dll
- 2010-02-26 05:41 . 2010-12-20 23:52	184320              c:\windows\system32\dllcache\iepeers.dll
- 2010-06-11 13:32 . 2010-12-20 23:52	743424              c:\windows\system32\dllcache\iedvtool.dll
+ 2010-06-11 13:32 . 2011-02-22 23:05	743424              c:\windows\system32\dllcache\iedvtool.dll
+ 2009-03-08 13:09 . 2011-02-22 23:05	387584              c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 13:09 . 2010-12-20 23:52	387584              c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 03:32 . 2010-12-20 12:55	173568              c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-03-08 03:32 . 2011-02-18 11:49	173568              c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-06-20 17:46 . 2011-03-03 06:54	149504              c:\windows\system32\dllcache\dnsapi.dll
+ 2010-04-20 05:29 . 2011-02-15 12:56	290432              c:\windows\system32\dllcache\atmfd.dll
- 2008-06-20 11:40 . 2008-08-14 10:04	138496              c:\windows\system32\dllcache\afd.sys
+ 2008-06-20 11:40 . 2008-10-16 14:43	138496              c:\windows\system32\dllcache\afd.sys
- 2010-03-18 11:16 . 2010-03-18 11:16	517448              c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2011-02-10 02:10 . 2011-02-10 02:10	517448              c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
- 2010-03-18 11:16 . 2010-03-18 11:16	955728              c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
+ 2011-02-10 02:10 . 2011-02-10 02:10	955728              c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
- 2010-03-18 11:16 . 2010-03-18 11:16	385864              c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
+ 2011-02-10 02:10 . 2011-02-10 02:10	385864              c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
+ 2011-01-18 02:39 . 2011-01-18 02:39	388936              c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2010-05-11 04:40 . 2010-05-11 04:40	388936              c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-01-18 02:39 . 2011-01-18 02:39	363856              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-01-18 02:39 . 2011-01-18 02:39	989016              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2010-05-11 04:40 . 2010-05-11 04:40	989016              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	350592              c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	350592              c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	163168              c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	163168              c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	138592              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	138592              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	699224              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	699224              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	857960              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	857960              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	675672              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	675672              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	113512              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	113512              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	129912              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	129912              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	390008              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	390008              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	505208              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	505208              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	261472              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	261472              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	122264              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	122264              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	291184              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	291184              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	349568              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	349568              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	231760              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	231760              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	253280              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	253280              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	378720              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	378720              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	134528              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	134528              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	123736              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	123736              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	392552              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	392552              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	125816              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	125816              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	120152              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	120152              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	607064              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	607064              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	395120              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	395120              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	182144              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	182144              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	285072              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	285072              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	829280              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	829280              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	747360              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	747360              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	436600              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	436600              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	683872              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	683872              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	409448              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	409448              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	210816              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	210816              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	149848              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	149848              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	122248              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	122248              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	525704              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	525704              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	112976              c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	112976              c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	581464              c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	581464              c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	832856              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	832856              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	194424              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	194424              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	478576              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	478576              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	167288              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	167288              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	232304              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	232304              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	661352              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	661352              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	349576              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	349576              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	387960              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	387960              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	746336              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	746336              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	505184              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	505184              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	269672              c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	269672              c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	334688              c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	334688              c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	109568              c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	109568              c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	246128              c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	246128              c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	170368              c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	170368              c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-04-15 13:02 . 2010-03-10 06:15	420352              c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
+ 2011-04-15 13:02 . 2010-07-05 13:14	388984              c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
+ 2011-04-15 13:02 . 2010-07-05 13:14	234872              c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
+ 2011-04-15 13:02 . 2009-12-09 05:53	726528              c:\windows\ie8updates\KB2510531-IE8\jscript.dll
+ 2011-04-15 13:10 . 2010-12-20 23:52	916480              c:\windows\ie8updates\KB2497640-IE8\wininet.dll
+ 2011-04-15 13:10 . 2010-07-05 13:14	388984              c:\windows\ie8updates\KB2497640-IE8\spuninst\updspapi.dll
+ 2011-04-15 13:10 . 2010-07-05 13:14	234872              c:\windows\ie8updates\KB2497640-IE8\spuninst\spuninst.exe
+ 2011-04-15 13:10 . 2010-12-20 23:52	206848              c:\windows\ie8updates\KB2497640-IE8\occache.dll
+ 2011-04-15 13:10 . 2010-12-20 23:52	611840              c:\windows\ie8updates\KB2497640-IE8\mstime.dll
+ 2011-04-15 13:10 . 2010-12-20 23:52	602112              c:\windows\ie8updates\KB2497640-IE8\msfeeds.dll
+ 2011-04-15 13:10 . 2010-12-20 23:52	247808              c:\windows\ie8updates\KB2497640-IE8\ieproxy.dll
+ 2011-04-15 13:10 . 2010-12-20 23:52	184320              c:\windows\ie8updates\KB2497640-IE8\iepeers.dll
+ 2011-04-15 13:10 . 2010-12-20 23:52	743424              c:\windows\ie8updates\KB2497640-IE8\iedvtool.dll
+ 2011-04-15 13:10 . 2010-12-20 23:52	387584              c:\windows\ie8updates\KB2497640-IE8\iedkcs32.dll
+ 2011-04-15 13:10 . 2010-12-20 12:55	173568              c:\windows\ie8updates\KB2497640-IE8\ie4uinit.exe
+ 2010-01-17 18:11 . 2011-02-17 13:18	455936              c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2011-04-15 16:30 . 2011-04-15 16:30	399360              c:\windows\assembly\NativeImages_v4.0.30319_32\XamlBuildTask\071230a3e7b1d19779210ed709761da4\XamlBuildTask.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02	353792              c:\windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\308200c3a43e5cd40f7ca07328be5d56\WsatConfig.ni.exe
+ 2011-04-15 16:30 . 2011-04-15 16:30	245760              c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\c854ff737035c79fdf1b56b95e28fdbc\WindowsFormsIntegration.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03	195584              c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\c085fc0d222fb39afe14cc8e5eb32eee\UIAutomationTypes.ni.dll
+ 2011-04-15 16:30 . 2011-04-15 16:30	481792              c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\974f99cb0c5b67484ce5a3fd1fc5e7dd\UIAutomationClient.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03	391680              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\6d7c87b19bf40f2bc57ec4429b628c9a\System.Xml.Linq.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03	187904              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\21eb4743be4fdd8df5f0a9cd0dd52f5d\System.Windows.Input.Manipulations.ni.dll
+ 2011-04-15 16:30 . 2011-04-15 16:30	192512              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\506e5c072114a604751e589a03818287\System.Windows.Forms.DataVisualization.Design.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03	218624              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.RegularE#\4f6ed094f67cf65019b24b7ae4950047\System.Web.RegularExpressions.ni.dll
+ 2011-04-15 16:30 . 2011-04-15 16:30	858112              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\e48ad421c99a1dff1680d775abf7fdec\System.Web.Extensions.Design.ni.dll
+ 2011-04-15 16:30 . 2011-04-15 16:30	332288              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\25f74ac76ed1a5762f05984a8e8f675c\System.Web.Entity.ni.dll
+ 2011-04-15 16:30 . 2011-04-15 16:30	296448              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\022f7f8e65394aab269df0a14f3f8757\System.Web.Entity.Design.ni.dll
+ 2011-04-15 16:30 . 2011-04-15 16:30	705536              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\c1a917d7d45e2e5731ab1a2c69bc3c79\System.Web.DynamicData.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29	256512              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\79696f4c00767d1db7c4a93b9e417359\System.Web.DataVisualization.Design.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03	645632              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\1fac5b5769af4e4dd0aa3f09d9834734\System.Transactions.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03	220672              c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\4e5c6a1e261c43961b19f4712359234f\System.ServiceProcess.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29	421888              c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d1f5920c45a89d29bfcaaf3e913f5b43\System.ServiceModel.Activation.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29	365056              c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\9fc58e83505ef6bf05a4529665c7737d\System.ServiceModel.Routing.ni.dll
+ 2011-04-15 13:06 . 2011-04-15 13:06	721920              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\df00a90a0ca189eb49b071dfd9530347\System.Security.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03	310272              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\7de8fccb064fff0d219e8594a014b600\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03	767488              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\585f1cfab91fc0c2c3e2a9f483a2a4a2\System.Runtime.Remoting.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03	239616              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\46ecc1e6de3fba31062fe27e5bc2ef9c\System.Runtime.Caching.ni.dll
+ 2011-04-15 13:06 . 2011-04-15 13:06	144896              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\f2304201110addb8170997ff442e87fc\System.Numerics.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29	651264              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\56158e581a3dfce8f930fe7388cfe156\System.Net.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29	625152              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\8b3e59239912537657fc7f9c6b88dd8a\System.Messaging.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29	392704              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\117067671949b80852b0a7c112888b7b\System.Management.Instrumentation.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29	405504              c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\a483116d4df8444911c9d47fd99b8b95\System.IO.Log.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29	228352              c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\3891b868ee83ca630686d547c328da31\System.IdentityModel.Selectors.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03	230912              c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\547669d593c2ac7c94391e153ea6068f\System.EnterpriseServices.Wrapper.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03	784896              c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\547669d593c2ac7c94391e153ea6068f\System.EnterpriseServices.ni.dll
+ 2011-04-15 13:06 . 2011-04-15 13:06	373248              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\f9b335b9f86afcae5a54949288010a0f\System.Dynamic.ni.dll
+ 2011-04-15 13:07 . 2011-04-15 13:07	223744              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\bbb1323c2a613d3f4e9cfce17e03ee70\System.Drawing.Design.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29	911872              c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\8a7ceaec74327e2be758e7291b8a5849\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03	461824              c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\698dd101afeceb8ffc4a435b9be82038\System.DirectoryServices.Protocols.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29	112128              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\65b4592d5d04a0c5b6f102f8d1e065e8\System.Device.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29	499712              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\1cebe528201f40151fb29cb835f76ef2\System.Data.Services.Design.ni.dll
+ 2011-04-15 16:04 . 2011-04-15 16:04	134656              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\ee0a48c4f9340f1002baa71004a14932\System.Data.DataSetExtensions.ni.dll
+ 2011-04-15 13:06 . 2011-04-15 13:06	973312              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\f7f7d2aa985906327e256d05472bdeb3\System.Configuration.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03	145920              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\9a074aee02c2c27bd8a64bd39bb0f954\System.Configuration.Install.ni.dll
+ 2011-04-15 16:04 . 2011-04-15 16:04	193536              c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\f02a6c23986ba9eee3699717437b0f94\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-04-15 13:07 . 2011-04-15 13:07	690176              c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\50925baa7781cd6b13b345750b78cac2\System.ComponentModel.Composition.ni.dll
+ 2011-04-15 16:04 . 2011-04-15 16:04	613888              c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\d5de48c1c29a8498c89ed5da48e40690\System.AddIn.ni.dll
+ 2011-04-15 16:04 . 2011-04-15 16:04	402944              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\d60de251f6401ab42fe195f6bf25ca73\System.Activities.DurableInstancing.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02	316928              c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\d42aded7e797fe07a002cec27071b509\SMSvcHost.ni.exe
+ 2011-04-15 16:03 . 2011-04-15 16:03	142336              c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\22f477b2dad8700e564daead57f5b825\SMDiagnostics.ni.dll
+ 2011-04-15 13:07 . 2011-04-15 13:07	656896              c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ea81a1bfc0d3e8840be37dffb83fc12e\PresentationFramework.Luna.ni.dll
+ 2011-04-15 13:07 . 2011-04-15 13:07	327168              c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e4498a63f9913a5d47d26de0da220fdc\PresentationFramework.Royale.ni.dll
+ 2011-04-15 13:07 . 2011-04-15 13:07	283648              c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\debfd1ead83df514b9a663bf3601669f\PresentationFramework.Classic.ni.dll
+ 2011-04-15 13:07 . 2011-04-15 13:07	450048              c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bc6292c4e40c4bf27d35ec5a8065893f\PresentationFramework.Aero.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02	273920              c:\windows\assembly\NativeImages_v4.0.30319_32\MSBuild\f648f2557a7075889949469f0531b7c9\MSBuild.ni.exe
+ 2011-04-15 16:03 . 2011-04-15 16:03	219136              c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\e6c8530bfd8c9a39e07a5401b3acba04\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03	418304              c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\a78fa250714cf42472bc22d0b7ea14e5\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03	629248              c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Uti#\9c42659b778392df8680d350075a2e5b\Microsoft.Build.Utilities.v4.0.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02	257536              c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Fra#\9f1f00f55897b6fd12e65be9869fffa7\Microsoft.Build.Framework.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02	135680              c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Con#\c9519340c17ccff490727172072a7ff7\Microsoft.Build.Conversion.v4.0.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02	193024              c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\e665571fbfd43f6f3f715b715dd01f14\CustomMarshalers.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02	471040              c:\windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\1b247637f0106a0bbc4f19d822e5a13c\ComSvcConfig.ni.exe
+ 2011-04-15 16:02 . 2011-04-15 16:02	842752              c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\a1fca84c7a934ce073bce166101bc58e\AspNetMMCExt.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00	321536              c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\95de80b860252231b46014f58226e473\WsatConfig.ni.exe
+ 2011-04-15 13:46 . 2011-04-15 13:46	240128              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\715710f5a31a494ed5c0ec0874dafe3e\WindowsFormsIntegration.ni.dll
+ 2011-04-15 13:46 . 2011-04-15 13:46	187904              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\017be0e6c5f1810f15a696157cd5e2c2\UIAutomationTypes.ni.dll
+ 2011-04-15 13:46 . 2011-04-15 13:46	447488              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\bec5b0a93df12eb26c02c877a4eae678\UIAutomationClient.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02	400896              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\3d8f787002439f4942c33f376cfd8555\System.Xml.Linq.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02	129536              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\4b746fea8062a10ccc6e5331914e7dad\System.Web.Routing.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02	202240              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\103956fdb019bce8a173fe9cb9da3e02\System.Web.RegularExpressions.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02	859648              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c0a156fbf46ad272ac262e45eaa998f4\System.Web.Extensions.Design.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02	328704              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\e3651e13567ce4e3fa7bb2fbab737d9a\System.Web.Entity.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02	301056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\834d7769f39e4d937eda1ad3707d4716\System.Web.Entity.Design.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02	547328              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\032c96c6206b53bca122d1fbaf5f8ca2\System.Web.DynamicData.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02	141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6ce0e4fb33afcfcce43c427e82b987db\System.Web.Abstractions.ni.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01	627200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\990d96810a21e0fa95f916ffc66f3a94\System.Transactions.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02	212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e0d56c0582316e9ecb4c18186e37217c\System.ServiceProcess.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00	679936              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\9e91cca51a5ed6fb13b67558109d2726\System.Security.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00	311296              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\fa6a58394a1f162eecce4cd8af0875c3\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01	771584              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1d03df7f7548613e8beab2cc21e57910\System.Runtime.Remoting.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02	621056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\6194eb4bc1e0133d0183d086b747f512\System.Net.ni.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01	593408              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\fd6bd402916af28b2c2fa49ebb8a76d1\System.Messaging.ni.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01	998400              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\042658de519bb1e22ec5925092061892\System.Management.ni.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01	330752              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\d6ae8171ae6fd4fe83add34e6d70e5b5\System.Management.Instrumentation.ni.dll
+ 2011-04-15 15:59 . 2011-04-15 15:59	381440              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\abd5a61d39e474f12b30ccbbe6277667\System.IO.Log.ni.dll
+ 2011-04-15 15:59 . 2011-04-15 15:59	212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\12c4dba6d4ff0278d208c283d9ed7670\System.IdentityModel.Selectors.ni.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01	280064              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ff5c7a52497d892f3a3206384d46b5e7\System.EnterpriseServices.Wrapper.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01	627712              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ff5c7a52497d892f3a3206384d46b5e7\System.EnterpriseServices.ni.dll
+ 2011-04-15 13:45 . 2011-04-15 13:45	208384              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e6b7128278d8c0e8382a5685f5b196c6\System.Drawing.Design.ni.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01	881152              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8ef56bf47fc2fc4204e0fcc1f32bab01\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01	455680              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\447d7b4a7d0add13f8d2086088bcc41c\System.DirectoryServices.Protocols.ni.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01	354816              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ce2afe8854ee9cdc834b6f392348c882\System.Data.Services.Design.ni.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01	939008              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\03d4658290e300e437e745ef4a613b59\System.Data.Services.Client.ni.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01	756736              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\7ce21a2855bb7731de4dab797e69f3f6\System.Data.Entity.Design.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00	135680              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\ea57694aea47c05853516c9bb2ad54b4\System.Data.DataSetExtensions.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00	971264              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d6b4509225efde2a4e3db77205f8a51\System.Configuration.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00	141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f312bb844670ebc7458fec9e6b2568b3\System.Configuration.Install.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00	633856              c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\afd9595f07a8c68b26e81cf995957f56\System.AddIn.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00	366080              c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\3a42b2fbafe93d7b9395e328bea35afa\SMSvcHost.ni.exe
+ 2011-04-15 16:00 . 2011-04-15 16:00	256000              c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\97ff96d3fc8d0b10ea294f320acf821e\SMDiagnostics.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00	320512              c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\28ed0e9efd938b05b4f53e0d90046701\ServiceModelReg.ni.exe
+ 2011-04-15 13:45 . 2011-04-15 13:45	368128              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ffe13679e6b3e36e5cb6c47f8c4faf9c\PresentationFramework.Aero.ni.dll
+ 2011-04-15 13:45 . 2011-04-15 13:45	224768              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dbb40299379f2009c140ddadb04231b4\PresentationFramework.Classic.ni.dll
+ 2011-04-15 13:45 . 2011-04-15 13:45	258048              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a34cd33cec1bdfebe4a3910bceb8723b\PresentationFramework.Royale.ni.dll
+ 2011-04-15 13:45 . 2011-04-15 13:45	539648              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\689bb394bcb437ed085c22a43aba30c6\PresentationFramework.Luna.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00	133632              c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5670e74887ef1025c6a8c056ffe86b38\MSBuild.ni.exe
+ 2011-04-15 16:00 . 2011-04-15 16:00	386560              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\653732002ebf5c68f69150a60e145e6a\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00	175104              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\cc62770393640302bd4d7e442b1e49a4\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00	144384              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\352bff1ee71ce114e225f849038dc48d\Microsoft.Build.Utilities.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00	839680              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\7345f4d2d7157bf49de4158e8f2b6847\Microsoft.Build.Engine.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00	222720              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\d7dba901ddd410ca1a0156d0f2a27533\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00	220672              c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\010552e529d130ce914765b0801e2367\CustomMarshalers.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00	410112              c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\6861f639b13967e9b014b44bbb7c5d4c\ComSvcConfig.ni.exe
+ 2011-04-15 15:59 . 2011-04-15 15:59	842240              c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\800da7dec567fadf3392091e9f01ecb9\AspNetMMCExt.ni.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	839680              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	839680              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	303104              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	303104              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	372736              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	372736              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	626688              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	626688              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	401408              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	401408              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	970752              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	970752              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	745472              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	745472              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	425984              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	425984              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	659456              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	659456              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	749568              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	749568              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	655360              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	655360              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	348160              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	348160              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	507904              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	507904              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	261632              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	261632              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	113664              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	113664              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	258048              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	258048              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	486400              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	486400              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-04-15 07:17 . 2010-10-23 00:50	1748992              c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll
+ 2003-04-02 12:00 . 2011-02-22 23:05	1210880              c:\windows\system32\urlmon.dll
- 2003-04-02 12:00 . 2010-12-20 23:52	1210880              c:\windows\system32\urlmon.dll
+ 2003-04-02 12:00 . 2011-02-22 23:05	5962240              c:\windows\system32\mshtml.dll
- 2009-03-08 03:32 . 2010-12-20 23:52	1991680              c:\windows\system32\iertutil.dll
+ 2009-03-08 03:32 . 2011-02-22 23:05	1991680              c:\windows\system32\iertutil.dll
+ 2009-08-14 15:10 . 2011-03-03 13:53	1858048              c:\windows\system32\dllcache\win32k.sys
- 2009-10-29 05:24 . 2010-12-20 23:52	1210880              c:\windows\system32\dllcache\urlmon.dll
+ 2009-10-29 05:24 . 2011-02-22 23:05	1210880              c:\windows\system32\dllcache\urlmon.dll
+ 2009-10-29 18:54 . 2011-02-22 23:05	5962240              c:\windows\system32\dllcache\mshtml.dll
- 2010-05-01 07:55 . 2010-12-20 23:52	1991680              c:\windows\system32\dllcache\iertutil.dll
+ 2010-05-01 07:55 . 2011-02-22 23:05	1991680              c:\windows\system32\dllcache\iertutil.dll
- 2010-03-18 11:16 . 2010-03-18 11:16	5196112              c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2011-02-10 02:10 . 2011-02-10 02:10	5196112              c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2011-02-10 02:10 . 2011-02-10 02:10	1142104              c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
+ 2011-02-10 02:10 . 2011-02-10 02:10	6735176              c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
+ 2011-01-18 02:39 . 2011-01-18 02:39	5813072              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2010-05-11 04:40 . 2010-05-11 04:40	4550656              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-01-18 02:39 . 2011-01-18 02:39	4550656              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	1303896              c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	1303896              c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	3481928              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	3481928              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	2207568              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	2207568              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	4982120              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	4982120              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	1711496              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	1711496              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	6067048              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	6067048              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	1026936              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	1026936              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	4464480              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	4464480              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	1339736              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	1339736              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	1199968              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	1199968              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	1462648              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	1462648              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	6346600              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	6346600              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	2970968              c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	2970968              c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	3545952              c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	3545952              c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	5196112              c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	5196112              c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-04-15 13:05 . 2011-04-15 13:05	2989456              c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2010-10-22 18:16 . 2010-10-22 18:16	2989456              c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-04-15 13:10 . 2010-12-20 23:52	1210880              c:\windows\ie8updates\KB2497640-IE8\urlmon.dll
+ 2011-04-15 13:10 . 2010-12-20 23:52	5961216              c:\windows\ie8updates\KB2497640-IE8\mshtml.dll
+ 2011-04-15 13:10 . 2010-12-20 23:52	1991680              c:\windows\ie8updates\KB2497640-IE8\iertutil.dll
+ 2011-04-15 13:07 . 2011-04-15 13:07	3779072              c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8d8cf1d60737d945a526fb11577d4b8a\WindowsBase.ni.dll
+ 2011-04-15 16:30 . 2011-04-15 16:30	1055744              c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\28121866e3d6d8b0dc72d9e250b0af1c\UIAutomationClientsideProviders.ni.dll
+ 2011-04-15 13:06 . 2011-04-15 13:06	9000960              c:\windows\assembly\NativeImages_v4.0.30319_32\System\7abfd34ae39103ceccdfb8b262ed6a97\System.ni.dll
+ 2011-04-15 13:06 . 2011-04-15 13:06	5571584              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\eb45dda4b68ae7f29995c3a3d909fbe7\System.Xml.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02	1776640              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\738a078bc59722d6b06b5ae5e99569f9\System.Xaml.ni.dll
+ 2011-04-15 16:30 . 2011-04-15 16:30	1203712              c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\304d3a73f1164fd6a479d2ce3ce92eeb\System.WorkflowServices.ni.dll
+ 2011-04-15 16:30 . 2011-04-15 16:30	1956352              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Run#\2ad10d83d89a523c6de788549af858d7\System.Workflow.Runtime.ni.dll
+ 2011-04-15 16:30 . 2011-04-15 16:30	4428800              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\8195c01c967fc24ccb087de40259b8f9\System.Workflow.ComponentModel.ni.dll
+ 2011-04-15 16:30 . 2011-04-15 16:30	2839552              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\2d7c20df276d8353c5816f4bc765859d\System.Workflow.Activities.ni.dll
+ 2011-04-15 16:30 . 2011-04-15 16:30	4496384              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\eec21f9b08bbed54d9e36038badaf289\System.Windows.Forms.DataVisualization.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03	1864704              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\9a95136bec3e5267c7577404920d1d45\System.Web.Services.ni.dll
+ 2011-04-15 16:30 . 2011-04-15 16:30	2324992              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\12fe8461716ebb37f3c239be705a3346\System.Web.Mobile.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29	3079168              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\aeb23319f1c21615a69b9dabb3eed1e5\System.Web.Extensions.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29	4429312              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\5eb25b0fc92317024404b1c2f2c47e01\System.Web.DataVisualization.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29	1992192              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\01a3b3bf7fadd971e17400c8502ec886\System.Speech.ni.dll
+ 2011-04-15 16:28 . 2011-04-15 16:28	1046528              c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\809ed279c5eecfa3e211dfe4c3d891e1\System.ServiceModel.Web.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29	1127424              c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\6856341eadab4c3ace0e39182649bba2\System.ServiceModel.Discovery.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29	1388032              c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\4048a5620b0fa66a7414cff30155d30c\System.ServiceModel.Activities.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03	2625024              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\c46375bba06671d2a9369e630752987a\System.Runtime.Serialization.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03	1011200              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\6b6309a2e7f384bac4ccbdf1eca34c30\System.Runtime.DurableInstancing.ni.dll
+ 2011-04-15 16:04 . 2011-04-15 16:04	1047040              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\24f97354b0a95ef77b2db8de9e7374fe\System.Printing.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29	1159168              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\05a0937d76f565aa728348fc24f6c2eb\System.Management.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29	1065984              c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1f045fc92d6402b27f6b9fb9291d44c3\System.IdentityModel.ni.dll
+ 2011-04-15 13:06 . 2011-04-15 13:06	1651200              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\526f0a9717cbd8a50d09a10b5ce81c0d\System.Drawing.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03	1151488              c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\6dc0ed081400ec315f895bdc7fd016c4\System.DirectoryServices.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03	1872384              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\2a2a921350a9651e9bd681197edeb88d\System.Deployment.ni.dll
+ 2011-04-15 13:07 . 2011-04-15 13:07	6754816              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\adc8f2f7dff3233f2d72bcef8e58226a\System.Data.ni.dll
+ 2011-04-15 13:06 . 2011-04-15 13:06	2538496              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\c25dda9b477a33f9f235292114bb535c\System.Data.SqlXml.ni.dll
+ 2011-04-15 16:28 . 2011-04-15 16:28	2008576              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services\f6a18d8564d85567667671e65c1fac93\System.Data.Services.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29	1332736              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\aa778d274523b93d389e581e58698918\System.Data.Services.Client.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03	1183744              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\f1dd156de604f1a10aeea7108afd5e1f\System.Data.OracleClient.ni.dll
+ 2011-04-15 13:06 . 2011-04-15 13:06	2499072              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\8e0d083a7ad85b579d176e3594b5f3b8\System.Data.Linq.ni.dll
+ 2011-04-15 16:28 . 2011-04-15 16:28	1398272              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity.#\579e5f92bb6bcc68549c796d2650ea8c\System.Data.Entity.Design.ni.dll
+ 2011-04-15 13:06 . 2011-04-15 13:06	7025664              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\69b1f8a15cdfb26e30c8761fa4f96940\System.Core.ni.dll
+ 2011-04-15 16:04 . 2011-04-15 16:04	4103168              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\ec488a50a47246a625159744ad8e0931\System.Activities.ni.dll
+ 2011-04-15 16:04 . 2011-04-15 16:04	3691520              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\00fb4f96c610880aeee34d8670347a6d\System.Activities.Presentation.ni.dll
+ 2011-04-15 16:04 . 2011-04-15 16:04	1506304              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\a965a0f825fb91ce7cf78d99263968b4\System.Activities.Core.Presentation.ni.dll
+ 2011-04-15 16:04 . 2011-04-15 16:04	2842624              c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\3f04b2ab8961aceac03f8ae2ccabe947\ReachFramework.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03	1622528              c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\3aebfb1497141c9466ee8ce68a3bf805\PresentationUI.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03	1467904              c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationBuildTa#\04c896ef9acdfb2e0f068d78f3bb2dfc\PresentationBuildTasks.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03	1819648              c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\ff572ca3a119cd72903df8c6ed667b62\Microsoft.VisualBasic.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03	1133056              c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\e2d6ac83d5e42065b088e086479a1632\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03	1167872              c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\320f1578082f1de1f8562ce92c0c2dab\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03	1079808              c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\ac03be8a96bd10965da87208d81eb07d\Microsoft.Transactions.Bridge.ni.dll
+ 2011-04-15 16:29 . 2011-04-15 16:29	2441728              c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\d4572ad085979b16261058f1433e73e9\Microsoft.JScript.ni.dll
+ 2011-04-15 13:07 . 2011-04-15 13:07	1612288              c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\32454400da56267e19961852345d7a62\Microsoft.CSharp.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02	4226560              c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build\9eb482fd45d38ed674a400e280532e83\Microsoft.Build.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03	2850816              c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\dfdc36ac2dd7d51f61a05e15fe35c721\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02	1914368              c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Eng#\bb1cb4e6b20acc14abb6850cd4eecd0a\Microsoft.Build.Engine.ni.dll
+ 2011-04-15 13:10 . 2011-04-15 13:10	3325440              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\76e431fde1b252312b331f7108259fda\WindowsBase.ni.dll
+ 2011-04-15 13:46 . 2011-04-15 13:46	1049600              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\9e022c95e79f2b6f383a501ad99f08a9\UIAutomationClientsideProviders.ni.dll
+ 2011-04-15 13:10 . 2011-04-15 13:10	7949824              c:\windows\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll
+ 2011-04-15 13:46 . 2011-04-15 13:46	5450752              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b06e49ed8cbe07dbb90e313fa634b27b\System.Xml.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02	1356288              c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\6346221cecf631e5c0b754d842aad102\System.WorkflowServices.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02	1908224              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\1fbcd203ff8d77d561df8bf806417ab6\System.Workflow.Runtime.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02	4514304              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\efbaf3696c44fd7d4b3cd925e0437b36\System.Workflow.ComponentModel.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02	2992640              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\52a9bc5dd1fa497af7c7f4600bd8e6d1\System.Workflow.Activities.ni.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01	1840640              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f5ebeeb0a8aaba9db15ec3df591339ba\System.Web.Services.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02	2209280              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\92d6b75e3b63b528d4069bf4ee01983a\System.Web.Mobile.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02	2405376              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\02d53154634c8000382942e0f43ead41\System.Web.Extensions.ni.dll
+ 2011-04-15 13:46 . 2011-04-15 13:46	1917952              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\dd128c8e21e7fa14c12b71df9892d046\System.Speech.ni.dll
+ 2011-04-15 16:02 . 2011-04-15 16:02	1706496              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\8b0bb430bb6af96c18b43e3c54cfafe8\System.ServiceModel.Web.ni.dll
+ 2011-04-15 15:59 . 2011-04-15 15:59	2345472              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\85090bd451617e204ffda625b8d9fc30\System.Runtime.Serialization.ni.dll
+ 2011-04-15 13:46 . 2011-04-15 13:46	1035776              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\85a7a7aace114e78fc6c9b219bcd5551\System.Printing.ni.dll
+ 2011-04-15 15:59 . 2011-04-15 15:59	1070080              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\86c59378e9a43bf101a10ad452a4bb8e\System.IdentityModel.ni.dll
+ 2011-04-15 13:45 . 2011-04-15 13:45	1587200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d912066086a59f09424c7c69f95e2c55\System.Drawing.ni.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01	1116672              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c05d9332116964104c721e97f7ce1058\System.DirectoryServices.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00	1801216              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\0118c0c73ea5c77bda7b10b188102ab6\System.Deployment.ni.dll
+ 2011-04-15 13:45 . 2011-04-15 13:45	6616576              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\1337829e3df6888464a17aab78bb9b8f\System.Data.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00	2510336              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ba3ca7a93e227c32ce7b50d0a7ba935f\System.Data.SqlXml.ni.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01	1328128              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\2de52be5da96059651b5bec800cb4605\System.Data.Services.ni.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01	1115136              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\5018d7d39ee99a18c2c17d68837a7a6d\System.Data.OracleClient.ni.dll
+ 2011-04-15 13:45 . 2011-04-15 13:45	2516480              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\11f1306e0e311a0d0cbd139fb2fa4c36\System.Data.Linq.ni.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01	9924096              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6f83243158f28669aac9577fdb3d5aaf\System.Data.Entity.ni.dll
+ 2011-04-15 13:45 . 2011-04-15 13:45	2295296              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\684fe21837d3cf3e5935bbd0a7f53141\System.Core.ni.dll
+ 2011-04-15 13:45 . 2011-04-15 13:45	2128896              c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\12efddabe6fe35be21246c88ed9bf8ab\ReachFramework.ni.dll
+ 2011-04-15 13:45 . 2011-04-15 13:45	1657856              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\257c9327ba9cc5cd87f58de224aa2e0d\PresentationUI.ni.dll
+ 2011-04-15 13:10 . 2011-04-15 13:10	1451008              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\2faf279f73d492469a21f3e74d18955d\PresentationBuildTasks.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00	1712128              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\269103939243ec6929739c8b9a645c0d\Microsoft.VisualBasic.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00	1093120              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\bf7bd26d2828e35156814018939ce4f6\Microsoft.Transactions.Bridge.ni.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01	2332160              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\6594c17d7e112b0507b701d5b8a67bba\Microsoft.JScript.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00	1620992              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\f5eb1e42ccd0f67f7496b94a31949cd0\Microsoft.Build.Tasks.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00	1966080              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\cc7f05675a5cd8014222be1483d6beaf\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00	1888768              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\41cf95aa4ff5765b515d3252abc6353b\Microsoft.Build.Engine.ni.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	3182592              c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	3182592              c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	2048000              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	2048000              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	5025792              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	5025792              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	5062656              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	5062656              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	5242880              c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	5242880              c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	2933248              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	2933248              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-10-27 15:54 . 2010-10-27 15:54	4550656              c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-04-15 13:09 . 2011-04-15 13:09	4550656              c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-01-18 08:39 . 2011-04-15 13:02	39828936              c:\windows\system32\MRT.exe
- 2009-03-08 03:39 . 2010-12-21 04:22	11080704              c:\windows\system32\ieframe.dll
+ 2009-03-08 03:39 . 2011-02-22 23:05	11080704              c:\windows\system32\ieframe.dll
+ 2010-02-25 09:45 . 2011-02-22 23:05	11080704              c:\windows\system32\dllcache\ieframe.dll
- 2010-02-25 09:45 . 2010-12-21 04:22	11080704              c:\windows\system32\dllcache\ieframe.dll
+ 2011-02-11 18:47 . 2011-02-11 18:47	12028928              c:\windows\Installer\13aa0f3.msp
+ 2011-02-11 06:43 . 2011-02-11 06:43	10951168              c:\windows\Installer\13aa0e8.msp
+ 2011-04-15 13:10 . 2010-12-21 04:22	11080704              c:\windows\ie8updates\KB2497640-IE8\ieframe.dll
+ 2011-04-15 13:06 . 2011-04-15 13:06	13006336              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\85b61e27d3c08c0c8ff19deb75912e1d\System.Windows.Forms.ni.dll
+ 2011-04-15 16:03 . 2011-04-15 16:03	11917312              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\cbb8ea4c34417e0f8bb28173fa144b15\System.Web.ni.dll
+ 2011-04-15 16:28 . 2011-04-15 16:28	17919488              c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\8964b15d32028ef9dfe776216af8524d\System.ServiceModel.ni.dll
+ 2011-04-15 13:07 . 2011-04-15 13:07	10847744              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\52846d07f7717330921b70d23e36b34c\System.Design.ni.dll
+ 2011-04-15 16:28 . 2011-04-15 16:28	13273600              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\38409bc0ee7cdb9fbc981fefea83ab23\System.Data.Entity.ni.dll
+ 2011-04-15 13:07 . 2011-04-15 13:07	17629184              c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f1e3e74b135fcd61fa30090a2c2596a6\PresentationFramework.ni.dll
+ 2011-04-15 13:07 . 2011-04-15 13:07	11058176              c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\3fe193ac81b9eafd76aafeec99bdbf6a\PresentationCore.ni.dll
+ 2011-04-15 13:06 . 2011-04-15 13:06	14415872              c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\eb4e1e70734f6efb9c7de7ec5f452c9e\mscorlib.ni.dll
+ 2011-04-15 13:46 . 2011-04-15 13:46	12430848              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ed2bf0d86229128c194a872f70fe15ee\System.Windows.Forms.ni.dll
+ 2011-04-15 16:01 . 2011-04-15 16:01	11800576              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d7b7ee04166212533ae21eaeb584fb0d\System.Web.ni.dll
+ 2011-04-15 16:00 . 2011-04-15 16:00	17403904              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\b5f24d96334ea08b99350421450d3ba4\System.ServiceModel.ni.dll
+ 2011-04-15 13:45 . 2011-04-15 13:45	10683392              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\5aeadb9ff9a86f49130de5976a9f1744\System.Design.ni.dll
+ 2011-04-15 13:45 . 2011-04-15 13:45	14328320              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1a5d89d569e2e12842daf4d87c57361a\PresentationFramework.ni.dll
+ 2011-04-15 13:45 . 2011-04-15 13:45	12215808              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\46c57d845e55232a89e98101075cd455\PresentationCore.ni.dll
+ 2011-04-15 13:10 . 2011-04-15 13:10	11490816              c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
.
c:\dokumente und einstellungen\Kilaoa\Startmen\Programme\Autostart\
Stardock ObjectDock.lnk - c:\programme\Stardock\ObjectDockFree\ObjectDock.exe [N/A]
.
c:\dokumente und einstellungen\Kilaoa\Startmen\Programme\Autostart\
Stardock ObjectDock.lnk - c:\programme\Stardock\ObjectDockFree\ObjectDock.exe [N/A]
.
c:\dokumente und einstellungen\Kilaoa\Startmen\Programme\Autostart\
Stardock ObjectDock.lnk - c:\programme\Stardock\ObjectDockFree\ObjectDock.exe [N/A]
.
c:\dokumente und einstellungen\Kilaoa\Startmen\Programme\Autostart\
Stardock ObjectDock.lnk - c:\programme\Stardock\ObjectDockFree\ObjectDock.exe [N/A]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NAUpdate"=2 (0x2)
"SandraAgentSrv"=3 (0x3)
"npggsvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\mIRC\\mirc.exe"=
"c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\NexonEU\\NGM\\NGM.exe"=
"e:\\Spiele\\World of Warcraft\\Launcher.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"e:\\Spiele\\World of Warcraft\\WoW-3.3.2.11403-to-3.3.3.11685-deDE-downloader.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"e:\\Spiele\\World of Warcraft\\WoW-3.2.0-deDE-downloader.exe"=
"e:\\Spiele\\World of Warcraft\\WoW-3.3.3.11685-to-3.3.3.11723-deDE-downloader.exe"=
"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2011.SP1\\RpcAgentSrv.exe"=
"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2011.SP1\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Opera\\opera.exe"=
"c:\\Dokumente und Einstellungen\\Kilaoa\\Lokale Einstellungen\\Apps\\2.0\\NDB1HLDX.2MH\\Z37R629G.YHD\\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\\CurseClient.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"1036:TCP"= 1036:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [17.01.2010 18:15 114768]
R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [17.02.2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [17.02.2010 11:15 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.01.2010 18:15 20560]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [27.06.2010 22:26 17792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 13:16 130384]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\62.tmp --> c:\windows\system32\62.tmp [?]
S3 SASENUM;SASENUM;c:\programme\SUPERAntiSpyware\SASENUM.SYS [17.02.2010 11:15 12872]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [01.12.2009 15:49 34896]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 13:16 753504]
S4 NAUpdate;@c:\programme\Nero\Update\NASvc.exe,-200;c:\programme\Nero\Update\NASvc.exe [04.05.2010 12:07 503080]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1343024091-725345543-1004Core.job
- c:\dokumente und einstellungen\Kilaoa\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2010-11-04 22:24]
.
2011-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1343024091-725345543-1004UA.job
- c:\dokumente und einstellungen\Kilaoa\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2010-11-04 22:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>
FF - ProfilePath - c:\dokumente und einstellungen\Kilaoa\Anwendungsdaten\Mozilla\Firefox\Profiles\f33atzoq.default\
FF - prefs.js: browser.startup.homepage - about:blank
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-15 20:23
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\62.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1454471165-1343024091-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft-Datenträgerkontingent"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
@DACL=(02 0000)
@="Internet Explorer User Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3014"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Softwareinstallation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
@DACL=(02 0000)
@="Internet Explorer Machine Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
@DACL=(02 0000)
"DllName"="c:\\Programme\\SUPERAntiSpyware\\SASWINLO.dll"
"Logon"="SABWINLOLogon"
"Logoff"="SABWINLOLogoff"
"Startup"="SABWINLOStartup"
"Shutdown"="SABWINLOShutdown"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
@DACL=(02 0000)
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
@DACL=(02 0000)
"Asynchronous"=dword:00000001
"DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"
"Startup"="WlDimsStartup"
"Shutdown"="WlDimsShutdown"
"Logon"="WlDimsLogon"
"Logoff"="WlDimsLogoff"
"StartShell"="WlDimsStartShell"
"Lock"="WlDimsLock"
"Unlock"="WlDimsUnlock"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
@DACL=(02 0000)
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=expand:"sclgntfy.dll"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
@DACL=(02 0000)
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"Hilfeassistent"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"HelpAssistant"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(2636)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
Zeit der Fertigstellung: 2011-04-15  20:24:50
ComboFix-quarantined-files.txt  2011-04-15 18:24
ComboFix2.txt  2011-04-14 16:56
.
Vor Suchlauf: 13 Verzeichnis(se), 80.502.054.912 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 80.498.671.616 Bytes frei
.
- - End Of File - - 038B83F79FFCBD47B145D09EB4EECD53

Alt 15.04.2011, 20:51   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise - Standard

appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise


Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.04.2011, 22:30   #14
qupapa
 
appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise - Standard

appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise


So und weiter geht's.
GMER lief sauber durch, hat nur fast 1 1/2 Std. gebraucht.
Bei OSAM war mir aufgefallen, dass da irgendwas mit der Logonui.exe war, die hatte ich mal manuell verändert (keine Ahnung ob das relevant ist)

Nun hier die Logs:

Gmer:
Code:
ATTFilter
GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-15 23:14:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.1AC0
Running: 5f9ftjlg.exe; Driver: C:\DOKUME~1\Kilaoa\LOKALE~1\Temp\uxtdqpow.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                                           ZwClose [0xA4FC76B8]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                                           ZwCreateKey [0xA4FC7574]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                                           ZwDeleteValueKey [0xA4FC7A52]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                                           ZwDuplicateObject [0xA4FC714C]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                                           ZwOpenKey [0xA4FC764E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                                           ZwOpenProcess [0xA4FC708C]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                                           ZwOpenThread [0xA4FC70F0]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                                           ZwQueryValueKey [0xA4FC776E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                                           ZwRestoreKey [0xA4FC772E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                                           ZwSetValueKey [0xA4FC78AE]

Code            \??\C:\DOKUME~1\Kilaoa\LOKALE~1\Temp\catchme.sys                                                                                                pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                                                        section is writeable [0xB6543380, 0x566465, 0xE8000020]
?               C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                                                                                      Das System kann die angegebene Datei nicht finden. !
?               C:\DOKUME~1\Kilaoa\LOKALE~1\Temp\catchme.sys                                                                                                    Das System kann die angegebene Datei nicht finden. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\WINDOWS\system32\services.exe[916] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]                                    00380002
IAT             C:\WINDOWS\system32\services.exe[916] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW]                                          00380000

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                                          aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                                        aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                                       aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                                       aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                                     aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@                                 Microsoft-Datentr?gerkontingent
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoMachinePolicy                  0
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoUserPolicy                     1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoSlowLink                       1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoBackgroundPolicy               1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoGPOListChanges                 1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@PerUserLocalSettings             0
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@RequiresSuccessfulRegistry       1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@EnableAsynchronousProcessing     0
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@DllName                          dskquota.dll
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@ProcessGroupPolicy               ProcessGroupPolicy
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@                                 Internet Explorer Zonemapping
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@DllName                          C:\WINDOWS\system32\iedkcs32.dll
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@ProcessGroupPolicy               ProcessGroupPolicyForZoneMap
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@NoGPOListChanges                 1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@RequiresSucessfulRegistry        1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@DisplayName                      @C:\WINDOWS\system32\iedkcs32.dll.mui,-3051
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@RequiresSuccessfulRegistry       1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@                                 Internet Explorer User Accelerators
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@DisplayName                      @C:\WINDOWS\system32\iedkcs32.dll.mui,-3051
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@DllName                          C:\WINDOWS\system32\iedkcs32.dll
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@NoGPOListChanges                 1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@ProcessGroupPolicy               ProcessGroupPolicyForActivities
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@ProcessGroupPolicyEx             ProcessGroupPolicyForActivitiesEx
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@RequiresSuccessfulRegistry       1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicy               SceProcessSecurityPolicyGPO
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@GenerateGroupPolicy              SceGenerateGroupPolicy
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ExtensionRsopPlanningDebugLevel  1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicyEx             SceProcessSecurityPolicyGPOEx
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ExtensionDebugLevel              1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@DllName                          scecli.dll
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@                                 Security
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@NoUserPolicy                     1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@NoGPOListChanges                 1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@EnableAsynchronousProcessing     1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@MaxNoGPOListChangesInterval      960
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ProcessGroupPolicyEx             ProcessGroupPolicyEx
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@GenerateGroupPolicy              GenerateGroupPolicy
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ProcessGroupPolicy               ProcessGroupPolicy
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@DllName                          C:\WINDOWS\system32\iedkcs32.dll
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@                                 Internet Explorer Branding
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoSlowLink                       1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoBackgroundPolicy               0
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoGPOListChanges                 1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoMachinePolicy                  1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@DisplayName                      @C:\WINDOWS\system32\iedkcs32.dll.mui,-3014
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicy               SceProcessEFSRecoveryGPO
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@DllName                          scecli.dll
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@                                 EFS recovery
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@NoUserPolicy                     1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@NoGPOListChanges                 1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@RequiresSuccessfulRegistry       1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@                                 802.3 Group Policy
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@DisplayName                      @dot3gpclnt.dll,-100
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@ProcessGroupPolicyEx             ProcessLANPolicyEx
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@GenerateGroupPolicy              GenerateLANPolicy
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@DllName                          dot3gpclnt.dll
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@NoUserPolicy                     1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@NoGPOListChanges                 1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@                                 Microsoft Offline Files
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@DllName                          %SystemRoot%\System32\cscui.dll
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@EnableAsynchronousProcessing     0
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoBackgroundPolicy               0
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoGPOListChanges                 0
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoMachinePolicy                  0
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoSlowLink                       0
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoUserPolicy                     1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@PerUserLocalSettings             0
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@ProcessGroupPolicy               ProcessGroupPolicy
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@RequiresSuccessfulRegistry       1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@                                 Softwareinstallation
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@DllName                          appmgmts.dll
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@ProcessGroupPolicyEx             ProcessGroupPolicyObjectsEx
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@GenerateGroupPolicy              GenerateGroupPolicy
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@NoBackgroundPolicy               0
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@RequiresSucessfulRegistry        0
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@NoSlowLink                       1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@PerUserLocalSettings             1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@EventSources                     (Application Management,Application)?(MsiInstaller,Application)?
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@                                 Internet Explorer Machine Accelerators
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@DisplayName                      @C:\WINDOWS\system32\iedkcs32.dll.mui,-3051
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@DllName                          C:\WINDOWS\system32\iedkcs32.dll
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@NoGPOListChanges                 1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@ProcessGroupPolicy               ProcessGroupPolicyForActivities
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@ProcessGroupPolicyEx             ProcessGroupPolicyForActivitiesEx
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@RequiresSuccessfulRegistry       1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@DllName                                                          C:\Programme\SUPERAntiSpyware\SASWINLO.dll
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Logon                                                            SABWINLOLogon
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Logoff                                                           SABWINLOLogoff
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Startup                                                          SABWINLOStartup
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Shutdown                                                         SABWINLOShutdown
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Asynchronous                                                     0
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Impersonate                                                      0
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@Asynchronous                                                     0
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@Impersonate                                                      0
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@DllName                                                          crypt32.dll
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@Logoff                                                           ChainWlxLogoffEvent
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@Asynchronous                                                         0
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@Impersonate                                                          0
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@DllName                                                              cryptnet.dll
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@Logoff                                                               CryptnetWlxLogoffEvent
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@DLLName                                                                cscdll.dll
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Logon                                                                  WinlogonLogonEvent
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Logoff                                                                 WinlogonLogoffEvent
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@ScreenSaver                                                            WinlogonScreenSaverEvent
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Startup                                                                WinlogonStartupEvent
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Shutdown                                                               WinlogonShutdownEvent
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@StartShell                                                             WinlogonStartShellEvent
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Impersonate                                                            0
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Asynchronous                                                           1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Asynchronous                                                         1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@DllName                                                              %SystemRoot%\System32\dimsntfy.dll
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Startup                                                              WlDimsStartup
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Shutdown                                                             WlDimsShutdown
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Logon                                                                WlDimsLogon
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Logoff                                                               WlDimsLogoff
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@StartShell                                                           WlDimsStartShell
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Lock                                                                 WlDimsLock
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Unlock                                                               WlDimsUnlock
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@DLLName                                                            wlnotify.dll
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Logon                                                              SCardStartCertProp
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Logoff                                                             SCardStopCertProp
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Lock                                                               SCardSuspendCertProp
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Unlock                                                             SCardResumeCertProp
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Enabled                                                            1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Impersonate                                                        1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Asynchronous                                                       1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@Asynchronous                                                         0
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@DllName                                                              wlnotify.dll
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@Impersonate                                                          0
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@StartShell                                                           SchedStartShell
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@Logoff                                                               SchedEventLogOff
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@Logoff                                                               WLEventLogoff
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@Impersonate                                                          0
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@Asynchronous                                                         1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@DllName                                                              sclgntfy.dll
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@DLLName                                                              WlNotify.dll
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Lock                                                                 SensLockEvent
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Logon                                                                SensLogonEvent
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Logoff                                                               SensLogoffEvent
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Safe                                                                 1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@MaxWait                                                              600
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@StartScreenSaver                                                     SensStartScreenSaverEvent
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@StopScreenSaver                                                      SensStopScreenSaverEvent
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Startup                                                              SensStartupEvent
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Shutdown                                                             SensShutdownEvent
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@StartShell                                                           SensStartShellEvent
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@PostShell                                                            SensPostShellEvent
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Disconnect                                                           SensDisconnectEvent
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Reconnect                                                            SensReconnectEvent
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Unlock                                                               SensUnlockEvent
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Impersonate                                                          1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Asynchronous                                                         1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Asynchronous                                                          0
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@DllName                                                               wlnotify.dll
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Impersonate                                                           0
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Logoff                                                                TSEventLogoff
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Logon                                                                 TSEventLogon
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@PostShell                                                             TSEventPostShell
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Shutdown                                                              TSEventShutdown
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@StartShell                                                            TSEventStartShell
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Startup                                                               TSEventStartup
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@MaxWait                                                               600
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Reconnect                                                             TSEventReconnect
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Disconnect                                                            TSEventDisconnect
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@DLLName                                                             wlnotify.dll
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Logon                                                               RegisterTicketExpiredNotificationEvent
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Logoff                                                              UnregisterTicketExpiredNotificationEvent
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Impersonate                                                         1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Asynchronous                                                        1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@Hilfeassistent                                              0
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@TsInternetUser                                              0
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@SQLAgentCmdExec                                             0
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@NetShowServices                                             0
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@HelpAssistant                                               0
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@IWAM_                                                       65536
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@IUSR_                                                       65536
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@VUSR_                                                       65536
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@ASPNET                                                      0

---- EOF - GMER 1.0.15 ----
OSAM:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:34:01 on 15.04.2011

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskUserS-1-5-21-1454471165-1343024091-725345543-1004Core.job" - "Google Inc." - C:\Dokumente und Einstellungen\Kilaoa\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-1454471165-1343024091-725345543-1004UA.job" - "Google Inc." - C:\Dokumente und Einstellungen\Kilaoa\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile USB Driver" (USBAAPL) - ? - C:\WINDOWS\System32\Drivers\usbaapl.sys  (File not found)
"aswFsBlk" (aswFsBlk) - "ALWIL Software" - C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys
"aswRdr" (aswRdr) - "ALWIL Software" - C:\WINDOWS\system32\drivers\aswRdr.sys
"avast! Asynchronous Virus Monitor" (Aavmker4) - "ALWIL Software" - C:\WINDOWS\system32\drivers\Aavmker4.sys
"avast! Network Shield Support" (aswTdi) - "ALWIL Software" - C:\WINDOWS\system32\drivers\aswTdi.sys
"avast! Self Protection" (aswSP) - "ALWIL Software" - C:\WINDOWS\system32\drivers\aswSP.sys
"avast! Standard Shield Support" (aswMon2) - "ALWIL Software" - C:\WINDOWS\system32\drivers\aswMon2.sys
"Avnex Virtual Audio Device (WDM)" (VCSVADHWSer) - "Avnex" - C:\WINDOWS\System32\DRIVERS\vcsvad.sys
"Belkin Wireless G USB Network Adapter(Belkin)" (BLKWGU(Belkin)) - "Belkin Corporation" - C:\WINDOWS\System32\DRIVERS\BLKWGU.sys
"catchme" (catchme) - ? - C:\DOKUME~1\Kilaoa\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"EagleNT" (EagleNT) - ? - C:\WINDOWS\system32\drivers\EagleNT.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"mbr" (mbr) - ? - C:\CoFi\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"MEMSWEEP2" (MEMSWEEP2) - ? - C:\WINDOWS\system32\62.tmp  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"SANDRA" (SANDRA) - ? - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP1\WNt500x86\Sandra.sys  (File not found)
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
"SASENUM" (SASENUM) - " SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASENUM.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File not found)
"uxtdqpow" (uxtdqpow) - ? - C:\DOKUME~1\Kilaoa\LOKALE~1\Temp\uxtdqpow.sys  (Hidden registry entry, rootkit activity | File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"ZDPSp50 NDIS Protocol Driver" (ZDPSp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\System32\Drivers\ZDPSp50.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "ALWIL Software" - C:\Programme\Alwil Software\Avast4\ashShell.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -   (File not found | COM-object registry key not found)
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{1984D045-52CF-49cd-DB77-08F378FEA4DB} "ObjectDockShlExt" - ? -   (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
{1984D045-52CF-49cd-DB77-08F378FEA4DB} {000214e8-0000-0000-c000-000000000046} 0x401 "{1984D045-52CF-49cd-DB77-08F378FEA4DB} {000214e8-0000-0000-c000-000000000046} 0x401" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Programme\Spybot\SDHelper.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Programme\Spybot\SDHelper.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Kilaoa\Startmenü\Programme\Autostart\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avast!" - "ALWIL Software" - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"avast! Antivirus" (avast! Antivirus) - "ALWIL Software" - C:\Programme\Alwil Software\Avast4\ashServ.exe
"avast! iAVS4 Control Service" (aswUpdSv) - "ALWIL Software" - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
"avast! Mail Scanner" (avast! Mail Scanner) - "ALWIL Software" - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
"avast! Web Scanner" (avast! Web Scanner) - "ALWIL Software" - C:\Programme\Alwil Software\Avast4\ashWebSv.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"UIHost" - "Microsoft Corporation" - C:\WINDOWS\system32\logonui.exe
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{B587E2B1-4D59-4e7e-AED9-22B9DF11D053} "802.3 Group Policy" - "Microsoft Corporation" - C:\WINDOWS\system32\dot3gpclnt.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A} "EFS recovery" - "Microsoft Corporation" - C:\WINDOWS\system32\scecli.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B} "Internet Explorer Branding" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} "Internet Explorer Machine Accelerators" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{7B849a69-220F-451E-B3FE-2CB811AF94AE} "Internet Explorer User Accelerators" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3} "Internet Explorer Zonemapping" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{C631DF4C-088F-4156-B058-4375F0853CD8} "Microsoft Offline Files" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{3610eda5-77ef-11d2-8dc5-00c04fa31a66} "Microsoft-Datenträgerkontingent" - "Microsoft Corporation" - C:\WINDOWS\system32\dskquota.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{827D319E-6EAC-11D2-A4EA-00C04F79F83A} "Security" - "Microsoft Corporation" - C:\WINDOWS\system32\scecli.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (Hidden registry entry, rootkit activity | File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.dll  (Hidden registry entry, rootkit activity)
"crypt32chain" - "Microsoft Corporation" - C:\WINDOWS\system32\crypt32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"cryptnet" - "Microsoft Corporation" - C:\WINDOWS\system32\cryptnet.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"cscdll" - "Microsoft Corporation" - C:\WINDOWS\system32\cscdll.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"dimsntfy" - "Microsoft Corporation" - C:\WINDOWS\System32\dimsntfy.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"ScCertProp" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"Schedule" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"sclgntfy" - "Microsoft Corporation" - C:\WINDOWS\system32\sclgntfy.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"SensLogn" - "Microsoft Corporation" - C:\WINDOWS\system32\WlNotify.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"termsrv" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"wlballoon" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
MBRCheck
Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows XP Home Edition
Windows Information:		Service Pack 3 (build 2600)
Logical Drives Mask:		0x0000001d

Kernel Drivers (total 124):
  0x804D7000 \WINDOWS\system32\ntoskrnl.exe
  0x80701000 \WINDOWS\system32\hal.dll
  0xF7987000 \WINDOWS\system32\KDCOM.DLL
  0xF7897000 \WINDOWS\system32\BOOTVID.dll
  0xF75A7000 ACPI.sys
  0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
  0xF7596000 pci.sys
  0xF75F7000 ohci1394.sys
  0xF7607000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
  0xF7617000 isapnp.sys
  0xF7A4F000 pciide.sys
  0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
  0xF7627000 MountMgr.sys
  0xF74D7000 ftdisk.sys
  0xF770F000 PartMgr.sys
  0xF7637000 VolSnap.sys
  0xF74BF000 atapi.sys
  0xF7B1F000 iaStor.sys
  0xF7647000 disk.sys
  0xF7657000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
  0xF749F000 fltmgr.sys
  0xF748D000 sr.sys
  0xF7476000 KSecDD.sys
  0xB8773000 Ntfs.sys
  0xB8746000 NDIS.sys
  0xB872C000 Mup.sys
  0xF76A7000 \SystemRoot\System32\DRIVERS\nic1394.sys
  0xB8233000 \SystemRoot\System32\DRIVERS\intelppm.sys
  0xB6543000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
  0xB652F000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xB6507000 \SystemRoot\System32\DRIVERS\HDAudBus.sys
  0xB64F3000 \SystemRoot\System32\DRIVERS\Rtenicxp.sys
  0xF7757000 \SystemRoot\System32\DRIVERS\usbuhci.sys
  0xB64CF000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
  0xF775F000 \SystemRoot\System32\DRIVERS\usbehci.sys
  0xF7767000 \SystemRoot\System32\DRIVERS\fdc.sys
  0xB64BB000 \SystemRoot\System32\DRIVERS\parport.sys
  0xB8608000 \SystemRoot\System32\DRIVERS\gameenum.sys
  0xB8223000 \SystemRoot\System32\DRIVERS\serial.sys
  0xB8604000 \SystemRoot\System32\DRIVERS\serenum.sys
  0xB8213000 \SystemRoot\System32\DRIVERS\imapi.sys
  0xB8203000 \SystemRoot\System32\DRIVERS\cdrom.sys
  0xB81F3000 \SystemRoot\System32\DRIVERS\redbook.sys
  0xB6498000 \SystemRoot\System32\DRIVERS\ks.sys
  0xF776F000 \SystemRoot\system32\DRIVERS\vcsvad.sys
  0xB6474000 \SystemRoot\system32\DRIVERS\portcls.sys
  0xB81E3000 \SystemRoot\system32\DRIVERS\drmk.sys
  0xF7A9F000 \SystemRoot\System32\DRIVERS\audstub.sys
  0xB81D3000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
  0xB85FC000 \SystemRoot\System32\DRIVERS\ndistapi.sys
  0xB645D000 \SystemRoot\System32\DRIVERS\ndiswan.sys
  0xB81C3000 \SystemRoot\System32\DRIVERS\raspppoe.sys
  0xB81B3000 \SystemRoot\System32\DRIVERS\raspptp.sys
  0xF7777000 \SystemRoot\System32\DRIVERS\TDI.SYS
  0xB644C000 \SystemRoot\System32\DRIVERS\psched.sys
  0xB6F96000 \SystemRoot\System32\DRIVERS\msgpc.sys
  0xF777F000 \SystemRoot\System32\DRIVERS\ptilink.sys
  0xF7787000 \SystemRoot\System32\DRIVERS\raspti.sys
  0xB6F86000 \SystemRoot\System32\DRIVERS\termdd.sys
  0xF778F000 \SystemRoot\System32\DRIVERS\kbdclass.sys
  0xF7797000 \SystemRoot\System32\DRIVERS\mouclass.sys
  0xF79CD000 \SystemRoot\System32\DRIVERS\swenum.sys
  0xB63EE000 \SystemRoot\System32\DRIVERS\update.sys
  0xB85F4000 \SystemRoot\System32\DRIVERS\mssmbios.sys
  0xB863C000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xA6AB0000 \SystemRoot\system32\drivers\RtkHDAud.sys
  0xAA3A3000 \SystemRoot\System32\DRIVERS\usbhub.sys
  0xF79A5000 \SystemRoot\System32\DRIVERS\USBD.SYS
  0xAFCBC000 \SystemRoot\System32\DRIVERS\flpydisk.sys
  0xF79A7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xAEE5B000 \SystemRoot\System32\Drivers\Null.SYS
  0xF79A9000 \SystemRoot\System32\Drivers\Beep.SYS
  0xAFCAC000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
  0xAFCA4000 \SystemRoot\System32\drivers\vga.sys
  0xF79AB000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xF79AD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xAFC9C000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xAFC94000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xB32DE000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0xA6A41000 \SystemRoot\System32\DRIVERS\ipsec.sys
  0xA69E8000 \SystemRoot\System32\DRIVERS\tcpip.sys
  0xA69C2000 \SystemRoot\System32\DRIVERS\ipnat.sys
  0xAA373000 \SystemRoot\System32\Drivers\aswTdi.SYS
  0xAA363000 \SystemRoot\System32\DRIVERS\wanarp.sys
  0xA699A000 \SystemRoot\System32\DRIVERS\netbt.sys
  0xAA353000 \SystemRoot\System32\DRIVERS\arp1394.sys
  0xA6978000 \SystemRoot\System32\drivers\afd.sys
  0xAA343000 \SystemRoot\System32\DRIVERS\netbios.sys
  0xA6956000 \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
  0xAD0DC000 \??\C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
  0xA692B000 \SystemRoot\System32\DRIVERS\rdbss.sys
  0xA68BB000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
  0xA9688000 \SystemRoot\System32\Drivers\Fips.SYS
  0xA4FBF000 \SystemRoot\System32\Drivers\aswSP.SYS
  0xAD094000 \SystemRoot\System32\Drivers\Aavmker4.SYS
  0xA9704000 \SystemRoot\System32\DRIVERS\usbccgp.sys
  0xAFCFC000 \SystemRoot\System32\DRIVERS\hidusb.sys
  0xA8D98000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
  0x9EFA1000 \SystemRoot\System32\DRIVERS\BLKWGU.sys
  0xA14A2000 \SystemRoot\System32\DRIVERS\kbdhid.sys
  0xA1034000 \SystemRoot\System32\DRIVERS\mouhid.sys
  0xA115B000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0x9EEE1000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xA0124000 \SystemRoot\System32\drivers\Dxapi.sys
  0xB35E1000 \SystemRoot\System32\watchdog.sys
  0xBD000000 \SystemRoot\System32\drivers\dxg.sys
  0x9FFD2000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBD012000 \SystemRoot\System32\nv4_disp.dll
  0xBD635000 \SystemRoot\System32\ATMFD.DLL
  0xA57B0000 \SystemRoot\system32\DRIVERS\aswFsBlk.sys
  0xA240D000 \SystemRoot\System32\DRIVERS\ndisuio.sys
  0x9ECCB000 \SystemRoot\System32\Drivers\aswMon2.SYS
  0x9EBC6000 \SystemRoot\system32\drivers\wdmaud.sys
  0xA9628000 \SystemRoot\system32\drivers\sysaudio.sys
  0x9EA09000 \SystemRoot\System32\DRIVERS\mrxdav.sys
  0xB1760000 \SystemRoot\System32\Drivers\ParVdm.SYS
  0x9E989000 \SystemRoot\System32\DRIVERS\srv.sys
  0x9E560000 \SystemRoot\System32\Drivers\HTTP.sys
  0x9E60D000 \SystemRoot\System32\Drivers\aswRdr.SYS
  0xF79D1000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
  0xF77F7000 \??\C:\DOKUME~1\Kilaoa\LOKALE~1\Temp\catchme.sys
  0x9C1B0000 \??\C:\DOKUME~1\Kilaoa\LOKALE~1\Temp\uxtdqpow.sys
  0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 25):
       0 System Idle Process
       4 System
     636 C:\WINDOWS\system32\smss.exe
     848 csrss.exe
     872 C:\WINDOWS\system32\winlogon.exe
     916 C:\WINDOWS\system32\services.exe
     928 C:\WINDOWS\system32\lsass.exe
    1092 C:\WINDOWS\system32\nvsvc32.exe
    1116 C:\WINDOWS\system32\svchost.exe
    1168 svchost.exe
    1208 C:\WINDOWS\system32\svchost.exe
    1328 svchost.exe
    1356 svchost.exe
    1580 C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
    1644 C:\Programme\Alwil Software\Avast4\ashServ.exe
     332 C:\WINDOWS\system32\spoolsv.exe
    1424 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
     472 svchost.exe
    3372 alg.exe
    2804 C:\WINDOWS\system32\svchost.exe
    3556 C:\WINDOWS\explorer.exe
    1028 C:\Programme\SRWare Iron\iron.exe
    1436 C:\Programme\SRWare Iron\iron.exe
    2084 C:\Dokumente und Einstellungen\Kilaoa\Desktop\osam.exe
    1836 C:\Dokumente und Einstellungen\Kilaoa\Eigene Dateien\Downloads\MBRCheck (1).exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000018`69e61600  (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD322HJ, Rev: 1AC01118

      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive0   Windows XP MBR code detected
            SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11


Done!

--------------------------------------------------------------------

P.S. hatte zuerst deinen Hinweis überlesen, dass ich die online Abfrage überspringen soll und hatte es so gemacht wie es unter
http://www.trojaner-board.de/84180-a...n-manager.html
stand. Weiss nicht ob das wichtig/anders ist aber vorsichtshalber hier auch noch diese Log:

OSAM:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:22:54 on 15.04.2011

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskUserS-1-5-21-1454471165-1343024091-725345543-1004Core.job" - "Google Inc." - C:\Dokumente und Einstellungen\Kilaoa\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-1454471165-1343024091-725345543-1004UA.job" - "Google Inc." - C:\Dokumente und Einstellungen\Kilaoa\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile USB Driver" (USBAAPL) - ? - C:\WINDOWS\System32\Drivers\usbaapl.sys  (File not found)
"aswFsBlk" (aswFsBlk) - "ALWIL Software" - C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys
"aswRdr" (aswRdr) - "ALWIL Software" - C:\WINDOWS\system32\drivers\aswRdr.sys
"avast! Asynchronous Virus Monitor" (Aavmker4) - "ALWIL Software" - C:\WINDOWS\system32\drivers\Aavmker4.sys
"avast! Network Shield Support" (aswTdi) - "ALWIL Software" - C:\WINDOWS\system32\drivers\aswTdi.sys
"avast! Self Protection" (aswSP) - "ALWIL Software" - C:\WINDOWS\system32\drivers\aswSP.sys
"avast! Standard Shield Support" (aswMon2) - "ALWIL Software" - C:\WINDOWS\system32\drivers\aswMon2.sys
"Avnex Virtual Audio Device (WDM)" (VCSVADHWSer) - "Avnex" - C:\WINDOWS\System32\DRIVERS\vcsvad.sys
"Belkin Wireless G USB Network Adapter(Belkin)" (BLKWGU(Belkin)) - "Belkin Corporation" - C:\WINDOWS\System32\DRIVERS\BLKWGU.sys
"catchme" (catchme) - ? - C:\DOKUME~1\Kilaoa\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"EagleNT" (EagleNT) - ? - C:\WINDOWS\system32\drivers\EagleNT.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"mbr" (mbr) - ? - C:\CoFi\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"MEMSWEEP2" (MEMSWEEP2) - ? - C:\WINDOWS\system32\62.tmp  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"SANDRA" (SANDRA) - ? - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP1\WNt500x86\Sandra.sys  (File not found)
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
"SASENUM" (SASENUM) - " SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASENUM.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File not found)
"uxtdqpow" (uxtdqpow) - ? - C:\DOKUME~1\Kilaoa\LOKALE~1\Temp\uxtdqpow.sys  (Hidden registry entry, rootkit activity | File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"ZDPSp50 NDIS Protocol Driver" (ZDPSp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\System32\Drivers\ZDPSp50.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "ALWIL Software" - C:\Programme\Alwil Software\Avast4\ashShell.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -   (File not found | COM-object registry key not found)
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{1984D045-52CF-49cd-DB77-08F378FEA4DB} "ObjectDockShlExt" - ? -   (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
{1984D045-52CF-49cd-DB77-08F378FEA4DB} {000214e8-0000-0000-c000-000000000046} 0x401 "{1984D045-52CF-49cd-DB77-08F378FEA4DB} {000214e8-0000-0000-c000-000000000046} 0x401" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Programme\Spybot\SDHelper.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Programme\Spybot\SDHelper.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Kilaoa\Startmenü\Programme\Autostart\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avast!" - "ALWIL Software" - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"avast! Antivirus" (avast! Antivirus) - "ALWIL Software" - C:\Programme\Alwil Software\Avast4\ashServ.exe
"avast! iAVS4 Control Service" (aswUpdSv) - "ALWIL Software" - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
"avast! Mail Scanner" (avast! Mail Scanner) - "ALWIL Software" - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
"avast! Web Scanner" (avast! Web Scanner) - "ALWIL Software" - C:\Programme\Alwil Software\Avast4\ashWebSv.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"UIHost" - "Microsoft Corporation" - C:\WINDOWS\system32\logonui.exe
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{B587E2B1-4D59-4e7e-AED9-22B9DF11D053} "802.3 Group Policy" - "Microsoft Corporation" - C:\WINDOWS\system32\dot3gpclnt.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A} "EFS recovery" - "Microsoft Corporation" - C:\WINDOWS\system32\scecli.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B} "Internet Explorer Branding" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} "Internet Explorer Machine Accelerators" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{7B849a69-220F-451E-B3FE-2CB811AF94AE} "Internet Explorer User Accelerators" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3} "Internet Explorer Zonemapping" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{C631DF4C-088F-4156-B058-4375F0853CD8} "Microsoft Offline Files" - "Microsoft Corporation" - C:\WINDOWS\System32\cscui.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{3610eda5-77ef-11d2-8dc5-00c04fa31a66} "Microsoft-Datenträgerkontingent" - "Microsoft Corporation" - C:\WINDOWS\system32\dskquota.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{827D319E-6EAC-11D2-A4EA-00C04F79F83A} "Security" - "Microsoft Corporation" - C:\WINDOWS\system32\scecli.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (Hidden registry entry, rootkit activity | File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.dll  (Hidden registry entry, rootkit activity)
"crypt32chain" - "Microsoft Corporation" - C:\WINDOWS\system32\crypt32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"cryptnet" - "Microsoft Corporation" - C:\WINDOWS\system32\cryptnet.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"cscdll" - "Microsoft Corporation" - C:\WINDOWS\system32\cscdll.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"dimsntfy" - "Microsoft Corporation" - C:\WINDOWS\System32\dimsntfy.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"ScCertProp" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"Schedule" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"sclgntfy" - "Microsoft Corporation" - C:\WINDOWS\system32\sclgntfy.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"SensLogn" - "Microsoft Corporation" - C:\WINDOWS\system32\WlNotify.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"termsrv" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"wlballoon" - "Microsoft Corporation" - C:\WINDOWS\system32\wlnotify.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Geändert von qupapa (15.04.2011 um 22:39 Uhr)

Alt 16.04.2011, 11:36   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise - Standard

appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise


Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort
Seite 1 von 2 1 2

Themen zu appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise
anderen, avast, bli, board, datei, dateien, diverse, entfernt, forum, infizierte, internet, kostenlose, lizenz, löschen, problem, probleme, registry, runde, scan, seite, seiten, system, temporäre, variante, warnung


« Finale Bekämpfung des Bundeskriminalamts-Trojaner | Windows Fix Disk - Bestehende Probleme nach "Entfernung" »


Ähnliche Themen: appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise


  1. Ein ganz, ganz großes Danke schön an Schrauber!!!
    Lob, Kritik und Wünsche - 12.06.2015 (1)
  2. Ganz ganz lieben Dank Schrauber!
    Lob, Kritik und Wünsche - 13.04.2015 (2)
  3. GVU-Trojaner wahrscheinlich nicht vollständig entfernt
    Plagegeister aller Art und deren Bekämpfung - 18.01.2013 (9)
  4. appconf32.exe (Backdoor.Agent)
    Log-Analyse und Auswertung - 01.08.2012 (5)
  5. appconf32.exe
    Log-Analyse und Auswertung - 25.07.2012 (2)
  6. appconf32.exe gefunden ... was kann ich tun?
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (5)
  7. Mein Pc ist wahrscheinlich nicht sauber
    Plagegeister aller Art und deren Bekämpfung - 03.06.2012 (3)
  8. Backdoor. Agent appconf32.exe
    Plagegeister aller Art und deren Bekämpfung - 02.05.2012 (15)
  9. BitDefender meldet appconf32.exe
    Log-Analyse und Auswertung - 05.03.2012 (21)
  10. Trojaner appconf32.exe
    Log-Analyse und Auswertung - 18.12.2011 (1)
  11. TR/Crypt.XPACK.Gen und Fehlermeldung Generic Host for Win32! Richtige Vorgehensweise?
    Plagegeister aller Art und deren Bekämpfung - 10.10.2010 (6)
  12. Beim Start kommt ganz ganz kurz ein Bluescreen und dann ist vorbei! :-(
    Log-Analyse und Auswertung - 18.01.2010 (49)
  13. Vista atartet nicht mehr wahrscheinlich Virus
    Plagegeister aller Art und deren Bekämpfung - 04.08.2009 (1)
  14. W-Lan nicht die richtige Weite oder was?
    Netzwerk und Hardware - 07.06.2007 (17)
  15. MoneyBar geht nicht weg|wahrscheinlich Böse
    Log-Analyse und Auswertung - 23.04.2007 (2)
  16. IEXPLORE.EXE (nicht die Richtige) nervt total ab!
    Plagegeister aller Art und deren Bekämpfung - 13.02.2006 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise - Erstmal möchte ich ein Hallo in die Runde werfen, da dies mein erster Post hier auf dem Board ist. Nun zu meinem Problem: Gestern gab mir Avast die Warnung, dass - appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise...
Archiv
Du betrachtest: appconf32.exe und die (wahrscheinlich) nicht ganz richtige Vorgehensweise auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130