Explorer.exe fährt nicht mehr automatisch hoch; Problem mit Resource Verifier |
||
---|---|---|
#0
| ||
01.09.2010, 13:58
Member
Beiträge: 12 |
||
|
||
01.09.2010, 15:31
Member
Beiträge: 420 |
#2
Hi,
1. Malwarebytes http://www.malwarebytes.org/affiliates/g2g/mbam-setup.exe Malwarebytes bitte installieren, aktualisieren, einen Quick Scan durchführen, evt. Funde entfernen lassen und das Log posten. 2. OTL http://oldtimer.geekstogo.com/OTL.exe Das Programm starten, bei Scan All Users, Loop Check und Purity Check Häckchen setzen und auf Run Scan klicken. Es werden zwei Logs erstellt, OTL.txt und Extras.txt, die beiden bitte posten. |
|
|
||
01.09.2010, 16:56
Member
Themenstarter Beiträge: 12 |
#3
Hab jetzt neu gestartet. Diesmal hat wieder alles so funktioniert wie es sollte. Wars das oder muss ich noch mehr machen?
Hier ist aber erstmal die Log Files. Malware: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4521 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 01.09.2010 16:20:55 mbam-log-2010-09-01 (16-20-55).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 168104 Laufzeit: 11 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Userinit.exe (Security.Hijack) -> No action taken. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\WINDOWS\system32\packm.exe (Spyware.Zbot) -> No action taken. OTL: OTL logfile created on: 01.09.2010 16:23:22 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Dokumente und Einstellungen\Boris Kannowski\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 24,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): C:\pagefile.sys 0 0D:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 27,95 Gb Total Space | 2,11 Gb Free Space | 7,56% Space Free | Partition Type: NTFS Drive D: | 121,10 Gb Total Space | 17,33 Gb Free Space | 14,31% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 648,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BORIS Current User Name: Boris Kannowski Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010.09.01 16:22:25 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Boris Kannowski\Eigene Dateien\Downloads\OTL.exe PRC - [2010.07.22 11:58:48 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2010.07.16 07:41:54 | 010,358,568 | ---- | M] (Apple Inc.) -- C:\Programme\iTunes\iTunes.exe PRC - [2010.06.10 21:18:20 | 000,019,760 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe PRC - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.06.03 13:45:42 | 000,012,592 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\distnoted.exe PRC - [2010.05.28 13:04:52 | 000,911,920 | ---- | M] (Secunia) -- D:\Programme\Secunia\PSI\psi.exe PRC - [2010.05.14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.03.19 17:11:24 | 001,138,688 | ---- | M] (Last.fm) -- D:\Programme\Last.fm\LastFM.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.12.11 04:59:40 | 000,307,200 | ---- | M] (Team H2O) -- C:\Programme\Syncrosoft\POS\H2O\cledx.exe PRC - [2007.06.20 20:28:33 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2007.04.30 02:03:00 | 000,032,768 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0330Mon.exe PRC - [2007.03.16 12:45:30 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe PRC - [2007.03.09 01:02:00 | 000,919,280 | ---- | M] (Zone Labs, LLC) -- C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe PRC - [2007.03.09 01:01:58 | 000,075,568 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe PRC - [2006.01.09 04:43:42 | 000,053,340 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Shared Files\CTSched.exe PRC - [2005.10.27 12:00:22 | 000,299,008 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Shared Files\CamTray.exe PRC - [2004.06.16 06:03:04 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010.09.01 16:22:25 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Boris Kannowski\Eigene Dateien\Downloads\OTL.exe MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2006.05.03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\nzydz.dll -- (pskkrb) SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt) SRV - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2007.03.09 01:01:58 | 000,075,568 | ---- | M] (Zone Labs, LLC) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\BORISK~1\LOKALE~1\Temp\pfsvgae.sys -- (pfsvgae) DRV - [2010.05.28 13:04:52 | 000,014,896 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI) DRV - [2010.04.01 13:56:39 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.12.14 19:38:38 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2008.06.18 17:49:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5) DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE) DRV - [2007.08.08 14:48:18 | 000,157,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0330Vid.sys -- (V0330VID) DRV - [2007.07.03 17:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2007.07.03 17:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2007.07.03 17:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2007.06.15 12:29:20 | 000,513,152 | ---- | M] (Windows (R) 2000/XP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MusCDriverV32.sys -- (MusCDriverV32) DRV - [2007.06.14 14:41:00 | 000,466,048 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ltn_stk7070P.sys -- (Ltn_stk7070P) DRV - [2007.06.13 19:30:20 | 000,013,440 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ltn_stkrc.sys -- (Ltn_stkrc) DRV - [2007.03.09 01:02:10 | 000,394,192 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant) DRV - [2007.01.18 06:39:20 | 000,050,416 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan) DRV - [2006.06.01 17:22:00 | 003,925,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2005.05.09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX) DRV - [2003.02.14 11:59:00 | 001,169,792 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2002.06.21 10:58:24 | 000,080,896 | ---- | M] (Generic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\stealth.sys -- (Stealth) DRV - [2000.12.05 15:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall) DRV - [2000.07.24 02:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.sony-europe.com/ IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.sony-europe.com/ IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-899700398-3998275365-1438995981-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-899700398-3998275365-1438995981-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-899700398-3998275365-1438995981-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.sony-europe.com/ IE - HKU\S-1-5-21-899700398-3998275365-1438995981-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-899700398-3998275365-1438995981-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-899700398-3998275365-1438995981-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 EB A1 F4 25 33 CB 01 [binary data] IE - HKU\S-1-5-21-899700398-3998275365-1438995981-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-899700398-3998275365-1438995981-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-899700398-3998275365-1438995981-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.26 23:39:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.23 10:50:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.06.15 11:11:56 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2008.08.26 14:52:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Boris Kannowski\Anwendungsdaten\Mozilla\Extensions [2010.09.01 14:44:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Boris Kannowski\Anwendungsdaten\Mozilla\Firefox\Profiles\qfjfltra.default\extensions [2009.08.08 01:53:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Boris Kannowski\Anwendungsdaten\Mozilla\Firefox\Profiles\qfjfltra.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.07.28 11:58:13 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\Boris Kannowski\Anwendungsdaten\Mozilla\Firefox\Profiles\qfjfltra.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.09.01 14:44:54 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2006.08.04 12:17:20 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.08.04 17:37:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.01.24 17:51:59 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.24 17:51:59 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.24 17:51:59 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.24 17:51:59 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.24 17:51:59 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.07.19 17:53:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-899700398-3998275365-1438995981-1005\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-899700398-3998275365-1438995981-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CreativeTaskScheduler] C:\Programme\Creative\Shared Files\CTSched.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DAEMON Tools-1033] D:\Programme\D-Tools\daemon.exe (VeNoM386 and SwENSkE) O4 - HKLM..\Run: [H2O] C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] D:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [StorageGuard] C:\Programme\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [V0330Mon.exe] C:\WINDOWS\V0330Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC) O4 - HKU\S-1-5-21-899700398-3998275365-1438995981-1005..\Run: [Creative WebCam Tray] C:\Programme\Creative\Shared Files\CamTray.exe (Creative Technology Ltd) O4 - HKU\S-1-5-21-899700398-3998275365-1438995981-1005..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\Boris Kannowski\Startmenü\Programme\Autostart\Secunia PSI.lnk = D:\Programme\Secunia\PSI\psi.exe (Secunia) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-899700398-3998275365-1438995981-1005\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-21-899700398-3998275365-1438995981-1005\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-21-899700398-3998275365-1438995981-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-899700398-3998275365-1438995981-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-899700398-3998275365-1438995981-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([] in Lokales Intranet) O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites) O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet) O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites) O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([] in Lokales Intranet) O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([] in Lokales Intranet) O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet) O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([] in Lokales Intranet) O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-899700398-3998275365-1438995981-1005\..Trusted Domains: sony-europe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-899700398-3998275365-1438995981-1005\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-899700398-3998275365-1438995981-1005\..Trusted Domains: vaio-link.com ([]* in Trusted sites) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152564205765 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178894973187 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class) O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} http://simcity.ea.com/play/classic/SimCityX.cab (SimCityX Control) O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine) O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab (Creative Software AutoUpdate Support Package) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - logonui.exe (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - wlnotify.dll - wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - WlNotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - WlNotify.dll - WlNotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - wlnotify.dll (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Boris Kannowski\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Boris Kannowski\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - msnsspc.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2003.06.07 09:42:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2002.06.17 21:40:00 | 000,053,248 | R--- | M] () - G:\autoplay.exe -- [ CDFS ] O32 - AutoRun File - [2001.07.23 21:25:04 | 000,000,047 | R--- | M] () - G:\autorun.inf -- [ CDFS ] O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-899700398-3998275365-1438995981-1005\...exe [@ = exefile] -- Reg Error: Key error. File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010.09.01 15:28:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Boris Kannowski\Eigene Dateien\WG [2010.08.28 07:34:51 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Boris Kannowski\Recent [2010.08.26 13:46:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Boris Kannowski\Desktop\Neuer Ordner [2010.08.23 13:19:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Boris Kannowski\Desktop\getjob.asp-Dateien [2010.08.05 14:46:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Boris Kannowski\Anwendungsdaten\Steinberg [2010.08.05 14:41:18 | 000,487,936 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmbe3260.dll [2010.08.05 14:41:18 | 000,352,768 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pngu3263.dll [2010.08.05 14:41:18 | 000,131,072 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pneng50.dll [2010.08.05 14:41:18 | 000,087,040 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\ra32sipr.dll [2010.08.05 14:41:18 | 000,081,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\ra3214_4.dll [2010.08.05 14:41:18 | 000,072,704 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\ra3228_8.dll [2010.08.05 14:41:18 | 000,021,504 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\ra32dnet.dll [2010.08.05 14:41:17 | 000,130,560 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pnc3250.dll [2010.08.05 14:41:17 | 000,085,504 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\encdnet.dll [2010.08.05 14:41:17 | 000,061,952 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\decdnet.dll [2010.08.05 14:36:18 | 000,033,792 | ---- | C] (Team H2O) -- C:\WINDOWS\System32\drivers\cledx.sys [2010.08.05 14:36:07 | 000,016,896 | ---- | C] (SIA Syncrosoft) -- C:\WINDOWS\System32\drivers\synasUSB.sys [2010.08.05 14:36:06 | 000,045,056 | ---- | C] (SIA Syncrosoft) -- C:\WINDOWS\System32\Synsopos.exe [2010.08.05 14:36:03 | 000,147,456 | ---- | C] (SIA Syncrosoft) -- C:\WINDOWS\System32\SynsoLChk.dll [2010.08.05 14:36:02 | 000,708,608 | ---- | C] (SIA Syncrosoft) -- C:\WINDOWS\System32\SYNSOACC.dll [2010.08.05 14:36:02 | 000,000,000 | ---D | C] -- C:\Programme\Syncrosoft [2010.08.04 17:37:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2010.08.04 17:37:16 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.08.04 17:37:16 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.08.04 17:37:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.08.04 17:37:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010.09.01 16:22:12 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\pugad.sys [2010.09.01 15:48:00 | 000,001,106 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.09.01 15:44:41 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{632195C5-0FBE-4245-B105-4F8225C5CE02}.job [2010.09.01 15:17:42 | 000,000,860 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010.09.01 14:48:07 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.09.01 13:52:15 | 000,000,435 | ---- | M] () -- C:\WINDOWS\system.ini [2010.09.01 12:16:30 | 000,063,804 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010.09.01 11:59:19 | 000,055,080 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml [2010.09.01 11:58:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.09.01 11:58:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.09.01 11:58:42 | 1341,575,168 | -HS- | M] () -- C:\hiberfil.sys [2010.09.01 02:01:43 | 006,553,600 | -H-- | M] () -- C:\Dokumente und Einstellungen\Boris Kannowski\NTUSER.DAT [2010.09.01 02:01:43 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Boris Kannowski\ntuser.ini [2010.08.31 14:15:22 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.08.27 16:31:41 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.08.24 10:37:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.08.23 13:19:51 | 000,022,997 | ---- | M] () -- C:\Dokumente und Einstellungen\Boris Kannowski\Desktop\getjob.asp.htm [2010.08.23 10:50:29 | 000,001,713 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 8.lnk [2010.08.12 06:36:19 | 000,304,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.08.12 00:23:08 | 000,448,470 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.08.12 00:23:08 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.08.12 00:23:08 | 000,079,910 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.08.12 00:23:08 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.08.12 00:23:07 | 000,996,078 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.08.12 00:12:43 | 000,011,836 | ---- | M] () -- C:\Dokumente und Einstellungen\Boris Kannowski\Desktop\Urlaubssachen.docx [2010.08.05 14:46:42 | 000,086,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Boris Kannowski\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT [2010.08.05 14:46:17 | 000,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei4 [2010.08.05 14:46:17 | 000,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei2 [2010.08.05 14:46:17 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei3 [2010.08.05 14:46:17 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei1 [2010.08.05 14:46:17 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei7 [2010.08.05 14:46:17 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei5 [2010.08.05 14:46:17 | 000,000,468 | ---- | M] () -- C:\WINDOWS\System32\Datei0 [2010.08.05 14:46:17 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei9 [2010.08.05 14:46:17 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei8 [2010.08.05 14:46:17 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei10 [2010.08.05 14:46:17 | 000,000,465 | ---- | M] () -- C:\WINDOWS\System32\Datei6 [2010.08.04 16:10:16 | 000,000,544 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg [2010.08.03 15:41:06 | 000,019,600 | ---- | M] () -- C:\Dokumente und Einstellungen\Boris Kannowski\Desktop\schmusende eisbären.jpg [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010.09.01 16:22:12 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\pugad.sys [2010.08.27 11:26:19 | 1341,575,168 | -HS- | C] () -- C:\hiberfil.sys [2010.08.23 13:19:47 | 000,022,997 | ---- | C] () -- C:\Dokumente und Einstellungen\Boris Kannowski\Desktop\getjob.asp.htm [2010.08.09 17:29:09 | 000,011,836 | ---- | C] () -- C:\Dokumente und Einstellungen\Boris Kannowski\Desktop\Urlaubssachen.docx [2010.08.05 14:46:16 | 000,000,471 | ---- | C] () -- C:\WINDOWS\System32\Datei4 [2010.08.05 14:46:16 | 000,000,471 | ---- | C] () -- C:\WINDOWS\System32\Datei2 [2010.08.05 14:46:16 | 000,000,470 | ---- | C] () -- C:\WINDOWS\System32\Datei3 [2010.08.05 14:46:16 | 000,000,470 | ---- | C] () -- C:\WINDOWS\System32\Datei1 [2010.08.05 14:46:16 | 000,000,469 | ---- | C] () -- C:\WINDOWS\System32\Datei7 [2010.08.05 14:46:16 | 000,000,469 | ---- | C] () -- C:\WINDOWS\System32\Datei5 [2010.08.05 14:46:16 | 000,000,468 | ---- | C] () -- C:\WINDOWS\System32\Datei0 [2010.08.05 14:46:16 | 000,000,467 | ---- | C] () -- C:\WINDOWS\System32\Datei9 [2010.08.05 14:46:16 | 000,000,467 | ---- | C] () -- C:\WINDOWS\System32\Datei8 [2010.08.05 14:46:16 | 000,000,467 | ---- | C] () -- C:\WINDOWS\System32\Datei10 [2010.08.05 14:46:16 | 000,000,465 | ---- | C] () -- C:\WINDOWS\System32\Datei6 [2010.08.05 14:36:10 | 000,147,425 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Aide.chm [2010.08.05 14:36:09 | 000,120,468 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Hilfe.chm [2010.08.05 14:36:09 | 000,114,279 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Help.chm [2010.08.04 14:55:40 | 000,000,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg [2010.08.03 15:41:05 | 000,019,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Boris Kannowski\Desktop\schmusende eisbären.jpg [2010.07.17 12:07:58 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys [2010.04.01 13:56:38 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009.01.31 21:41:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini [2008.12.14 19:39:00 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt [2008.12.14 19:11:03 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2008.10.15 21:08:47 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini [2008.10.15 21:02:46 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2008.07.23 18:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008.07.23 18:47:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest [2008.07.23 18:47:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest [2008.07.23 18:46:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2008.06.08 17:19:07 | 000,040,960 | ---- | C] () -- C:\WINDOWS\unS385_.dll [2008.03.03 16:07:26 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat [2008.02.04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2007.10.14 20:48:32 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI [2007.10.14 20:48:32 | 000,000,012 | ---- | C] () -- C:\WINDOWS\Brownie.ini [2007.10.14 20:48:32 | 000,000,011 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI [2007.05.15 19:43:08 | 000,001,343 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache [2007.05.02 19:58:37 | 000,022,168 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc0407.dll [2007.05.02 19:58:37 | 000,018,072 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc0407.dll [2007.02.21 12:00:24 | 000,025,713 | ---- | C] () -- C:\WINDOWS\CSTBox.INI [2007.01.03 02:37:21 | 000,000,192 | ---- | C] () -- C:\WINDOWS\rdrive.ini [2006.12.17 21:01:01 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll [2006.11.26 16:40:03 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2006.10.11 16:00:54 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006.08.13 17:25:55 | 000,000,432 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2006.08.01 12:51:18 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.07.29 22:15:54 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2006.07.29 22:15:54 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2006.07.26 22:54:33 | 000,000,222 | ---- | C] () -- C:\WINDOWS\psui.INI [2006.07.12 16:01:27 | 000,016,902 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini [2006.07.10 23:19:25 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2006.07.10 22:25:56 | 000,102,912 | ---- | C] () -- C:\Dokumente und Einstellungen\Boris Kannowski\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.06.01 17:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006.06.01 17:22:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006.06.01 17:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006.06.01 17:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006.06.01 17:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006.06.01 17:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006.06.01 17:22:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2003.06.08 15:07:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2003.06.08 14:02:38 | 000,000,042 | ---- | C] () -- C:\WINDOWS\AcrobatSetupStatus.ini [2003.06.07 13:51:35 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\cbldrm.dll [2003.06.07 09:46:44 | 000,000,857 | ---- | C] () -- C:\WINDOWS\orun32.ini [2003.06.07 09:45:23 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2003.06.07 09:28:59 | 000,002,893 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2003.03.14 18:49:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2003.02.03 05:26:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll [2002.12.09 17:27:50 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\vxdmdcdlg.dll [2002.09.18 10:43:08 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll [2002.06.06 02:01:58 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll [2002.05.24 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll [2002.05.24 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll [2001.10.28 18:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [color=#E56717]========== LOP Check ==========[/color] [2003.06.08 14:02:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\InterTrust [2007.06.11 19:27:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Age of Empires 3 [2010.07.17 12:06:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hitman Pro [2009.01.20 23:24:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Last.fm [2008.07.06 13:16:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle [2010.07.19 14:40:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SITEguard [2009.05.05 19:04:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Soulseek [2010.08.04 16:21:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\STOPzilla! [2006.11.13 20:49:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint [2008.02.04 16:45:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Yahoo [2009.03.15 19:11:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} [2010.06.15 11:18:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009.09.30 17:05:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009.04.07 10:52:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2006.11.13 20:55:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Boris Kannowski\Anwendungsdaten\acccore [2010.06.16 11:01:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Boris Kannowski\Anwendungsdaten\Anvil Studio [2009.12.16 14:00:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Boris Kannowski\Anwendungsdaten\Canon [2009.10.28 23:05:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Boris Kannowski\Anwendungsdaten\FileZilla [2010.06.17 22:22:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Boris Kannowski\Anwendungsdaten\gtk-2.0 [2008.03.03 17:38:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Boris Kannowski\Anwendungsdaten\InfraRecorder [2003.06.08 14:02:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Boris Kannowski\Anwendungsdaten\InterTrust [2007.01.30 21:27:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Boris Kannowski\Anwendungsdaten\Leadertech [2007.08.23 16:19:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Boris Kannowski\Anwendungsdaten\Meine Die Schlacht um Mittelerde-Dateien [2006.07.11 00:26:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Boris Kannowski\Anwendungsdaten\Musicmatch [2010.07.05 12:17:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Boris Kannowski\Anwendungsdaten\Netscape [2007.02.06 23:06:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Boris Kannowski\Anwendungsdaten\OfficeUpdate12 [2008.12.14 19:46:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Boris Kannowski\Anwendungsdaten\Samsung [2006.08.03 11:15:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Boris Kannowski\Anwendungsdaten\Shareaza [2010.08.05 14:48:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Boris Kannowski\Anwendungsdaten\Steinberg [2008.02.14 12:15:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Boris Kannowski\Anwendungsdaten\Thunderbird [2006.08.02 12:24:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Boris Kannowski\Anwendungsdaten\VERITAS [2003.06.08 14:02:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\InterTrust [2010.09.01 15:44:41 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{632195C5-0FBE-4245-B105-4F8225C5CE02}.job [color=#E56717]========== Purity Check ==========[/color] < End of report > Extras: OTL Extras logfile created on: 01.09.2010 16:23:22 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Dokumente und Einstellungen\Boris Kannowski\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 24,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): C:\pagefile.sys 0 0D:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 27,95 Gb Total Space | 2,11 Gb Free Space | 7,56% Space Free | Partition Type: NTFS Drive D: | 121,10 Gb Total Space | 17,33 Gb Free Space | 14,31% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 648,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BORIS Current User Name: Boris Kannowski Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-21-899700398-3998275365-1438995981-1005\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation) https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "6346:TCP" = 6346:TCP:*:Enabled:Shareaza "6346:UDP" = 6346:UDP:*:Enabled:Shareaza "6348:TCP" = 6348:TCP:*:Enabled:BearShare "6348:UDP" = 6348:UDP:*:Enabled:BearShare [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\MSN Messenger\msnmsgr.exe" = C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 -- File not found "C:\Programme\MSN Messenger\msncall.exe" = C:\Programme\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "D:\Spiele\Age of Mythology\aomx.exe" = D:\Spiele\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion -- (Ensemble Studios) "C:\Programme\Real\RealOne Player\realplay.exe" = C:\Programme\Real\RealOne Player\realplay.exe:*:Enabled:RealOne Player -- (RealNetworks, Inc.) "D:\Programme\Shareaza\Shareaza.exe" = D:\Programme\Shareaza\Shareaza.exe:*:Enabled:Shareaza -- (Shareaza Development Team) "C:\Programme\Warcraft III\Warcraft III.exe" = C:\Programme\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment) "C:\Programme\Warcraft III\War3.exe" = C:\Programme\Warcraft III\War3.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment) "D:\Spiele\EA Games\C & C\game.dat" = D:\Spiele\EA Games\C & C\game.dat:*:Enabled:game -- () "D:\Spiele\NovaLogic\Joint Operations\Jointops.exe" = D:\Spiele\NovaLogic\Joint Operations\Jointops.exe:*:Enabled:Jointops -- () "D:\Spiele\EA Games\Die Schlacht um Mittelerde\game.dat" = D:\Spiele\EA Games\Die Schlacht um Mittelerde\game.dat:*:Enabledie Schlacht um Mittelerde (tm) -- () "C:\Programme\Microsoft Office\Office10\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office10\OUTLOOK.EXE:*isabled:OUTLOOK -- File not found "D:\Programme\SoulseekNS\slsk.exe" = D:\Programme\SoulseekNS\slsk.exe:*:Enabled:Soulseek -- () "D:\Programme\BearShare\BearShare.exe" = D:\Programme\BearShare\BearShare.exe:*:Enabled:BearShare -- File not found "C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation) "C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{0325F1C1-883A-41AB-8981-B27359ABDFAF}" = Joint Operations: Typhoon Rising "{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle "{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = VERITAS Update Manager "{0B468586-EFF0-4011-A611-4CA2BE8D8837}" = USB game controller "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1B0098FF-1816-4F42-8203-FA29F5735596}" = Samsung PC Studio 3 "{1D057E97-A116-4BF9-B307-83C3FBD86515}" = VAIO Clock Screen Saver "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2366D960-F00F-11D3-99D3-00C04FCCB775}" = VAIO System Information "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 21 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox "{3147661C-2807-49EC-B971-3B0F23D95018}" = VAIO DeepSea Wallpaper "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9 "{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10 "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11 "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe "{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm) "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City "{4D1D6640-CD43-4AD9-A52F-E48265DB28E0}" = VAIO BrightColor Wallpaper "{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VOR "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6990A2BF-D1D2-11D3-81BC-00609789C908}" = Sony DV Shared Library "{6E298B0A-558C-4138-0096-740677B382CD}" = HdR Die Rückkehr des Königs tm "{7148F0A8-6813-11D6-A77B-00B0D0142010}" = Java 2 Runtime Environment, SE v1.4.2_01 "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7268EDA7-6165-11D8-B095-009027EC0701}" = X6-38V Dual Analog Rumble Pad "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7C2F71B2-6C73-11D6-B659-00C04F790F76}" = Click to DVD 1.2 "{818FB39B-1A57-4F1B-A54D-391C33D6C586}" = Tropico "{8214CC02-6271-4DC8-B8DD-779933450264}" = VERITAS RecordNow "{83ADC0AC-5EDC-474B-911D-D0E9F8435637}" = Brother HL-2035 "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support "{88C023FB-E7F6-4415-ACEF-82372B8A05A8}" = Samsung USB Driver "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{92B94569-6683-4617-8C54-EB27A1B51B30}" = GTAIII "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2 "{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.4 - Deutsch "{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8 "{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Digimax Master "{B0DC2DA9-2AF9-422A-88E0-1B84E0F65DB5}" = Speed-Link SL-6535 USB Pad "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B184A2F7-3EC8-4B86-8412-27E0D53BA535}" = Philips GoGear HDD Device Manager "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel "{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C1E11C46-E6EB-4BD2-9ADF-2A98ACBEB216}" = iTunes "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3 "{C8E4455F-0F70-4DA2-A9F9-2D56C80E10AD}" = Sibelius Scorch (ActiveX Only) "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{E0DF9B8E-0D6D-45C6-B3C8-5CBD30C0F1CC}" = Sensible Soccer 2006 "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer "{EDB4C5BF-3324-410F-8E1B-60AAB5868CC3}" = DAEMON Tools "{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2 "{EFE6E3B6-8CA9-4837-B292-5F11A80339A9}" = PunkBuster for Joint Operations: Typhoon Rising "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro "{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0 "Adobe Premiere 6 LE" = Adobe Premiere 6 LE "Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2 "Age of Mythology Expansion Pack 1.0" = Age of Mythology Gold "Agere Systems Soft Modem" = Agere Systems AC'97 Modem "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Benutzerhandbuch für Creative WebCam Vista German" = Benutzerhandbuch für Creative WebCam Vista (Deutsch) "Canon Digital Camera USB WIA Driver" = Canon Digital Camera USB WIA Driver "CCleaner" = CCleaner "Creative Live! Cam Center" = Creative Live! Cam Center "Creative Software AutoUpdate" = Creative Software AutoUpdate "Creative VF0330" = Creative WebCam Vista/Live! Cam Chat Driver (1.11.01.00) "Creative WebCam Center" = Creative WebCam Center "DVD Shrink_is1" = DVD Shrink 3.2 "ENTERPRISE" = Microsoft Office Enterprise 2007 "ESET Online Scanner" = ESET Online Scanner v3 "Flight Simulator 9.0" = Microsoft Flight Simulator 2004 - Das Jahrhundert der Luftfahrt "Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.1 "Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1 "Google Updater" = Google Updater "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InfraRecorder" = InfraRecorder "InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle "InstallShield_{0B468586-EFF0-4011-A611-4CA2BE8D8837}" = USB game controller "InstallShield_{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VAIO Online-Registration (Deutsch) "InstallShield_{7268EDA7-6165-11D8-B095-009027EC0701}" = X6-38V Dual Analog Rumble Pad "InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III "InstallShield_{B184A2F7-3EC8-4B86-8412-27E0D53BA535}" = Philips GoGear HDD Device Manager "IrfanView" = IrfanView (remove only) "JPEGCompress_is1" = JPEGCompress 2.9 Evaluation Edition "LastFM_is1" = Last.fm 1.5.4.24567 "Lion_is1" = Lion 3.0.1 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11) "Mozilla Thunderbird (2.0.0.16)" = Mozilla Thunderbird (2.0.0.16) "MP3-Cutter" = MP3-Cutter "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Nero - Burning Rom!UninstallKey" = Nero 6 "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "Picasa 3" = Picasa 3 "PROSet" = Intel(R) PRO Network Adapters and Drivers "RealPlayer 6.0" = RealPlayer "Redirection Port Monitor" = RedMon - Redirection Port Monitor "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "Secunia PSI" = Secunia PSI "Shareaza_is1" = Shareaza Version 2.2.1.0 "Soulseek2" = SoulSeek 157 NS 13d "Steinberg Nuendo v3.2.0.1128" = Steinberg Nuendo v3.2.0.1128 "SyncroSoft Emu" = SyncroSoft Emu (Remove only) "Syncrosoft's License Control" = Syncrosofts Lizenz Kontrolle "SysInfo" = Creative-Systeminformationen "Uninstall_is1" = Uninstall 1.0.0.0 "VDMSound" = VDMSound "ViewpointMediaPlayer" = Viewpoint Media Player "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinGimp-2.0_is1" = GIMP 2.6.8 "WinRAR archiver" = WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XviD_is1" = XviD 1.1 final uninstall "ZoneAlarm" = ZoneAlarm [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-899700398-3998275365-1438995981-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Move Media Player" = Move Media Player "Warcraft III" = Warcraft III: All Products [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 27.08.2010 02:34:43 | Computer Name = BORIS | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung packm.exe, Version 2.4.0.0, fehlgeschlagenes Modul packm.exe, Version 2.4.0.0, Fehleradresse 0x00042037. Error - 27.08.2010 02:38:07 | Computer Name = BORIS | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung packm.exe, Version 2.4.0.0, fehlgeschlagenes Modul packm.exe, Version 2.4.0.0, Fehleradresse 0x00042037. Error - 27.08.2010 02:38:59 | Computer Name = BORIS | Source = Application Error | ID = 1001 Description = Fehlerhafter Speicherbereich 2008399322. Error - 27.08.2010 03:00:46 | Computer Name = BORIS | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung packm.exe, Version 2.4.0.0, fehlgeschlagenes Modul packm.exe, Version 2.4.0.0, Fehleradresse 0x00042037. Error - 27.08.2010 05:26:25 | Computer Name = BORIS | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung packm.exe, Version 2.4.0.0, fehlgeschlagenes Modul packm.exe, Version 2.4.0.0, Fehleradresse 0x00042037. Error - 27.08.2010 06:45:13 | Computer Name = BORIS | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung packm.exe, Version 2.4.0.0, fehlgeschlagenes Modul packm.exe, Version 2.4.0.0, Fehleradresse 0x00042037. Error - 28.08.2010 01:26:17 | Computer Name = BORIS | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung packm.exe, Version 2.4.0.0, fehlgeschlagenes Modul packm.exe, Version 2.4.0.0, Fehleradresse 0x00042037. Error - 30.08.2010 04:11:51 | Computer Name = BORIS | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung packm.exe, Version 2.4.0.0, fehlgeschlagenes Modul packm.exe, Version 2.4.0.0, Fehleradresse 0x00042037. Error - 31.08.2010 08:15:24 | Computer Name = BORIS | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung packm.exe, Version 2.4.0.0, fehlgeschlagenes Modul packm.exe, Version 2.4.0.0, Fehleradresse 0x00042037. Error - 01.09.2010 05:58:47 | Computer Name = BORIS | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung packm.exe, Version 2.4.0.0, fehlgeschlagenes Modul packm.exe, Version 2.4.0.0, Fehleradresse 0x00042037. [ System Events ] Error - 27.08.2010 06:45:30 | Computer Name = BORIS | Source = Service Control Manager | ID = 7023 Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet: %%126 Error - 27.08.2010 06:45:30 | Computer Name = BORIS | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Shell Time" wurde mit folgendem Fehler beendet: %%126 Error - 28.08.2010 01:26:34 | Computer Name = BORIS | Source = Service Control Manager | ID = 7023 Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet: %%126 Error - 28.08.2010 01:26:34 | Computer Name = BORIS | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Shell Time" wurde mit folgendem Fehler beendet: %%126 Error - 30.08.2010 04:12:06 | Computer Name = BORIS | Source = Service Control Manager | ID = 7023 Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet: %%126 Error - 30.08.2010 04:12:06 | Computer Name = BORIS | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Shell Time" wurde mit folgendem Fehler beendet: %%126 Error - 31.08.2010 08:15:39 | Computer Name = BORIS | Source = Service Control Manager | ID = 7023 Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet: %%126 Error - 31.08.2010 08:15:39 | Computer Name = BORIS | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Shell Time" wurde mit folgendem Fehler beendet: %%126 Error - 01.09.2010 05:59:17 | Computer Name = BORIS | Source = Service Control Manager | ID = 7023 Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet: %%126 Error - 01.09.2010 05:59:17 | Computer Name = BORIS | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Shell Time" wurde mit folgendem Fehler beendet: %%126 < End of report > Danke! |
|
|
||
01.09.2010, 17:29
Member
Beiträge: 420 |
#4
Zitat C:\WINDOWS\system32\packm.exe (Spyware.Zbot) -> No action takenHast Du die Funde von Malwarebytes auch entfernen lassen? Wenn nicht, bitte nachholen. 1. Starte bitte OTL, kopiere unten in das Script-Feld rein: Zitat :OTLund klicke auf Run Fix. Unter Umständen ist ein Neustart notwendig. Poste bitte das Fix Log. 2. RootRepeal http://sites.google.com/site/rootrepeal/ Starte RootRepeal. Beende alle anderen Programme. Gehe unten auf den Reiter Report. Klicke auf Scan. Setze alle Häkchen. Bestätige mit OK. Falls gefragt, wähle Laufwerk C: Bestätige mit OK. Am Ende des Scans wird ein Log eingeblendet, poste es bitte. |
|
|
||
01.09.2010, 17:43
Member
Themenstarter Beiträge: 12 |
#5
Die Funde hab ich bereits entfernt. Allerdings stürtzt OTL ab wenn ich Run Fix starte. Der explorer verabschiedet sich und nichts geht mehr. Muss ich hier auch bei Scan All Users, Loop Check und Purity Check ein Häckchen setzen?
|
|
|
||
01.09.2010, 17:50
Member
Beiträge: 420 |
||
|
||
01.09.2010, 21:15
Member
Themenstarter Beiträge: 12 |
#7
Root Repeal hängt sich leider auch auf. Das startet erst gar nicht.
|
|
|
||
01.09.2010, 21:22
Member
Beiträge: 420 |
#8
Probieren wir den:
1. Gmer http://www.gmer.net/ Gmer downloaden, ausführen. Falls eine Abfrage kommt, ob wegen Rootkit-Aktivitäten ein vollständiger Systemscan erwünscht ist, bitte No wählen. Auf der rechten Seite Häkchen entfernen bei IAT/EAT Allen Laufwerken außer C: Show All Auf Scan klicken und das Ende des Scans abwarten. Mit Save kann das Log abgespeichert werden, dieses Log bitte posten. |
|
|
||
01.09.2010, 21:50
Member
Themenstarter Beiträge: 12 |
#9
Gmer startet und fängt auch an zu scannen. Nach einiger Zeit schein es aber einzufrieren, der Mauszeiger ruckelt und nichts geht mehr. Nicht einmal mehr der Taskmanager, so dass ich den Rechner gewaltsam abwürgen musste. Was jetzt?
|
|
|
||
01.09.2010, 22:05
Member
Beiträge: 420 |
#10
Nichts klappt...
Arbeite bitte diese Anleitung ab und poste das Log: http://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird |
|
|
||
01.09.2010, 23:21
Member
Themenstarter Beiträge: 12 |
#11
Nach mehreren Abstürzen scheint Combofix jetzt funktioniert zu haben.
Hier das Logfile: ComboFix 10-09-01.02 - Boris Kannowski 01.09.2010 23:00:55.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1279.844 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\Boris Kannowski\Eigene Dateien\Downloads\ComboFix.exe AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {816BC5DC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {816DA8E4-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {81700A7C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {8915334C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {8921677C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {892C0B5C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {89341874-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {89399CBC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {8941B4E4-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000246-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {80700100-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {811D352C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {812F082C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {813EAAA4-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {813EE50C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8162C964-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81650B64-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81682CB4-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81686674-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81686DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8168E75C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8168F63C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8169D8EC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {816B1DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {816BDDDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {816C8054-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {816CB804-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {816CBBFC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {816D35C4-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {816D3DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {816D7A44-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {816DA984-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {816DB67C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {816DDDDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {816DE59C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {816E86DC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {816EA494-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {816EC3A4-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {816EDDDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {816F0B84-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {816F6714-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {816F757C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {816F8644-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {816F8DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81701DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81716DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81732DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8174BDDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8175069C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81751DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81759054-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81773BFC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8177CBAC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81793A1C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81793ABC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81795984-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8179675C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8179BBFC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {817A2BAC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {817A4BFC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {817A5904-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {817ACCB4-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {817B4DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {817B9B64-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {817BB5DC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {817C1534-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {817CC64C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {817CD594-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {817CE62C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {817D06B4-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {817D5DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {817DD83C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {817EF9EC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {817F0424-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8180A82C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8180E5C4-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8183ADDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81849674-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8185AB64-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8185D964-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81861054-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {818633F4-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {818704D4-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81872734-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8187B75C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8188570C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8188C3DC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8188EB64-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {818976DC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {818994DC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {818AB8EC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {818BE7A4-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {818BEB64-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {818D4B2C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {818EF92C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {818F5054-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8191E474-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8199B7D4-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {819A83AC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {819B9054-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {819DE78C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {819EBA24-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81A03DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81A0935C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81A24054-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88C58DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8905BBFC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8905DA1C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89080DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89081DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89084DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8908A47C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8908ADDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8909B5C4-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8909DDDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {891003EC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {891493B4-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {891663E4-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8917583C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {891D9B64-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {891E6DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89205BFC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89210974-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892113E4-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892119E4-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8921DBFC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89228344-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8922AA44-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8923A47C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89241DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89242DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89244DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89247DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8924A9FC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8925729C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89265BFC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89267A1C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8927CC6C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8927EBFC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89281A1C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8929DDDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892A05CC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892A061C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892A0684-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892A2DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892A6504-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892A7A1C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892A8DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892AC52C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892B35C4-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892B46E4-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892B634C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892BADDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892BDDDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892BEBFC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892C0984-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892C583C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892C5DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892C6DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892C75C4-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892C9BFC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892CB8CC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892CB984-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892CBDDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892D1BFC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892D6484-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892D8DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892D9DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892DC5FC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892DE4B4-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892E3A1C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892E3BFC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892E8B64-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892EB83C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892ED83C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892F047C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892F07A4-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892F0BCC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892F0DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892F3BFC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {892FCA1C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89301DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89306A1C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8930CDDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8930D8F4-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8930F64C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89313A1C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89316DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89318DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8931C864-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8931E3FC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8932447C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89328B64-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89328DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8932CDDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8932E65C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8932E83C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {893336DC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89334BF4-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {893363E4-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89336A1C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89336DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8933A47C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8933ADDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8933B50C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8933D7C4-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8933DA1C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8933DA4C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8933FA54-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89340A1C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89344B64-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {893469BC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8934B83C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8934B8EC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8934D1CC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89350834-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8935083C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8935247C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89357C1C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {893593E4-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8935C7A4-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8935DDDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {893627AC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89362A1C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89362BFC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8936465C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89364DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89368444-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89369984-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89369DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8936D29C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8936EB84-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89370AA4-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89372CE4-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89373BFC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89374A1C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8937629C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89376A1C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89376DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89377BFC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89377DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89378DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {893795BC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8937BDDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8937FDDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {893805C4-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8938465C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89390BFC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89393DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8939646C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {893978EC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89397BFC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8939DBFC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8939EA1C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {893A152C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {893A7DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {893A9DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {893C447C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {893CD83C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {893D265C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {893DE454-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {893E1A1C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {893ECDDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {893F6BFC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {893FC534-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89406A1C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8940E6E4-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89414A4C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {894173B4-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89419A1C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {894203B4-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8943383C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89446B5C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8944D984-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8944F47C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {894576E4-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {894596CC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89461444-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8946DA1C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8946F4FC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89478DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8949B964-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {894B33FC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {894C3664-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {894D9984-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {894DCA1C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {894E92EC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {894EFDDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {894F4B64-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8951155C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8951766C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {895237A4-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8952F3DC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89559A1C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {895A2DDC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {895B083C-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {895CFBFC-FFA4-00DE-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {BADB0D00-FFA4-00DE-0D24-347CA8A3377C} FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . ((((((((((((((((((((((( Dateien erstellt von 2010-08-01 bis 2010-09-01 )))))))))))))))))))))))))))))) . 2010-09-01 15:35 . 2010-09-01 15:35 -------- d-----w- C:\_OTL 2010-08-05 12:46 . 2010-08-05 12:48 -------- d-----w- c:\dokumente und einstellungen\Boris Kannowski\Anwendungsdaten\Steinberg 2010-08-05 12:41 . 2007-12-08 22:32 87040 ----a-w- c:\windows\system32\ra32sipr.dll 2010-08-05 12:41 . 2007-12-08 22:32 81920 ----a-w- c:\windows\system32\ra3214_4.dll 2010-08-05 12:41 . 2007-12-08 22:32 72704 ----a-w- c:\windows\system32\ra3228_8.dll 2010-08-05 12:41 . 2007-12-08 22:32 487936 ----a-w- c:\windows\system32\rmbe3260.dll 2010-08-05 12:41 . 2007-12-08 22:32 352768 ----a-w- c:\windows\system32\pngu3263.dll 2010-08-05 12:41 . 2007-12-08 22:32 21504 ----a-w- c:\windows\system32\ra32dnet.dll 2010-08-05 12:41 . 2007-12-08 22:32 131072 ----a-w- c:\windows\system32\pneng50.dll 2010-08-05 12:41 . 2007-12-08 22:32 85504 ----a-w- c:\windows\system32\encdnet.dll 2010-08-05 12:41 . 2007-12-08 22:32 61952 ----a-w- c:\windows\system32\decdnet.dll 2010-08-05 12:41 . 2007-12-08 22:32 130560 ----a-w- c:\windows\system32\pnc3250.dll 2010-08-05 12:36 . 2005-05-09 18:08 33792 ----a-w- c:\windows\system32\drivers\cledx.sys 2010-08-05 12:36 . 2005-11-03 10:17 16896 ----a-w- c:\windows\system32\drivers\synasUSB.sys 2010-08-05 12:36 . 2005-11-03 15:14 45056 ----a-w- c:\windows\system32\Synsopos.exe 2010-08-05 12:36 . 2005-11-08 09:20 147456 ----a-w- c:\windows\system32\SynsoLChk.dll 2010-08-05 12:36 . 2010-08-05 12:36 -------- d-----w- c:\programme\Syncrosoft 2010-08-05 12:36 . 2005-11-08 18:02 708608 ----a-w- c:\windows\system32\SYNSOACC.dll 2010-08-04 15:37 . 2010-08-04 15:37 503808 ----a-w- c:\dokumente und einstellungen\Boris Kannowski\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1cdffd3a-n\msvcp71.dll 2010-08-04 15:37 . 2010-08-04 15:37 499712 ----a-w- c:\dokumente und einstellungen\Boris Kannowski\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1cdffd3a-n\jmc.dll 2010-08-04 15:37 . 2010-08-04 15:37 348160 ----a-w- c:\dokumente und einstellungen\Boris Kannowski\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1cdffd3a-n\msvcr71.dll 2010-08-04 15:37 . 2010-08-04 15:37 61440 ----a-w- c:\dokumente und einstellungen\Boris Kannowski\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-53d15575-n\decora-sse.dll 2010-08-04 15:37 . 2010-08-04 15:37 12800 ----a-w- c:\dokumente und einstellungen\Boris Kannowski\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-53d15575-n\decora-d3d.dll 2010-08-04 15:37 . 2010-07-17 03:00 423656 ----a-w- c:\windows\system32\deployJava1.dll . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-01 13:17 . 2008-04-22 13:11 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Google Updater 2010-08-27 21:22 . 2006-07-10 22:41 -------- d-----w- c:\dokumente und einstellungen\Boris Kannowski\Anwendungsdaten\Skype 2010-08-27 14:02 . 2008-03-03 14:07 -------- d-----w- c:\dokumente und einstellungen\Boris Kannowski\Anwendungsdaten\skypePM 2010-08-11 22:26 . 2010-08-12 04:36 167424 ----a-w- c:\windows\Internet Logs\xDB7.tmp 2010-08-11 22:24 . 2010-07-28 12:37 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help 2010-08-11 22:23 . 2003-06-07 07:28 79910 ----a-w- c:\windows\system32\perfc007.dat 2010-08-11 22:23 . 2003-06-07 07:28 448470 ----a-w- c:\windows\system32\perfh007.dat 2010-08-05 12:46 . 2006-07-10 21:35 86056 -c--a-w- c:\dokumente und einstellungen\Boris Kannowski\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2010-08-04 15:37 . 2006-09-18 16:14 -------- d-----w- c:\programme\Gemeinsame Dateien\Java 2010-08-04 15:37 . 2006-09-18 16:14 -------- d-----w- c:\programme\Java 2010-08-04 14:23 . 2006-12-08 17:51 -------- d-----w- c:\programme\Yahoo! 2010-08-04 14:21 . 2010-07-19 12:38 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\STOPzilla! 2010-08-04 14:10 . 2010-08-04 12:55 544 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg 2010-08-02 23:45 . 2010-08-03 11:12 37376 ----a-w- c:\windows\Internet Logs\xDB6.tmp 2010-08-02 23:45 . 2010-07-28 12:47 -------- d-----w- c:\programme\Microsoft Works 2010-07-31 21:02 . 2010-08-01 09:33 77312 ----a-w- c:\windows\Internet Logs\xDB5.tmp 2010-07-29 11:39 . 2010-07-29 20:25 26624 ----a-w- c:\windows\Internet Logs\xDB4.tmp 2010-07-28 22:12 . 2010-07-29 09:14 1016320 ----a-w- c:\windows\Internet Logs\xDB3.tmp 2010-07-28 12:47 . 2009-08-06 23:38 -------- d-----w- c:\programme\MSBuild 2010-07-28 12:44 . 2010-07-28 12:44 -------- d-----w- c:\programme\Microsoft.NET 2010-07-28 12:39 . 2010-07-28 12:39 -------- d-----w- c:\programme\Microsoft Visual Studio 8 2010-07-26 18:38 . 2006-09-20 21:08 -------- d-----w- c:\programme\Warcraft III 2010-07-23 15:22 . 2010-07-28 09:58 1496064 ----a-w- c:\dokumente und einstellungen\Boris Kannowski\Anwendungsdaten\Mozilla\Firefox\Profiles\qfjfltra.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2010-07-23 15:22 . 2010-07-28 09:58 43008 ----a-w- c:\dokumente und einstellungen\Boris Kannowski\Anwendungsdaten\Mozilla\Firefox\Profiles\qfjfltra.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2010-07-23 15:22 . 2010-07-28 09:58 338944 ----a-w- c:\dokumente und einstellungen\Boris Kannowski\Anwendungsdaten\Mozilla\Firefox\Profiles\qfjfltra.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2010-07-23 15:22 . 2010-07-28 09:58 346112 ----a-w- c:\dokumente und einstellungen\Boris Kannowski\Anwendungsdaten\Mozilla\Firefox\Profiles\qfjfltra.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2010-07-22 22:19 . 2008-12-05 20:50 -------- d-----w- c:\programme\iTunes 2010-07-22 22:17 . 2010-07-22 22:17 -------- d-----w- c:\programme\iPod 2010-07-22 22:17 . 2007-07-02 20:00 -------- d-----w- c:\programme\Gemeinsame Dateien\Apple 2010-07-22 22:01 . 2010-07-22 22:01 73000 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe 2010-07-22 20:08 . 2003-06-08 12:02 -------- d-----w- c:\programme\Gemeinsame Dateien\Adobe 2010-07-22 19:32 . 2010-07-17 10:07 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-07-20 16:06 . 2010-07-20 16:06 -------- d-----w- c:\programme\ESET 2010-07-19 20:16 . 2010-07-19 20:16 -------- d-----w- c:\dokumente und einstellungen\Boris Kannowski\Anwendungsdaten\Avira 2010-07-19 20:14 . 2010-07-19 20:14 -------- d-----w- c:\programme\Avira 2010-07-19 20:14 . 2009-09-08 18:11 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira 2010-07-19 14:51 . 2006-07-17 11:08 -------- d-----w- c:\programme\Lavasoft 2010-07-19 14:51 . 2010-07-16 14:48 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft 2010-07-19 14:50 . 2006-07-17 11:09 -------- d-----w- c:\dokumente und einstellungen\Boris Kannowski\Anwendungsdaten\Lavasoft 2010-07-19 14:37 . 2010-07-19 14:37 -------- d-----w- c:\dokumente und einstellungen\Boris Kannowski\Anwendungsdaten\Malwarebytes 2010-07-19 14:37 . 2010-07-19 14:37 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-07-19 12:44 . 2010-07-19 12:44 548864 ---ha-w- C:\SZKGFS.dat 2010-07-19 12:40 . 2010-07-19 12:40 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SITEguard 2010-07-19 12:38 . 2010-07-19 12:38 -------- d-----w- c:\programme\Gemeinsame Dateien\iS3 2010-07-17 10:06 . 2010-07-17 10:06 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Hitman Pro 2010-07-16 15:22 . 2010-07-16 15:22 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-07-05 10:17 . 2007-05-20 13:48 -------- d-----w- c:\dokumente und einstellungen\Boris Kannowski\Anwendungsdaten\Netscape 2010-06-30 12:28 . 2003-06-07 07:28 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:22 . 2006-04-28 13:08 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-24 09:02 . 2003-06-07 07:28 1852032 ------w- c:\windows\system32\win32k.sys 2010-06-23 19:33 . 2010-06-23 19:33 501936 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Google\Google Toolbar\Update\gtb2F.tmp.exe 2010-06-21 15:27 . 2003-06-07 07:28 354304 ------w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03 . 2003-06-07 07:28 80384 ------w- c:\windows\system32\iccvid.dll 2010-06-14 14:31 . 2003-06-07 07:40 744448 ------w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe 2010-06-14 07:41 . 2003-06-07 07:28 1172480 ----a-w- c:\windows\system32\msxml3.dll 2010-06-10 23:25 . 2010-06-11 06:39 2694656 ----a-w- c:\windows\Internet Logs\xDB2.tmp 2010-06-06 07:53 . 2007-05-01 20:56 24390140 -c--a-w- c:\windows\Internet Logs\tvDebug.zip . ------- Sigcheck ------- [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys [-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys [-] 2002-08-28 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys [-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys [-] 2002-08-29 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys [-] 2002-08-29 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys [-] 2008-04-14 . 1704D8C4C8807B889E43C649B478A452 . 25216 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys [-] 2008-04-14 . 1704D8C4C8807B889E43C649B478A452 . 25216 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys [-] 2004-08-04 . B128FC0A5CD83F669D5DE4B58F77C7D6 . 25216 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys [-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys [-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys [-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys [-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys [-] 2002-08-29 . E3AE9C79498210A5F39FE5A9AD62BC55 . 561920 . . [5.1.2600.1106] . . c:\windows\I386\NTFS.SYS [-] 2002-08-29 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys [-] 2002-08-29 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys [-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys [-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys [-] 2002-08-29 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB917953_0$\tcpip.sys [-] 2008-04-14 . B42057F06BBB98B31876C0B3F2B54E33 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll [-] 2008-04-14 . B42057F06BBB98B31876C0B3F2B54E33 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll [-] 2004-08-04 . D8653DCD80CF2EBB333FC4FCC43A7DEF . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll [-] 2008-04-14 . AFB8261B56CBA0D86AEB6DF682AF9785 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe [-] 2008-04-14 . AFB8261B56CBA0D86AEB6DF682AF9785 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe [-] 2004-08-04 . 183805EB05BCA5A1E4AAAED4D2BE3690 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe [-] 2008-04-14 . E6D88F1F6745BF00B57E7855A2AB696C . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll [-] 2008-04-14 . E6D88F1F6745BF00B57E7855A2AB696C . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll [-] 2005-08-22 . 1E5218FBE323C375B488318950E10FB4 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2GDR\netman.dll [-] 2005-08-22 . 1E5218FBE323C375B488318950E10FB4 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll [-] 2005-08-22 . 19D9B6B139F09A72AE71758BDF28308E . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll [-] 2004-08-04 . CDF4DA6B518105343FE9E8AFBBF8FBF4 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll [-] 2002-08-29 . 757BD19D8E7BD11621EF0A8A61BFE36E . 154112 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB905414_0$\netman.dll [-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll [-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll [-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll [-] 2004-08-04 . 3A5E54A9AB96EF2D273B58136FB58EFE . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll [-] 2002-08-29 . DDC181CEBABD4838EA51E8E11EC48EE7 . 223232 . . [6.2.2600.1106] . . c:\windows\$NtUninstallKB842773$\qmgr.dll [-] 2009-02-09 . D3D765E8455A961AE567B408F767D4F9 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll [-] 2009-02-09 . 3127AFBF2C1ED0AB14A1BBB7AAECB85B . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll [-] 2009-02-09 . 3127AFBF2C1ED0AB14A1BBB7AAECB85B . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll [-] 2008-04-14 . E970C2296916BF4A2F958680016FE312 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll [-] 2008-04-14 . E970C2296916BF4A2F958680016FE312 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll [-] 2005-07-26 . 891E3E4537C6DFCAE475073FC49CE9CB . 397824 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2GDR\rpcss.dll [-] 2005-07-26 . 891E3E4537C6DFCAE475073FC49CE9CB . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll [-] 2005-07-26 . DBA9F9C00A7A2B45EB8E451C2B6D10E9 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll [-] 2004-08-04 . 9F28FF58D6D67B123272869D89D14004 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB902400$\rpcss.dll [-] 2002-08-29 . 8A9641C5DB29E2AC4986A426F607867C . 260608 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB902400_0$\rpcss.dll [-] 2009-02-09 . A3EDBE9053889FB24AB22492472B39DC . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe [-] 2009-02-09 . A3EDBE9053889FB24AB22492472B39DC . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe [-] 2009-02-09 . F0A7D59AF279326528715B206669B86C . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe [-] 2008-04-14 . 4BB6A83640F1D1792AD21CE767B621C6 . 109056 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe [-] 2008-04-14 . 4BB6A83640F1D1792AD21CE767B621C6 . 109056 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe [-] 2004-08-04 . EDB6B81761BD60F32F740BBC40AFB676 . 108544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe [-] 2008-04-14 . 39356A9CDB6753A6D13A4072A9F5A4BB . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe [-] 2008-04-14 . 39356A9CDB6753A6D13A4072A9F5A4BB . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe [-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe [-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2GDR\spoolsv.exe [-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe [-] 2004-08-04 . 54E7113A4BD696E430919BCAF5C65E06 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe [-] 2002-08-29 . 9B627E6DA0EA47A3A664F69D954831D7 . 51200 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB896423_0$\spoolsv.exe [-] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe [-] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [-] 2004-08-04 . 2B6A0BAF33A9918F09442D873848FF72 . 507392 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe [-] 2008-04-14 . AD28671D1B83A386B070DC451A113C13 . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll [-] 2008-04-14 . AD28671D1B83A386B070DC451A113C13 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll [-] 2006-08-25 . EE82D1393169AC6BDF6016F4EA8D2B79 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll [-] 2004-08-04 . 2CF914215226B3F7FA1AE4A47E4D261C . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll [-] 2002-08-29 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL [-] 2008-04-14 . 611F824E5C703A5A899F84C5F1699E4D . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll [-] 2008-04-14 . 611F824E5C703A5A899F84C5F1699E4D . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll [-] 2004-08-04 . 1A5F9DB98DF7955B4C7CBDBF2C638238 . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll [-] 2008-07-07 20:30 . D68ED3908C7A0DB446111D34AC40DC18 . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll [-] 2008-07-07 20:26 . AF4F6B5739D18CA7972AB53E091CBC74 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll [-] 2008-07-07 20:26 . AF4F6B5739D18CA7972AB53E091CBC74 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll [-] 2008-07-07 20:26 . AF4F6B5739D18CA7972AB53E091CBC74 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll [-] 2008-07-07 20:23 . ADA7241C16F3F42C7F210539FAD5F3AA . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll [-] 2008-07-07 20:16 . 3912BEF896D1D687B6053409E5F5F2A6 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll [-] 2008-04-14 02:22 . 0F3EDAEE1EF97CF3DB2BE23A7289B78C . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll [-] 2008-04-14 02:22 . 0F3EDAEE1EF97CF3DB2BE23A7289B78C . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll [-] 2005-07-26 04:39 . BEBC63622BDC30053A3145EBD90AF450 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2GDR\es.dll [-] 2005-07-26 04:39 . BEBC63622BDC30053A3145EBD90AF450 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll [-] 2005-07-26 04:29 . 0D0F85237E32538F58278D673032676A . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll [-] 2004-08-04 07:57 . 4E1A8645EE77CB9454FFE53C59620A25 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll [-] 2002-08-29 12:00 . 92D83898656F07C53FA69B178F2BD6BE . 225280 . . [2001.12.4414.46] . . c:\windows\$NtUninstallKB902400_0$\es.dll [-] 2008-04-14 . F9954695D246B33A5BF105029A4C6AB6 . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll [-] 2008-04-14 . F9954695D246B33A5BF105029A4C6AB6 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll [-] 2004-08-04 . 94101D13A1818A9D08337EEC12ED277A . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll [-] 2009-03-21 . B055C64AABC1A3E3DE57EC8025CAD283 . 1063424 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll [-] 2009-03-21 . B055C64AABC1A3E3DE57EC8025CAD283 . 1063424 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll [-] 2009-03-21 . 3EB703BFC2ED26A3D8ACB8626AB2C006 . 1065472 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll [-] 2008-04-14 . 4C897C69754D88F496339B1A666907C1 . 1063424 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll [-] 2008-04-14 . 4C897C69754D88F496339B1A666907C1 . 1063424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll [-] 2007-04-16 . 5D0974BD58808FACA5D2C437B6FC8D85 . 1059840 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll [-] 2007-04-16 . 8EEA8280A1E0E794EDFCCAD3721C7CAB . 1058304 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll [-] 2006-07-05 . 0BEFE0BF274818EC0785B7B842967313 . 1058816 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll [-] 2006-07-05 . E42795D2E7725D378EE2A4BFA6FE9DB3 . 1057792 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll [-] 2004-08-04 . E6CD85D0D37416CF138F01F4BB0FC872 . 1057280 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll [-] 2008-04-14 . 5543A9D4A1D0F9F84092482A9373A024 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll [-] 2008-04-14 . 5543A9D4A1D0F9F84092482A9373A024 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll [-] 2005-09-01 . F2AFE60F01040B23207D8EB7DC26EC96 . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll [-] 2005-09-01 . 0E2B88912BF78549D5177A84A3375D52 . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2GDR\linkinfo.dll [-] 2005-09-01 . 0E2B88912BF78549D5177A84A3375D52 . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll [-] 2004-08-04 . 3898FFF548E2968CB3AC5A71D7F4E425 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll [-] 2002-08-29 . 9F3DFB3AB112AD8F45301B1493B491D6 . 15360 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB900725_0$\linkinfo.dll [-] 2008-04-14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll [-] 2008-04-14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll [-] 2004-08-04 . B4AD65C79F85C61D32C015B11E03CAAD . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll [-] 2010-06-24 . 7CF74ED1A2C05369C67531E7855742CF . 5954560 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll [-] 2010-06-24 . AC2E0BBFA7C01FD7CBF858C764B745DE . 5951488 . . [8.00.6001.18939] . . c:\windows\system32\mshtml.dll [-] 2010-06-24 . AC2E0BBFA7C01FD7CBF858C764B745DE . 5951488 . . [8.00.6001.18939] . . c:\windows\system32\dllcache\mshtml.dll [-] 2010-05-06 . 91A9BB7F22F7D21E9C07E995C4E31F74 . 5950976 . . [8.00.6001.18928] . . c:\windows\ie8updates\KB2183461-IE8\mshtml.dll [-] 2010-05-06 . A0091E83B21A4C2627D1DD1A64C1B4B9 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll [-] 2010-02-25 . 2127D9862937DBD40882B9417DEB1837 . 5944832 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll [-] 2010-02-25 . 0A164AB476D7835335220D7A2AE5578B . 5946880 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll [-] 2009-12-21 . A947E6258FB5FBD0E5F58DA9541D7BE3 . 5942784 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\mshtml.dll [-] 2009-12-21 . DDAAECF8E188A0E2DB93842A7D193641 . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll [-] 2009-10-29 . 686E3FB68E8E41CD6B2970E6D49F1E14 . 5940736 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\mshtml.dll [-] 2009-10-29 . 430315D0CAA115EA42EFDF31A93AB5D0 . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll [-] 2009-10-22 . 6FFF8D10D0EF5DBE46B7D035FA4119E4 . 5939712 . . [8.00.6001.18852] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll [-] 2009-10-22 . EFB718C1CD9DD453DEE529DF4F25DBCA . 5943296 . . [8.00.6001.22942] . . c:\windows\$hf_mig$\KB976749-IE8\SP3QFE\mshtml.dll [-] 2009-08-29 . 877EC4221F6AF1F51E24110E064CC71E . 5940224 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976749-IE8\mshtml.dll [-] 2009-08-29 . D8AEC29BD4F4C5A9D85F3ADE9B7F8C3F . 5942272 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll [-] 2009-07-19 . 5267ECEAC80A826F6FC8F092022140DB . 5937152 . . [8.00.6001.18812] . . c:\windows\ie8updates\KB974455-IE8\mshtml.dll [-] 2009-07-19 . 165056346E0A00566A442287DAA7575F . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll [-] 2009-05-13 . CF58DCA3ED911C4C942B941D4ECF6862 . 5936128 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll [-] 2009-05-13 . CF58DCA3ED911C4C942B941D4ECF6862 . 5936128 . . [8.00.6001.22873] . . c:\windows\SoftwareDistribution\Download\6288fd9db6b86408ce7baea2379e011e\SP3QFE\mshtml.dll [-] 2009-05-13 . C671F2C4655B3EB04A07CF04C961DD2D . 5936128 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\mshtml.dll [-] 2009-05-13 . C671F2C4655B3EB04A07CF04C961DD2D . 5936128 . . [8.00.6001.18783] . . c:\windows\SoftwareDistribution\Download\6288fd9db6b86408ce7baea2379e011e\SP3GDR\mshtml.dll [-] 2009-04-29 . A0236D46EFCEF98D6703DD5A76AA1CB2 . 3596288 . . [7.00.6000.16850] . . c:\windows\ie8\mshtml.dll [-] 2009-04-29 . 6770B436928E450F5B4866BDC59549CC . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll [-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\mshtml.dll [-] 2009-02-21 . 77605BDA8141E1F7D3B1321E31CA482B . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll [-] 2009-02-20 . EE15CE7504EB54258F361AD7595E9077 . 3595264 . . [7.00.6000.16825] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll [-] 2009-01-16 . A76EEDA793C9BFC0C1B8C5F3439D8A39 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll [-] 2009-01-16 . B44AC6A49DA4A5BAA7AFEA0AA6E5B967 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll [-] 2008-12-13 . 6C8D1CF85533A3792DCDDAAE42DBB161 . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll [-] 2008-12-13 . E0825D1BC0F0C2B5CA434F7E9CCF10AE . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll [-] 2008-10-17 . AB864B71DF01CC98EAE726DF4BAF73D2 . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll [-] 2008-10-16 . C998B6D5E64E11CE8EA8BB22A51CA570 . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll [-] 2008-08-27 . 4872C0DA25F551A3E869501833754494 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll [-] 2008-08-26 . 21B2247D24C8A61C12CD3BE8F3C30AC8 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll [-] 2008-06-24 . 69AB1CE0E82B8F028EA1DBFD18948DA0 . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll [-] 2008-06-23 . 209A03C0EEF909DFCDCBB56C2BBF91CD . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll [-] 2008-04-23 . 8C70EFE0C266BDBD654531900A753236 . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll [-] 2008-04-23 . 60942CB0B5CADF130FC1795F5FEEE8F5 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll [-] 2008-04-14 . 72AE55A9FFBC60650339CB12E35C7DD5 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll [-] 2008-03-01 . 716D486279235CF9B2C16E3D38B6381D . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll [-] 2008-03-01 . 74F01522E75B943EA2BC6C0C20CCEA5F . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll [-] 2007-12-08 . 8B9C4948BE88BB7DF9CB4709422F6F9F . 3592192 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll [-] 2007-12-07 . 7A978C65E142C65E349C22E6D7E367E5 . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll [-] 2007-10-30 . D7F894D0F9D7662366D1E0EE6800C771 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll [-] 2007-10-30 . 5D9F03E82039EB2BACB33370A707A119 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB944533-IE7\mshtml.dll [-] 2007-08-20 . CD0B02B5A997750D9A6E56CFA02E9257 . 3584512 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\mshtml.dll [-] 2007-08-20 . E5D0E8D922C0809469EE5FDE294E9D48 . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll [-] 2007-07-19 . E8EC18571090C12A013B83BA363364A4 . 3583488 . . [7.00.6000.16525] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll [-] 2007-07-18 . B91AB1E55D77740D500BE0C4B2861844 . 3584000 . . [7.00.6000.20641] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll [-] 2007-05-08 . 07ABB2A695B8F91F7A12BE2BDD3E5932 . 3584000 . . [7.00.6000.20591] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\mshtml.dll [-] 2007-05-08 . CD2DFBDD8C553443DE0EC55552A512C4 . 3583488 . . [7.00.6000.16481] . . c:\windows\ie7updates\KB937143-IE7\mshtml.dll [-] 2007-03-07 . E2F3DEBB0186D233F5354ADDBD12244E . 3581952 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\mshtml.dll [-] 2007-03-07 . 6B700997DA907ED2FD871FC75973986F . 3582976 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\mshtml.dll [-] 2007-01-12 . 5D45318804A30CE9D6EA83066E84B4A7 . 3580416 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\mshtml.dll [-] 2006-11-07 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\mshtml.dll [-] 2006-10-23 . 436E162A6965F7EF0F2A868E1E1A21B2 . 3082240 . . [6.00.2900.3020] . . c:\windows\$hf_mig$\KB925454\SP2QFE\mshtml.dll [-] 2006-10-23 . 436E162A6965F7EF0F2A868E1E1A21B2 . 3082240 . . [6.00.2900.3020] . . c:\windows\ie7\mshtml.dll [-] 2006-10-23 . 18ACEF300FD6748F7310A4E10441D845 . 3076096 . . [6.00.2900.3020] . . c:\windows\$NtUninstallKB925454$\mshtml.dll [-] 2006-09-14 . 04CEC77F09043C0B728E335B3E88FCE5 . 3075584 . . [6.00.2900.2995] . . c:\windows\$NtUninstallKB925454_0$\mshtml.dll [-] 2006-09-14 . A09E8EEAE6D29E90BC292631528EFCDB . 3079680 . . [6.00.2900.2995] . . c:\windows\$hf_mig$\KB922760\SP2QFE\mshtml.dll [-] 2006-07-28 . A395AD5E6C72F198C8E507BC2B27BC6B . 3079168 . . [6.00.2900.2963] . . c:\windows\$hf_mig$\KB918899\SP2QFE\mshtml.dll [-] 2006-07-28 . D5FF36109BAE2B80FEBB5F5C1D6DBB6B . 3075072 . . [6.00.2900.2963] . . c:\windows\$NtUninstallKB922760$\mshtml.dll [-] 2006-05-19 . 6F547E79E536EE68D57C64B074FC54E5 . 3073536 . . [6.00.2900.2912] . . c:\windows\$NtUninstallKB918899$\mshtml.dll [-] 2006-05-19 . EBCB892F2439A5FF6E882816A6EF79F0 . 3076096 . . [6.00.2900.2912] . . c:\windows\$hf_mig$\KB916281\SP2QFE\mshtml.dll [-] 2004-08-04 . CAC51AD576713E5F0CE2251ED3A7FE82 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\mshtml.dll [-] 2004-08-04 . CAC51AD576713E5F0CE2251ED3A7FE82 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB916281$\mshtml.dll [-] 2003-01-07 14:41 . 64EFB7A27A2AE05E560252565AD0ECEC . 2783232 . . [6.00.2800.1141] . . c:\windows\$NtUninstallKB916281-IE6SP1-20060526.162249$\mshtml.dll [-] 2008-04-14 . C6A6E53A0C34EC87883137A6CB87AE5E . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll [-] 2008-04-14 . C6A6E53A0C34EC87883137A6CB87AE5E . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll [-] 2004-08-04 . B30BAA48E5063E71C76280E34E7E4802 . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll [-] 2002-08-29 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL [-] 2008-06-20 . ACD8BD448A74F344D46FCAF21BAB92AF . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll [-] 2008-06-20 . ACD8BD448A74F344D46FCAF21BAB92AF . 247296 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll [-] 2008-06-20 . ACD8BD448A74F344D46FCAF21BAB92AF . 247296 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll [-] 2008-06-20 . 4AA50627B01C0E9C6B4C6BD3AF648F12 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll [-] 2008-06-20 . 774274C487493452DF3B0126DBE7FF3B . 247296 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll [-] 2008-06-20 . EB55B1D9978B61E9913EDCD27EEC4C7C . 247296 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll [-] 2008-04-14 . F12B9D9A069331877D006CC81B4735F9 . 247296 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll [-] 2008-04-14 . F12B9D9A069331877D006CC81B4735F9 . 247296 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll [-] 2004-08-04 . B36E08F680BAE4DFC5C24D00A2DFC9E7 . 247296 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll [-] 2008-04-14 . 0098D35F91DEAB9C127360A877F2CF84 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll [-] 2008-04-14 . 0098D35F91DEAB9C127360A877F2CF84 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll [-] 2004-08-04 . D27395EDCD3416AFD125A9370DCB585C . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll [-] 2010-04-28 . FE9DA2C577DF69771B31183EF5684BE8 . 2192256 . . [5.1.2600.5973] . . c:\windows\Driver Cache\i386\ntoskrnl.exe [-] 2010-04-28 . FE9DA2C577DF69771B31183EF5684BE8 . 2192256 . . [5.1.2600.5973] . . c:\windows\system32\dllcache\ntoskrnl.exe [-] 2010-04-28 . 490911C4B913989D4958543FED2C8F21 . 2148864 . . [5.1.2600.5973] . . c:\windows\system32\ntoskrnl.exe [-] 2010-04-28 . 6AF2E8CEB03F7CB3B8183359563DBB87 . 2192384 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe [-] 2010-02-16 . E1BD0FAFF2C1D0A825CBA97DCF0DDDAE . 2148864 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe [-] 2010-02-16 . 4456016C2FF1A8CCCAC8309C9B76E2F5 . 2192384 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe [-] 2009-12-09 . A97847B2D30F4A299B35239D26BAD948 . 2191616 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe [-] 2009-12-09 . D4128AA197DD8F3120FC80008AB66CF7 . 2147840 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe [-] 2009-08-04 . 96D6882D49438D58B0DE0F7E8C8D241B . 2147840 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe [-] 2009-08-04 . 4B86421F2D85D9A4ECB06885C40B8EEB . 2191616 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe [-] 2009-02-10 . D3453310FC92736E674FFDC6E3F455B7 . 2191488 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe [-] 2009-02-09 . 18D976FE984BDA3DAC8164B05D69205D . 2147840 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe [-] 2008-08-14 . 59282EFE7147C011530E51FF92BA86AC . 2191488 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe [-] 2008-08-14 . 5961DD3AEC44962A76F0D8D895C172F1 . 2147840 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe [-] 2008-04-14 . 354C9291513BCE4D0ED6B0C6A15470F8 . 2191360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe [-] 2008-04-14 . 88077F757C6C793C33408D878B6E0F76 . 2147840 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe [-] 2007-02-28 . E1DE7A10D46959560C3B617227D95C19 . 2184448 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe [-] 2007-02-28 . 495D541A116E7F1B79ED9BD588F54A71 . 2138624 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe [-] 2006-12-19 . 00C476049FECF1D3A05C783015B9B518 . 2184320 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe [-] 2006-12-19 . 6A5F324A815E66FEB3961598EE585EEB . 2138624 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe [-] 2005-03-02 . EB5538A452E0E99169E2B6CDB62FF9D2 . 2181888 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe [-] 2005-03-02 . 7189A2391ADC1F65C9AE87B0ABE0F945 . 2181632 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2GDR\ntoskrnl.exe [-] 2005-03-02 . 3DDC2BC3D32B2FC505D09B8B8974D5BB . 2138112 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntoskrnl.exe [-] 2004-10-28 . E156E88BB379CEDFC982D0DF6D8CC867 . 1902080 . . [5.1.2600.1605] . . c:\windows\$NtUninstallKB890859_0$\ntoskrnl.exe [-] 2004-08-04 . C3EC5DD56E3EB15D80AF9FCEE030CABD . 2150912 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe [-] 2002-08-29 . 772012964E35CFAB814582AF726FD10F . 1893888 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB885835_0$\ntoskrnl.exe [-] 2008-04-14 . C8C0BDABC966B6C24D337DF0A0A399E1 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll [-] 2008-04-14 . C8C0BDABC966B6C24D337DF0A0A399E1 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll [-] 2004-08-04 . 5604574D490B798BD9A946B021A766AD . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll [-] 2008-04-14 . 5132443DF6FC3771A17AB4AE55DCBC28 . 187904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll [-] 2008-04-14 . 5132443DF6FC3771A17AB4AE55DCBC28 . 187904 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll [-] 2004-08-04 . 64DC26B3CF7BCCAD431CE360A4C625D5 . 186880 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll [-] 2008-04-14 . 44161A59DC33AC2EA9C95438ADFFFB7F . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll [-] 2008-04-14 . 44161A59DC33AC2EA9C95438ADFFFB7F . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll [-] 2004-08-04 . F62934BC94299083EBFC8810242D8640 . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll [-] 2008-04-14 . 4FBC75B74479C7A6F829E0CA19DF3366 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe [-] 2008-04-14 . 4FBC75B74479C7A6F829E0CA19DF3366 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe [-] 2004-08-04 . 65A819B121EB6FDAB4400EA42BDFFE64 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe [-] 2008-04-14 . 05903CAC4B98908D55EA5774775B382E . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll [-] 2008-04-14 . 05903CAC4B98908D55EA5774775B382E . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll [-] 2005-07-08 . F07061E18613F336A3120229097F7635 . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll [-] 2005-07-08 . 427D7EB3B453347082C8F4B370065D60 . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2GDR\tapisrv.dll [-] 2005-07-08 . 427D7EB3B453347082C8F4B370065D60 . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll [-] 2004-08-04 . 4584E2A5FE662AB3E7C32936E1449043 . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll [-] 2002-08-29 . 08B6F2F99968D290EF3E711D2E464864 . 233984 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB893756_0$\tapisrv.dll [-] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll [-] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll [-] 2007-03-08 . 78785EFF8CB90CEC1862A4CCFD9A3C3A . 579584 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll [-] 2007-03-08 . 492E166CFD26A50FB9160DB536FF7D2B . 579072 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll [-] 2005-03-02 . 4C90159A69A5FD3EB39C71411F28FCFF . 578560 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll [-] 2005-03-02 . 3751D7CF0E0A113D84414992146BCE6A . 578560 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2GDR\user32.dll [-] 2005-03-02 . 3751D7CF0E0A113D84414992146BCE6A . 578560 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll [-] 2004-08-04 . 56785FD5236D7B22CF471A6DA9DB46D8 . 578560 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll [-] 2002-11-22 . DB15B2FE24ECCE331EA3A954F6F90448 . 530432 . . [5.1.2600.1134] . . c:\windows\$NtUninstallKB890859_0$\user32.dll [-] 2008-04-14 . 788F95312E26389D596C0FA55834E106 . 26624 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe [-] 2008-04-14 . 788F95312E26389D596C0FA55834E106 . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe [-] 2004-08-04 . D1E53DC57143F2584B1DD53B036C0633 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe [-] 2010-06-24 . 1ACB8E6FAD2A8690CBB41D3229A2B27D . 919040 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll [-] 2010-06-24 . 5AC0C1733D8C3DE781002F45A678E0FC . 916480 . . [8.00.6001.18939] . . c:\windows\system32\wininet.dll [-] 2010-06-24 . 5AC0C1733D8C3DE781002F45A678E0FC . 916480 . . [8.00.6001.18939] . . c:\windows\system32\dllcache\wininet.dll [-] 2010-05-06 . 12C5EEBBC10DB644B44131EE3ECBC430 . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2183461-IE8\wininet.dll [-] 2010-05-06 . B5B9887088B8168D52CB28020CF05498 . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll [-] 2010-02-25 . 7857131DA01250E02BEE64F1163F6159 . 916480 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll [-] 2010-02-25 . 3C41EB3A0EC8E2606B6C906993E11C29 . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll [-] 2009-12-21 . F2A70583964128530B7E86B1A13023A7 . 916480 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\wininet.dll [-] 2009-12-21 . 5E3A3EB3BC5849BE4D5FE2B5F1869783 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll [-] 2009-10-29 . 3426FBE495D1825D5C09C84D1E9361C1 . 916480 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\wininet.dll [-] 2009-10-29 . 0A4248E124C88EDD1E0A93AE93E4DB6A . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll [-] 2009-08-29 . 6B985F8E8ACE6A6424BE04A90C1E652A . 916480 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll [-] 2009-08-29 . 11DA6B380B94BAABCFD0854526AFC602 . 916480 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll [-] 2009-07-03 . 3B6D4582FADA3948593C56F96964FEFA . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll [-] 2009-07-03 . 6E3E0C6060EFC8B855DFCBC7AE18B377 . 915456 . . [8.00.6001.18806] . . c:\windows\ie8updates\KB974455-IE8\wininet.dll [-] 2009-05-13 . 13521D5B5A6F1A47459909D32409A369 . 915456 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll [-] 2009-05-13 . 13521D5B5A6F1A47459909D32409A369 . 915456 . . [8.00.6001.22873] . . c:\windows\SoftwareDistribution\Download\6288fd9db6b86408ce7baea2379e011e\SP3QFE\wininet.dll [-] 2009-05-13 . F85681C65CA3CD5D4B0E4CE88FDF6685 . 915456 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\wininet.dll [-] 2009-05-13 . F85681C65CA3CD5D4B0E4CE88FDF6685 . 915456 . . [8.00.6001.18783] . . c:\windows\SoftwareDistribution\Download\6288fd9db6b86408ce7baea2379e011e\SP3GDR\wininet.dll [-] 2009-04-29 . B7E6D6663CB6BC05316FEB978217360D . 827392 . . [7.00.6000.16850] . . c:\windows\ie8\wininet.dll [-] 2009-04-29 . F5D59B0B453F8AF7ADC7AFB34D39C441 . 828928 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll [-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\wininet.dll [-] 2009-03-03 . AF68C6F857EB438770E86FFEE013F04D . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll [-] 2009-03-03 . 9F434E15A82D1322FB6860E317783E57 . 826368 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\wininet.dll [-] 2008-12-20 . 2B5AE9ACD86E1B8B86D62E153DE130AB . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll [-] 2008-12-20 . C3D4047626F8CC8EC7DD7558FA5CC2E2 . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll [-] 2008-10-16 . CBAAEBDFC6F9291D2D31E36FE1AD19AC . 826368 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll [-] 2008-10-16 . 5A1F997EC096EF26F3A3880347F5F9D8 . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll [-] 2008-08-26 . E1F83BCC84D6223965D35AB06B63BBEB . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll [-] 2008-08-26 . B905F284F45675F3019413DFF055C666 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll [-] 2008-06-23 . 7B28D5C8C5C075037F864256E4044B83 . 826368 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll [-] 2008-06-23 . 4F08E6D8C9DDA8ED4346A1857849ADB3 . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll [-] 2008-04-23 . 751EFBEC900CC4E4B41DB6E522B67D41 . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll [-] 2008-04-23 . A5795741E53F72C4A2736BC51007A5D5 . 826368 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll [-] 2008-04-14 . B4AEE98A48917B274FACFB78BBE0BC84 . 671744 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll [-] 2008-03-01 . 32FC70AC1EFFE28DB72FDF1DCC319E72 . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll [-] 2008-03-01 . A7B7383EC19F0C5EBD02CB7826C8488B . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll [-] 2007-12-07 . BA4D7D3098E2BA8AEA34A19BBECF9962 . 824832 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\wininet.dll [-] 2007-12-07 . 16EF6865A405134CE64A3AA6CEF6C69F . 825344 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll [-] 2007-10-10 . FA5FA22E6F36F8453E9377810B3F9939 . 824832 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\wininet.dll [-] 2007-10-10 . 6A1AEF7B9E513ACB566B16B0BA133C7C . 825344 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll [-] 2007-08-20 . CAFC9797228843012CED767D24D8DCFC . 824832 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\wininet.dll [-] 2007-08-20 . 283D85F8192FA54F2CA978B659965739 . 825344 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll [-] 2007-06-27 . 17D39B59E2E3740058AE3FBCD432CEDE . 824320 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll [-] 2007-06-27 . 0D58CEBD30684B481C8DF3DA69375410 . 823808 . . [7.00.6000.16512] . . c:\windows\ie7updates\KB939653-IE7\wininet.dll [-] 2007-04-25 . 26DB81279FED58D5199235C26D4836E2 . 823808 . . [7.00.6000.20583] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll [-] 2007-04-25 . 4E9436B0301B0451ED2FB29364AB090F . 822784 . . [7.00.6000.16473] . . c:\windows\ie7updates\KB937143-IE7\wininet.dll [-] 2007-03-07 . C601BD2849927D44F8549F720CFA14D3 . 822784 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\wininet.dll [-] 2007-03-07 . 4EF1AE9A4D801AB63EC752478247BFCE . 823296 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll [-] 2007-01-12 . BE43D00D802C92F01C8CC952C6F483F8 . 822784 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\wininet.dll [-] 2006-11-07 . 92995334F993E6E49C25C6D02EC04401 . 818688 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\wininet.dll [-] 2006-10-23 . 47BBFEB4909D45064A992C3068610B06 . 670208 . . [6.00.2900.3020] . . c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll [-] 2006-10-23 . 47BBFEB4909D45064A992C3068610B06 . 670208 . . [6.00.2900.3020] . . c:\windows\ie7\wininet.dll [-] 2006-10-23 . 0EB2D621DCBC6ED6D5B48867455A165C . 664576 . . [6.00.2900.3020] . . c:\windows\$NtUninstallKB925454$\wininet.dll [-] 2006-09-14 . 792DF201F5E3DBE2C91BC40DE0F62972 . 664576 . . [6.00.2900.2995] . . c:\windows\$NtUninstallKB925454_0$\wininet.dll [-] 2006-09-14 . C98F3024049AAEAFAE1340D94C16FDC8 . 670208 . . [6.00.2900.2995] . . c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll [-] 2006-06-23 . 05E47EA6708BD99DF2D8E4ABD55DF079 . 670208 . . [6.00.2900.2937] . . c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll [-] 2006-06-23 . 9A73CA7A43AB311CAC76686ADD9D946F . 664576 . . [6.00.2900.2937] . . c:\windows\$NtUninstallKB922760$\wininet.dll [-] 2006-05-10 . 2E9FFFC696613E2E38F2263ADE718C67 . 669184 . . [6.00.2900.2904] . . c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll [-] 2006-05-10 . A9E5A84A1BDF70A51B568DFDD73395AC . 664064 . . [6.00.2900.2904] . . c:\windows\$NtUninstallKB918899$\wininet.dll [-] 2004-08-04 . B1A1DA99C4A6EBFD59F86A453BF02F39 . 662016 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\wininet.dll [-] 2004-08-04 . B1A1DA99C4A6EBFD59F86A453BF02F39 . 662016 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB916281$\wininet.dll [-] 2002-08-29 . E332E1BBF073BDD18742B9A0DB6F208A . 604672 . . [6.00.2800.1106] . . c:\windows\$NtUninstallKB916281-IE6SP1-20060526.162249$\wininet.dll [-] 2008-04-14 . 6A35E2D6F5F052C84EC2CEB296389439 . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll [-] 2008-04-14 . 6A35E2D6F5F052C84EC2CEB296389439 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll [-] 2004-08-04 . D569240A22421D5F670BB6FB6DD522B5 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll [-] 2008-04-14 . C7D8A0517CBF16B84F657DE87EBE9D4B . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll [-] 2008-04-14 . C7D8A0517CBF16B84F657DE87EBE9D4B . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll [-] 2004-08-04 . B3ADA72D1E3E10A8F6430669DFC38ED0 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll [-] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe [-] 2007-06-13 . 64D320C0E301EEDC5A4ADBBDC5024F7F . 1036288 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe [-] 2007-06-13 . 331ED93570BAF3CFE30340298762CD56 . 1036288 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe [-] 2004-08-04 . 22FE1BE02EADDE1632E478E4125639E0 . 1035264 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe [-] 2008-04-14 . E08D638BA3D3DD6DF6E31216AB66AE0B . 1287680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll [-] 2008-04-14 . E08D638BA3D3DD6DF6E31216AB66AE0B . 1287680 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll [-] 2005-07-26 . CC50261CA5DC93A47D6CF548C4223F44 . 1285120 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2GDR\ole32.dll [-] 2005-07-26 . CC50261CA5DC93A47D6CF548C4223F44 . 1285120 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll [-] 2005-07-26 . 24EDF93FD04CA1A98D32F092DD4F9953 . 1286144 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll [-] 2004-08-04 . D700449AD3045E81680C25A79620A171 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB902400$\ole32.dll [-] 2002-08-29 . 1939585CD6397404049BD9A8B386CFB2 . 1170432 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB902400_0$\ole32.dll [-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll [-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll [-] 2004-08-04 . 015F302C4CF961F20C3F98F3A7CA7917 . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll [-] 2008-04-14 . EDAFBE25FB6480CE68F688BA691890DC . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe [-] 2008-04-14 . EDAFBE25FB6480CE68F688BA691890DC . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe [-] 2004-08-04 . 7D3E0BEB62799112F5C9FF717D72BF29 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe [-] 2008-04-14 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll [-] 2008-04-14 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll [-] 2004-08-04 . 8302DE1C64618D72346DD0034DBC5D9B . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll [-] 2008-04-14 . 04955AA695448C181B367D964AF158AA . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll [-] 2008-04-14 . 04955AA695448C181B367D964AF158AA . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll [-] 2004-08-04 . B932C077D5A65B71B4512544AC404CB4 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll [-] 2008-04-14 . 5251425B86EA4A3532B8BB8D14044E61 . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll [-] 2008-04-14 . 5251425B86EA4A3532B8BB8D14044E61 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll [-] 2004-08-04 . 80F7B7198B869C07C98627AF812D68B6 . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll [-] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe [-] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe [-] 2004-08-04 . 7CE20569925DF6789C31799F0C538F29 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe [-] 2008-04-14 . 40602EBFBE06AA075C8E4560743F6883 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll [-] 2008-04-14 . 40602EBFBE06AA075C8E4560743F6883 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll [-] 2006-12-19 . 521A4CB71CC419FDF60DB83E7308AE2B . 135168 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll [-] 2006-12-19 . B5B37E7C51A551F60A1254E63C878FA9 . 135680 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll [-] 2004-08-04 . BAC5F7F0C2B8C1B9832594851E0F9914 . 135168 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll [-] 2002-08-29 . 7EC2C35D93BC55C5F8B9A345804B296C . 116224 . . [6.00.2800.1106] . . c:\windows\$NtUninstallKB885835_0$\shsvcs.dll [-] 2008-04-14 . E4CD1F3D84E1C2CA0B8CF7501E201593 . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll [-] 2008-04-14 . E4CD1F3D84E1C2CA0B8CF7501E201593 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll [-] 2004-08-04 . AE81CF7D7CFA79CD03E8FB99788A7E09 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll [-] 2008-04-14 . A050194A44D7FA8D7186ED2F4E8367AE . 193536 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll [-] 2008-04-14 . A050194A44D7FA8D7186ED2F4E8367AE . 193536 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll [-] 2004-08-04 . D5E73842F38E24457C63FEF8CEFFBE19 . 192000 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll [-] 2008-04-14 . 4DF5B05DFAEC29E13E1ED6F6EE12C500 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll [-] 2008-04-14 . 4DF5B05DFAEC29E13E1ED6F6EE12C500 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll [-] 2004-08-04 . 6FA03B462B2FFFE2627171B7FE73EE29 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll [-] 2008-04-14 . B7DE02C863D8F5A005A7BF375375A6A4 . 297472 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll [-] 2008-04-14 . B7DE02C863D8F5A005A7BF375375A6A4 . 297472 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll [-] 2004-08-04 . 1850BC10DE5DCCCEDE063FC2D0F2CEDA . 297472 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll [-] 2002-08-29 . 9E1CA3160DAFB159CA14F83B1E317F75 . 12160 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys [-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys [-] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys [-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys [-] 2001-08-17 . 65880045C51AA36184841CEE915A61DF . 25472 . . [5.1.2600.0] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\AGP440.SYS [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys [-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys [-] 2008-04-14 02:22 . ACC19BA6876AF18768EE87931CAD14E2 . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll [-] 2008-04-14 02:22 . ACC19BA6876AF18768EE87931CAD14E2 . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll [-] 2006-11-01 19:17 . B80F1D82969BD31392F1867936E96448 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll [-] 2002-08-29 12:00 . 31DD27AB47F62D383505F35CA972748B . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll [-] 2008-04-14 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll [-] 2008-04-14 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll [-] 2004-08-04 . E5215AB942C5AC5F7EB0E54871D7A27C . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll [-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll [-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll [-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll [-] 2004-08-04 07:57 . D68CC4EBF7B03FD770D5962295AD814E . 52736 . . [9.0.1.56] . . c:\windows\ServicePackFiles\i386\mspmsnsv.dll [-] 2002-12-12 13:05 . 9F39F1C2EF9C4EB1D8FB1AE8F901F26D . 52736 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll [-] 2010-04-28 . 4EACA49489EB3C4A2E83C5546EB5884C . 2069248 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe [-] 2010-04-28 . 989290FBD9A7E90CD8B8E9C96817804D . 2069120 . . [5.1.2600.5973] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe [-] 2010-04-28 . 989290FBD9A7E90CD8B8E9C96817804D . 2069120 . . [5.1.2600.5973] . . c:\windows\system32\dllcache\ntkrnlpa.exe [-] 2010-04-28 . 6D8D53C3EE866AB72AC73A68808E7371 . 2027008 . . [5.1.2600.5973] . . c:\windows\system32\ntkrnlpa.exe [-] 2010-02-16 . 1DFCBCFD1C9016C051BE6D7243459CCA . 2027008 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe [-] 2010-02-16 . CEE28C8C47E52F185F9F8F3A2E31880C . 2069248 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe [-] 2009-12-09 . 2E72317A93EF61138E43DCF7CD423EDF . 2068480 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe [-] 2009-12-09 . 1143EBE276EA80A88942A21613078088 . 2026496 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe [-] 2009-08-04 . C50ED62BB5CDC5AD4F3985ED39C6AE87 . 2068480 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe [-] 2009-08-04 . 1FF1F43613BA7510A5A975ED034EB8E0 . 2026496 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe [-] 2009-02-09 . 43FBA8A9CBEEA36EA95AF77CD538200A . 2026496 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe [-] 2009-02-09 . 1F9DA92672B8B5720C5FB1E87D8F249F . 2068480 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe [-] 2008-08-14 . C789B5AEA9AB71C5BEF6DD568F744842 . 2068352 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe [-] 2008-08-14 . 13334FAF18AB3B9083B8DD8A668B8BB6 . 2026496 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe [-] 2008-04-14 . FEFB3BDA35CF469809B0C89AB6833AFC . 2026496 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe [-] 2008-04-14 . E51980EF65CED4490A7395A06C08DA34 . 2068224 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe [-] 2007-02-28 . 9B9CA27AD315C02B71510238574894B2 . 2061696 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe [-] 2007-02-28 . 9DC58C5BDEDCCB8298C8A2D6D4996EC4 . 2018304 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe [-] 2006-12-19 . D3767E1A7E6674CE671A8A8254945C29 . 2061696 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe [-] 2006-12-19 . 88AAFAF5EF9D304C132EE60C8240A93F . 2018304 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe [-] 2005-03-02 . AE8364004BBFD70461D2EF34888D3360 . 2059264 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe [-] 2005-03-02 . A3724446ACB9DE8D890CFABD146CD0AD . 2017792 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe [-] 2005-03-02 . BDFF8FFA77EE7DF9758EF8C1E0DA8EFF . 2059136 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2GDR\ntkrnlpa.exe [-] 2004-10-28 . 0ADEBB9A529BFBC2F942FEA5B9FCB3F4 . 1930752 . . [5.1.2600.1605] . . c:\windows\$NtUninstallKB890859_0$\ntkrnlpa.exe [-] 2004-08-04 . F8D35488D41B19A306A454FFC0ED0336 . 2017792 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe [-] 2002-08-29 . 76078E724B9026E368998E76C3A493C7 . 1922560 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB885835_0$\ntkrnlpa.exe [-] 2008-04-14 02:22 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll [-] 2008-04-14 02:22 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll [-] 2004-08-04 07:57 . 428AA946A8D9F32DBB4260C8E6E13377 . 438272 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll [-] 2008-04-14 . 1DFD8975D8C89214B98D9387C1125B49 . 186880 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll [-] 2008-04-14 . 1DFD8975D8C89214B98D9387C1125B49 . 186880 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll [-] 2007-02-05 . 5C686B95470AC24E133AB4DAC4639A6C . 185856 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll [-] 2007-02-05 . 855790C1BACED245A6B210AF430ED17B . 185856 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll [-] 2004-08-04 . 09D4A2D7C5A8ABEC227D118765FAADDF . 185856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll [-] 2008-04-14 . 9236E736EDB57BE7D1EF6274410E3BAC . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll [-] 2008-04-14 . 9236E736EDB57BE7D1EF6274410E3BAC . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll [-] 2004-08-04 . 7DB3393F98E4211F5CE8F003DE0615CF . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll [-] 2002-12-11 22:14 . CA6CC3A47D8813208CEE02EB40DACA21 . 355328 . . [5.3.0000000.900 built by: DIRECTX] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound.dll [-] 2008-04-14 . 36969CF86E51EC8ED202B40F2FA80AA6 . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll [-] 2008-04-14 . 36969CF86E51EC8ED202B40F2FA80AA6 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll [-] 2004-08-04 . 20AE7889467887B869F30308EEED9A2A . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll [-] 2008-04-14 . 4A37188B83B00DD9CFBA049687AD0DAF . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll [-] 2008-04-14 . 4A37188B83B00DD9CFBA049687AD0DAF . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll [-] 2004-08-04 . CAC545A56482DE01640E6B791DE19944 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll [-] 2002-12-11 22:14 . 61CC64C43BEC193100E3722F6CF4B1E1 . 284160 . . [5.3.0000000.900 built by: DIRECTX] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddraw.dll [-] 2008-04-14 02:22 . 5D7F5A46975D2E59A6FECB6C231D200F . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll [-] 2008-04-14 02:22 . 5D7F5A46975D2E59A6FECB6C231D200F . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll [-] 2004-08-04 07:57 . 1404D3DD4ED4F5E2A938B43794049A81 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll [-] 2008-04-14 . C47FD93010649AC0D79022D9B69ADBE4 . 41984 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll [-] 2008-04-14 . C47FD93010649AC0D79022D9B69ADBE4 . 41984 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll [-] 2004-08-04 . 007BFD01772B5202C5CE4F208A2F3F46 . 41984 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 68856] "Creative WebCam Tray"="c:\programme\Creative\Shared Files\CamTray.exe" [2005-10-27 299008] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AGRSMMSG"="AGRSMMSG.exe" [2003-02-14 88107] "StorageGuard"="c:\programme\VERITAS Software\Update Manager\sgtray.exe" [2002-06-17 155648] "SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552] "ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184] "ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-06-16 81920] "DAEMON Tools-1033"="d:\programme\D-Tools\daemon.exe" [2002-06-19 73728] "ZoneAlarm Client"="c:\programme\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 919280] "CreativeTaskScheduler"="c:\programme\Creative\Shared Files\CTSched.exe" [2006-01-09 53340] "V0330Mon.exe"="c:\windows\V0330Mon.exe" [2007-04-30 32768] "Adobe Photo Downloader"="c:\programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-16 63712] "AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-03-17 421888] "Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368] "Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560] "avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] "iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-07-16 141608] "GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "H2O"="c:\programme\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\dokumente und einstellungen\Boris Kannowski\Startmen\Programme\Autostart\ Secunia PSI.lnk - d:\programme\Secunia\PSI\psi.exe [2010-5-28 911920] c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\ Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Spiele\\Age of Mythology\\aomx.exe"= "c:\\Programme\\Real\\RealOne Player\\realplay.exe"= "d:\\Programme\\Shareaza\\Shareaza.exe"= "c:\\Programme\\Warcraft III\\Warcraft III.exe"= "c:\\Programme\\Warcraft III\\War3.exe"= "d:\\Spiele\\EA Games\\C & C\\game.dat"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\Spiele\\NovaLogic\\Joint Operations\\Jointops.exe"= "d:\\Spiele\\EA Games\\Die Schlacht um Mittelerde\\game.dat"= "d:\\Programme\\SoulseekNS\\slsk.exe"= "c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Programme\\Bonjour\\mDNSResponder.exe"= "c:\\Programme\\iTunes\\iTunes.exe"= "c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Programme\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6346:TCP"= 6346:TCP:Shareaza "6346:UDP"= 6346:UDP:Shareaza "6348:TCP"= 6348:TCP:BearShare "6348:UDP"= 6348:UDP:BearShare R0 Stealth;Stealth;c:\windows\system32\drivers\stealth.sys [21.06.2002 10:58 80896] R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [19.07.2010 22:14 135336] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [05.08.2010 14:36 33792] R3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [03.12.2007 22:41 157696] S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [07.08.2009 21:28 133104] S3 Ltn_stk7070P;PCTV based TV tuner device;c:\windows\system32\drivers\Ltn_stk7070P.sys [06.07.2008 12:58 466048] S3 Ltn_stkrc;PCTV Infrared Receiver;c:\windows\system32\drivers\Ltn_stkrc.sys [06.07.2008 12:58 13440] S3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [30.06.2007 15:46 513152] S3 pfsvgae;pfsvgae;\??\c:\dokume~1\BORISK~1\LOKALE~1\Temp\pfsvgae.sys --> c:\dokume~1\BORISK~1\LOKALE~1\Temp\pfsvgae.sys [?] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [28.05.2010 13:04 14896] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [01.04.2010 13:56 691696] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs pskkrb . Inhalt des "geplante Tasks" Ordners 2010-08-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2010-09-01 c:\windows\Tasks\Google Software Updater.job - c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 13:21] 2010-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programme\Google\Update\GoogleUpdate.exe [2009-08-07 19:27] 2010-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programme\Google\Update\GoogleUpdate.exe [2009-08-07 19:27] 2010-09-01 c:\windows\Tasks\User_Feed_Synchronization-{632195C5-0FBE-4245-B105-4F8225C5CE02}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.club-vaio.sony-europe.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: sony-europe.com Trusted Zone: sonystyle-europe.com Trusted Zone: vaio-link.com DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\dokumente und einstellungen\Boris Kannowski\Anwendungsdaten\Mozilla\Firefox\Profiles\qfjfltra.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.de FF - component: c:\dokumente und einstellungen\Boris Kannowski\Anwendungsdaten\Mozilla\Firefox\Profiles\qfjfltra.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - plugin: c:\dokumente und einstellungen\Boris Kannowski\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll FF - plugin: c:\programme\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\programme\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll FF - plugin: c:\programme\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\programme\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\programme\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\programme\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\programme\Real\RealOne Player\Netscape6\nppl3260.dll FF - plugin: c:\programme\Real\RealOne Player\Netscape6\nprjplug.dll FF - plugin: c:\programme\Real\RealOne Player\Netscape6\nprpjplug.dll FF - plugin: c:\programme\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - plugin: d:\programme\Google\Picasa3\npPicasa3.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); . - - - - Entfernte verwaiste Registrierungseinträge - - - - WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-01 23:09 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A18F01C]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf765bf28 \Driver\ACPI -> ACPI.sys @ 0xf75adcb8 \Driver\atapi -> 0x8a18f01c IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a ParseProcedure -> ntoskrnl.exe @ 0x80578f7a \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a ParseProcedure -> ntoskrnl.exe @ 0x80578f7a Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Zeit der Fertigstellung: 2010-09-01 23:15:05 ComboFix-quarantined-files.txt 2010-09-01 21:15 Vor Suchlauf: 2.980.364.288 Bytes frei Nach Suchlauf: 3.352.309.760 Bytes frei - - End Of File - - 17E4A77B3C4BB12F00648869AC111981 |
|
|
||
01.09.2010, 23:43
Member
Beiträge: 420 |
#12
Mh,
immerhin etwas. MBRCheck http://ad13.geekstogo.com/MBRCheck.exe Speichere es bitte auf dem Desktop und führe es aus. Wenn am Ende des Scans Optionen zur Auswahl erscheinen, drücke bitte N. Auf dem Desktop sollte nun ein Log zu finden sein, poste es bitte. |
|
|
||
01.09.2010, 23:57
Member
Themenstarter Beiträge: 12 |
#13
Hier das Logfile von MBRCheck
MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows XP Home Edition Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000007d Kernel Drivers (total 126): 0x804D7000 \WINDOWS\system32\ntoskrnl.exe 0x80700000 \WINDOWS\system32\hal.dll 0xF7987000 \WINDOWS\system32\KDCOM.DLL 0xF7897000 \WINDOWS\system32\BOOTVID.dll 0xF75A7000 ACPI.sys 0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS 0xF7596000 pci.sys 0xF75F7000 ohci1394.sys 0xF7607000 \WINDOWS\System32\DRIVERS\1394BUS.SYS 0xF7617000 isapnp.sys 0xF7A4F000 pciide.sys 0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS 0xF7627000 MountMgr.sys 0xF74D7000 ftdisk.sys 0xF770F000 PartMgr.sys 0xF7637000 VolSnap.sys 0xF74C3000 stealth.sys 0xF74AB000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS 0xF7493000 atapi.sys 0xF7647000 disk.sys 0xF7657000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS 0xF7473000 fltmgr.sys 0xF7461000 sr.sys 0xF7667000 PxHelp20.sys 0xF7870000 KSecDD.sys 0xF7B52000 Ntfs.sys 0xF7843000 NDIS.sys 0xF782F000 srescan.sys 0xF796D000 Mup.sys 0xF7677000 agp440.sys 0xF76A7000 \SystemRoot\System32\DRIVERS\nic1394.sys 0xF7401000 \SystemRoot\System32\DRIVERS\intelppm.sys 0xB9A95000 \SystemRoot\System32\DRIVERS\nv4_mini.sys 0xB9A81000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS 0xF77DF000 \SystemRoot\System32\DRIVERS\usbuhci.sys 0xB9A5D000 \SystemRoot\System32\DRIVERS\USBPORT.SYS 0xF77E7000 \SystemRoot\System32\DRIVERS\usbehci.sys 0xB9A39000 \SystemRoot\System32\DRIVERS\e100b325.sys 0xF7887000 \SystemRoot\System32\DRIVERS\i8042prt.sys 0xF77EF000 \SystemRoot\System32\DRIVERS\kbdclass.sys 0xF77F7000 \SystemRoot\System32\DRIVERS\mouclass.sys 0xF77FF000 \SystemRoot\System32\DRIVERS\fdc.sys 0xB9A25000 \SystemRoot\System32\DRIVERS\parport.sys 0xBA282000 \SystemRoot\System32\DRIVERS\imapi.sys 0xBA272000 \SystemRoot\System32\DRIVERS\cdrom.sys 0xBA262000 \SystemRoot\System32\DRIVERS\redbook.sys 0xB9A02000 \SystemRoot\System32\DRIVERS\ks.sys 0xF7807000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys 0xB997D000 \SystemRoot\system32\drivers\smwdm.sys 0xB9959000 \SystemRoot\system32\drivers\portcls.sys 0xBA252000 \SystemRoot\system32\drivers\drmk.sys 0xF799F000 \SystemRoot\system32\drivers\aeaudio.sys 0xB983B000 \SystemRoot\System32\DRIVERS\AGRSM.sys 0xF780F000 \SystemRoot\System32\Drivers\Modem.SYS 0xB9E59000 \SystemRoot\System32\DRIVERS\audstub.sys 0xBA242000 \SystemRoot\System32\DRIVERS\rasl2tp.sys 0xF794B000 \SystemRoot\System32\DRIVERS\ndistapi.sys 0xB9824000 \SystemRoot\System32\DRIVERS\ndiswan.sys 0xBA232000 \SystemRoot\System32\DRIVERS\raspppoe.sys 0xBA222000 \SystemRoot\System32\DRIVERS\raspptp.sys 0xF7817000 \SystemRoot\System32\DRIVERS\TDI.SYS 0xB9813000 \SystemRoot\System32\DRIVERS\psched.sys 0xBA212000 \SystemRoot\System32\DRIVERS\msgpc.sys 0xF781F000 \SystemRoot\System32\DRIVERS\ptilink.sys 0xF773F000 \SystemRoot\System32\DRIVERS\raspti.sys 0xBA202000 \SystemRoot\System32\DRIVERS\termdd.sys 0xF79A1000 \SystemRoot\System32\DRIVERS\swenum.sys 0xB9765000 \SystemRoot\System32\DRIVERS\update.sys 0xBA7F4000 \SystemRoot\System32\DRIVERS\mssmbios.sys 0xBA1F2000 \SystemRoot\system32\DRIVERS\cledx.sys 0xF76C7000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF76D7000 \SystemRoot\System32\DRIVERS\usbhub.sys 0xF79A5000 \SystemRoot\System32\DRIVERS\USBD.SYS 0xF7747000 \SystemRoot\System32\DRIVERS\flpydisk.sys 0xF79A9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xBA362000 \SystemRoot\System32\Drivers\Null.SYS 0xF79AB000 \SystemRoot\System32\Drivers\Beep.SYS 0xF7757000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xF775F000 \SystemRoot\System32\drivers\vga.sys 0xF79AD000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF79AF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF7767000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF776F000 \SystemRoot\System32\Drivers\Npfs.SYS 0xBA7C0000 \SystemRoot\System32\DRIVERS\rasacd.sys 0xB845A000 \SystemRoot\System32\DRIVERS\ipsec.sys 0xB8401000 \SystemRoot\System32\DRIVERS\tcpip.sys 0xB83B1000 \SystemRoot\System32\DRIVERS\netbt.sys 0xB838B000 \SystemRoot\System32\DRIVERS\ipnat.sys 0xF76E7000 \SystemRoot\System32\DRIVERS\wanarp.sys 0xB832C000 \SystemRoot\System32\vsdatant.sys 0xF76F7000 \SystemRoot\System32\DRIVERS\arp1394.sys 0xB830A000 \SystemRoot\System32\drivers\afd.sys 0xF7586000 \SystemRoot\System32\DRIVERS\netbios.sys 0xF7777000 \SystemRoot\System32\Drivers\StarOpen.SYS 0xF777F000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0xB82DF000 \SystemRoot\System32\DRIVERS\rdbss.sys 0xB826F000 \SystemRoot\System32\DRIVERS\mrxsmb.sys 0xF7566000 \SystemRoot\System32\Drivers\Fips.SYS 0xB8248000 \SystemRoot\system32\DRIVERS\V0330Vid.sys 0xBA0AF000 \SystemRoot\System32\DRIVERS\DMICall.sys 0xB8226000 \SystemRoot\system32\DRIVERS\avipbb.sys 0xF79B5000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys 0xF7506000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xB81E6000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF79D1000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xB83F1000 \SystemRoot\System32\drivers\Dxapi.sys 0xF779F000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xBA0B5000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\nv4_disp.dll 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xB761E000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0xB763B000 \SystemRoot\System32\DRIVERS\ndisuio.sys 0xB6169000 \SystemRoot\System32\DRIVERS\mrxdav.sys 0xB612C000 \SystemRoot\system32\drivers\wdmaud.sys 0xF7536000 \SystemRoot\system32\drivers\sysaudio.sys 0xB97CB000 \SystemRoot\System32\drivers\BrPar.sys 0xF79CF000 \SystemRoot\System32\Drivers\ParVdm.SYS 0xB5E7F000 \SystemRoot\System32\DRIVERS\srv.sys 0xF7546000 \SystemRoot\System32\DRIVERS\secdrv.sys 0xB9803000 \??\C:\DOKUME~1\BORISK~1\LOKALE~1\Temp\mbr.sys 0xB97E3000 \??\C:\DOKUME~1\BORISK~1\LOKALE~1\Temp\catchme.sys 0xF79FF000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 0xB4FD1000 \SystemRoot\System32\Drivers\HTTP.sys 0x7C910000 \WINDOWS\system32\ntdll.dll Processes (total 29): 0 System Idle Process 4 System 656 C:\WINDOWS\system32\smss.exe 700 csrss.exe 740 C:\WINDOWS\system32\winlogon.exe 784 C:\WINDOWS\system32\services.exe 796 C:\WINDOWS\system32\lsass.exe 984 C:\WINDOWS\system32\svchost.exe 1056 svchost.exe 1152 C:\WINDOWS\system32\svchost.exe 1280 svchost.exe 1352 svchost.exe 1364 C:\WINDOWS\system32\ZoneLabs\vsmon.exe 2040 C:\WINDOWS\system32\spoolsv.exe 196 C:\Programme\Avira\AntiVir Desktop\sched.exe 420 svchost.exe 516 C:\Programme\Avira\AntiVir Desktop\avguard.exe 532 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1856 C:\Programme\Bonjour\mDNSResponder.exe 1232 C:\Programme\Avira\AntiVir Desktop\avshadow.exe 1344 C:\Programme\Java\jre6\bin\jqs.exe 1564 C:\WINDOWS\system32\nvsvc32.exe 2080 C:\WINDOWS\system32\svchost.exe 3252 alg.exe 14180 C:\WINDOWS\explorer.exe 14248 C:\WINDOWS\system32\wuauclt.exe 1604 C:\WINDOWS\system32\svchost.exe 12672 C:\Programme\Mozilla Firefox\firefox.exe 2828 C:\Dokumente und Einstellungen\Boris Kannowski\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000006`fc7cfe00 (NTFS) PhysicalDrive0 Model Number: SAMSUNGSP1654N, Rev: BV100-37 Size Device Name MBR Status -------------------------------------------- 149 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A Done! |
|
|
||
02.09.2010, 00:20
Member
Beiträge: 420 |
#14
Nun gut, versuchen wir zunächst, den Kryptografie-Dienst wieder in Gang zu kriegen:
Start -> Systemsteuerung -> Verwaltung -> Dienste Suche in der Liste "Kryptografiedienste", klicke mit der rechten Maustatste drauf und wähle "Eigenschaften". Wähle unter Starttyp "Automatisch" -> Übernehmen -> OK Starte dann den PC neu und lasse Combofix bitte erneut laufen. |
|
|
||
02.09.2010, 00:27
Member
Themenstarter Beiträge: 12 |
#15
"Kryptografiedienste" gibts bei mir nicht in der Liste, lediglich "CryptSvc", aber das steht schon auf "automatisch".
|
|
|
||
Ich habe ein Problem. Seit ein paar Tagen zeigt mir Windows XP Home nach dem Hochfahren als erstes die Fehlermeldung "Resource Verifier hat ein Problem und muss beendet werden" an. Wenn ich mir den Bericht anzeigen lasse, ist dort die Rede von einer gewissen Datei namens "packm.exe", die sich im C.\Windows\System32\ Ordner befindet.
Nachdem ich auf "keinen Bericht senden" klicke, passiert weiter nichts. Ich sehe lediglich mein Desktop Hintergrundbild, ohne Symbole und Taskleiste. Erst wenn ich manuell per Taskmanager "explorer.exe" ausführe, erscheinen Symbole und Taskleiste. Nebenher ist mir noch aufgefallen, dass gelegentlich auf mein Floppydisklaufwerk zugegriffen wird (Lampe brennt dann kurz) obwohl ich nichts damit mache.
Könnt Ihr mir weiterhelfen?
Danke!
Boris