Neuer MSN Virus im Link! HJT Log dabei!

#1 Hallo und danke schon im Vorraus an jegliche Hilfe!

Ich habe ein Problem mit einem MSN Virus der automatisch Nachrichten verschickt. Ich schildere den Verlauf des "Einfangns" von dem Virus.

Ich bekam von einem Freund folgenden Messaage / Link zu gesendet:

oh du naked ? :-O h**p://members.lycos.nl/nakedgirl/?=seppe92@web.de
Ich klickte darauf und es öffnete sich der Firefox mit einem Fenster, wo ich eine Datei downloaden konnte. Ich klickte "Datei Speichern".(Mein Speicherort für Downloads ist der Desktop) Es öffnete sich ein kleines Bild auf dem Desktop und versendete den oben genannten Link an alle meine Buddys.(Anders ist nur die jeweilige Email Adresse. Sprich anstatt" seppe92@web.de" ist dann eben buddy123@blabla.de)
Seitdem versendet MSN diesen Link so ca. alle 3 Minuten an alle meine Buddys.

Ich hoffe die Schilderung hilft euch ein wenig. Hier ist nun das aktuelle HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:03:22, on 14.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Progiez\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Progiez\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\DOKUME~1\Seppe\LOKALE~1\Temp\services.exe
D:\Progiez\RocketDock\RocketDock.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE
C:\Programme\BOINC\boincmgr.exe
C:\Programme\DT\Sinus 154 stick\Wifiusb.exe
D:\Progiez\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\BOINC\boinc.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\iTunes\iTunes.exe
C:\Programme\BOINC\projects\spin.fh-bielefeld.de\metropolis_3.10_windows_intelx86.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [avgnt] "D:\Progiez\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ValueX] C:\DOKUME~1\Seppe\LOKALE~1\Temp\services.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RocketDock] "D:\Progiez\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SB2.tmp" /EF "HKCU"
O4 - Global Startup: BOINC Manager.lnk = C:\Programme\BOINC\boincmgr.exe
O4 - Global Startup: Sinus 154 stick WLAN Manager.lnk = C:\Programme\DT\Sinus 154 stick\Wifiusb.exe
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - D:\Progiez\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Progiez\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Progiez\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156755463171
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - D:\Progiez\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Progiez\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - D:\Nützliches\Sony Vegas\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - D:\Nützliches\Sony Vegas\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: Voice Tuner (voicetuner) - Unknown owner - D:\Progiez\Scramby\voicetunerserver.exe (file missing)

--
End of file - 6800 bytes

Gruß Seppe und danke schon mal.
P.S: (Ich danke schon im Vorraus da ich immer eine Top hilfe bekam

#2 Lass den ATF-Cleaner laufen
(http://board.protecus.de/t23188.htm)

poste das Log von Combofix
http://www.virus-protect.org/artikel/tools/combofix.html

#3 Ok. Habe Combofix durch laufen lassen. Das Log:

ComboFix 08-01-14.4 - Seppe 2008-01-14 20:13:14.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.1584 [GMT 1:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Seppe\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\sys_51803405003450985409.dll

.
((((((((((((((((((((((( Dateien erstellt von 2007-12-14 bis 2008-01-14 ))))))))))))))))))))))))))))))
.

2008-01-14 20:12 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 15:20 . 2008-01-13 22:04 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-01-13 15:20 . 2008-01-13 22:04 1,080 --a------ C:\WINDOWS\system32\settings.sfm
2008-01-13 15:00 . 2008-01-13 15:00 72 --a------ C:\WINDOWS\sbwin.ini
2008-01-13 14:47 . 2008-01-13 22:04 64,756 --a------ C:\WINDOWS\system32\DVCState-{00000005-00000000-0000000C-00001102-00000005-00211102}.rfx
2008-01-13 14:47 . 2008-01-13 22:04 53,968 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000005-00000000-0000000C-00001102-00000005-00211102}.rfx
2008-01-13 14:47 . 2008-01-13 22:04 53,968 --a------ C:\WINDOWS\system32\BMXState-{00000005-00000000-0000000C-00001102-00000005-00211102}.rfx
2008-01-13 13:23 . 2008-01-13 13:24 132,104 --a------ C:\Dokumente und Einstellungen\Seppe\kkneag.exe
2008-01-13 13:21 . 2008-01-13 13:50 51,646 --a------ C:\Dokumente und Einstellungen\Seppe\kzgrtk.exe
2008-01-13 13:21 . 2008-01-13 13:21 44,590 --a------ C:\Dokumente und Einstellungen\Seppe\fnrcig.exe
2008-01-08 19:43 . 2008-01-10 19:22 <DIR> d-------- C:\WINDOWS\system32\Coca-Cola Zero Screensaver dir
2008-01-05 21:06 . 2007-12-17 13:53 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
2007-12-29 17:51 . 2007-12-30 12:06 <DIR> d-------- C:\RVAXO
2007-12-28 13:05 . 2007-12-29 00:34 579,934 --a------ C:\WINDOWS\system32\RVAXO.bat
2007-12-28 13:05 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
2007-12-27 20:11 . 2007-12-27 20:11 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
2007-12-27 20:09 . 2007-12-27 20:43 <DIR> d-------- C:\Programme\ABBYY FineReader 6.0 Sprint
2007-12-27 20:07 . 2007-12-27 20:07 <DIR> d-------- C:\Dokumente und Einstellungen\Seppe\Anwendungsdaten\InstallShield
2007-12-27 20:06 . 2007-12-27 20:06 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
2007-12-27 20:06 . 2006-12-08 03:04 76,800 --a------ C:\WINDOWS\system32\E_FLBCEE.DLL
2007-12-27 20:06 . 2006-04-19 03:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BCEE.DLL
2007-12-27 20:06 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-27 20:06 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-12-27 20:00 . 2007-04-18 00:00 67,072 --a------ C:\WINDOWS\system32\escwiad.dll
2007-12-27 20:00 . 2007-12-27 20:00 25 --a------ C:\WINDOWS\CDE DX8400DEFGIPS.ini
2007-12-27 11:05 . 2007-12-27 11:05 <DIR> d-------- C:\Programme\Trend Micro
2007-12-22 20:55 . 2007-12-22 20:55 <DIR> d-------- C:\Dokumente und Einstellungen\Seppe\Anwendungsdaten\TeamViewer
2007-12-22 20:54 . 2007-12-22 20:54 <DIR> d-------- C:\Dokumente und Einstellungen\Seppe\temp
2007-12-17 19:51 . 2007-12-17 19:51 <DIR> d--h----- C:\WINDOWS\Icons

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 19:08 --------- d-----w C:\Programme\BOINC
2008-01-13 14:15 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Creative
2008-01-13 13:40 81,920 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-01-13 13:40 233,472 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-01-12 12:29 --------- d-----w C:\Programme\Java
2008-01-11 21:00 --------- d-----w C:\Dokumente und Einstellungen\Seppe\Anwendungsdaten\Creative
2008-01-11 19:00 --------- d-----w C:\Dokumente und Einstellungen\Seppe\Anwendungsdaten\teamspeak2
2007-12-27 19:16 --------- d--h--w C:\Programme\InstallShield Installation Information
2007-12-27 19:10 --------- d-----w C:\Programme\EPSON
2007-12-27 09:51 --------- d-----w C:\Dokumente und Einstellungen\Seppe\Anwendungsdaten\Xfire
2007-12-23 10:39 --------- d-----w C:\Programme\MSN Messenger
2007-12-11 19:32 --------- d-----w C:\Dokumente und Einstellungen\Seppe\Anwendungsdaten\FreeStone Group
2007-12-11 17:32 --------- d-----w C:\Programme\DivX
2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-12-05 00:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-12-05 00:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-12-05 00:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-12-05 00:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-12-05 00:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-12-05 00:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-12-05 00:41 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-12-05 00:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-12-05 00:41 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-12-05 00:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-12-05 00:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-12-05 00:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-12-05 00:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-12-05 00:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-12-05 00:41 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-12-05 00:41 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-12-05 00:41 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-12-05 00:41 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-12-05 00:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-12-05 00:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-12-05 00:41 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-12-05 00:41 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-12-05 00:41 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-12-05 00:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-12-05 00:41 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-12-05 00:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-12-05 00:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-12-05 00:41 3,334,144 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-12-05 00:41 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-12-05 00:41 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-12-05 00:41 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-12-05 00:41 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-12-05 00:41 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-12-05 00:41 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll
2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-12-05 00:41 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2007-12-05 00:41 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll
2007-12-05 00:41 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
2007-12-05 00:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-12-05 00:41 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll
2007-12-05 00:41 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
2007-12-05 00:41 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
2007-12-05 00:41 2,519,040 ----a-w C:\WINDOWS\system32\nvwssr.dll
2007-12-05 00:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-12-05 00:41 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll
2007-12-05 00:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-12-05 00:41 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll
2007-12-05 00:41 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll
2007-12-05 00:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-12-05 00:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
.

((((((((((((((((((((((((((((( snapshot_2007-12-27_11.38.21,60 )))))))))))))))))))))))))))))))))))))))))
.
+ 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2008-01-14 19:13:08 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-14 19:13:08 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-14 19:13:08 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-14 19:13:08 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-14 19:13:08 9,318,400 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-14 19:13:08 909,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2007-12-27 19:09:27 69,632 ----a-r C:\WINDOWS\Installer\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}\_SHCT_Sprint.exe.exe
+ 2007-12-27 19:09:27 69,632 ----a-r C:\WINDOWS\Installer\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}\ARPPRODUCTICON.exe
- 2005-08-07 22:13:46 33,792 ----a-r C:\WINDOWS\system32\a3d.dll
+ 2006-12-12 09:47:24 34,816 ----a-w C:\WINDOWS\system32\a3d.dll
- 2005-08-07 22:12:00 26,624 ----a-w C:\WINDOWS\system32\AC3API.DLL
+ 2006-12-12 09:47:12 27,648 ----a-w C:\WINDOWS\system32\ac3api.dll
- 2005-08-07 21:56:56 87,040 ----a-r C:\WINDOWS\system32\commonfx.dll
+ 2006-12-19 07:31:42 95,544 ----a-w C:\WINDOWS\system32\commonfx.dll
- 2005-08-07 21:54:34 120,320 ----a-w C:\WINDOWS\system32\CT_OAL.DLL
+ 2006-12-12 09:36:52 204,800 ----a-w C:\WINDOWS\system32\ct_oal.dll
- 2005-08-07 21:57:34 158,208 ----a-r C:\WINDOWS\system32\CT20XUT.DLL
+ 2006-12-19 07:33:56 167,736 ----a-w C:\WINDOWS\system32\CT20XUT.DLL
- 2005-08-07 21:54:34 73,728 ----a-w C:\WINDOWS\system32\CTASIO.DLL
+ 2006-12-12 09:36:50 79,872 ----a-w C:\WINDOWS\system32\ctasio.dll
- 2005-08-07 21:57:00 536,576 ----a-r C:\WINDOWS\system32\ctaudfx.dll
+ 2006-12-19 07:32:32 546,616 ----a-w C:\WINDOWS\system32\ctaudfx.dll
- 2005-08-07 22:19:00 38,400 ----a-w C:\WINDOWS\system32\CTBURST.DLL
+ 2006-12-12 09:48:22 43,520 ----a-w C:\WINDOWS\system32\CTBurst.dll
- 2005-08-07 22:17:56 81,920 ----a-r C:\WINDOWS\system32\ctcoinst.dll
+ 2007-05-07 09:45:08 86,016 ----a-w C:\WINDOWS\system32\ctcoinst.dll
- 2005-08-07 21:52:10 53,932 ----a-r C:\WINDOWS\system32\ctdaught.dat
+ 2006-12-12 09:34:06 53,932 ----a-w C:\WINDOWS\system32\ctdaught.dat
- 2005-08-07 22:10:00 189,952 ----a-w C:\WINDOWS\system32\CTDC0000.DLL
+ 2006-12-12 09:46:40 228,352 ----a-w C:\WINDOWS\system32\ctdc0000.dll
- 2005-08-07 22:10:02 285,696 ----a-w C:\WINDOWS\system32\CTDC0001.DLL
+ 2006-12-12 09:46:42 331,776 ----a-w C:\WINDOWS\system32\ctdc0001.dll
- 2005-08-07 22:10:02 129,536 ----a-w C:\WINDOWS\system32\CTDCIFCE.DLL
+ 2006-12-12 09:46:42 131,072 ----a-w C:\WINDOWS\system32\ctdcifce.dll
- 2005-08-07 21:58:10 366,041 ----a-r C:\WINDOWS\system32\ctdlang.dat
+ 2006-12-12 09:39:02 325,821 ----a-w C:\WINDOWS\system32\ctdlang.dat
+ 2006-12-12 09:39:02 46,273 ----a-w C:\WINDOWS\system32\ctdnlstr.dat
- 2005-08-07 21:54:32 71,680 ----a-r C:\WINDOWS\system32\ctdproxy.dll
+ 2006-12-12 09:36:48 76,800 ----a-w C:\WINDOWS\system32\ctdproxy.dll
- 2005-08-07 22:17:56 134,656 ----a-r C:\WINDOWS\system32\ctdvinst.dll
+ 2007-05-07 09:45:08 163,328 ----a-w C:\WINDOWS\system32\ctdvinst.dll
- 2005-08-07 21:57:14 157,696 ----a-r C:\WINDOWS\system32\cteapsfx.dll
+ 2006-12-19 07:32:56 168,760 ----a-w C:\WINDOWS\system32\cteapsfx.dll
- 2005-08-07 21:57:36 106,496 ----a-r C:\WINDOWS\system32\ctemupia.dll
+ 2006-12-12 09:38:36 110,080 ----a-w C:\WINDOWS\system32\ctemupia.dll
- 2005-08-07 21:57:28 1,157,632 ----a-r C:\WINDOWS\system32\CTEXFIFX.dll
+ 2006-12-19 07:33:44 1,322,808 ----a-w C:\WINDOWS\system32\CTEXFIFX.dll
+ 2006-12-12 09:46:52 19,456 ----a-w C:\WINDOWS\system32\CtHelper.exe
- 2005-08-07 21:57:36 61,952 ----a-r C:\WINDOWS\system32\CTHWIUT.DLL
+ 2006-12-19 07:34:06 69,432 ----a-w C:\WINDOWS\system32\CTHWIUT.DLL
- 2005-08-07 21:54:20 129,024 ----a-w C:\WINDOWS\system32\CTOSUSER.DLL
+ 2006-12-12 09:36:38 137,216 ----a-w C:\WINDOWS\system32\ctosuser.dll
- 2005-08-07 22:10:16 30,208 ----a-w C:\WINDOWS\system32\CTPCMCIA.DLL
+ 2006-12-12 09:46:50 55,296 ----a-w C:\WINDOWS\system32\CTpcmcia.dll
- 2005-08-07 21:57:18 548,352 ----a-r C:\WINDOWS\system32\ctsblfx.dll
+ 2006-12-19 07:32:44 557,880 ----a-w C:\WINDOWS\system32\ctsblfx.dll
- 2005-08-07 22:10:04 75,264 ----a-w C:\WINDOWS\system32\CTSCAL.DLL
+ 2006-12-12 09:46:44 78,336 ----a-w C:\WINDOWS\system32\ctscal.dll
- 2005-08-07 22:10:16 23,552 ----a-w C:\WINDOWS\system32\CTSPKHLP.DLL
+ 2006-12-12 09:46:50 52,224 ----a-w C:\WINDOWS\system32\ctspkhlp.dll
- 2005-08-07 21:52:10 313,207 ----a-r C:\WINDOWS\system32\ctstatic.dat
+ 2006-12-12 09:34:06 313,207 ----a-w C:\WINDOWS\system32\ctstatic.dat
- 2005-08-07 22:10:04 64,000 ----a-w C:\WINDOWS\system32\CTTHXCAL.DLL
+ 2006-12-12 09:46:44 69,632 ----a-w C:\WINDOWS\system32\ctthxcal.dll
- 2005-08-07 22:10:24 25,088 ----a-w C:\WINDOWS\system32\CTXFIBTN.DLL
+ 2006-12-12 09:46:58 42,496 ----a-w C:\WINDOWS\system32\CTxfiBtn.dll
- 2005-08-07 22:10:22 18,944 ----a-w C:\WINDOWS\system32\CTXFIHLP.EXE
+ 2006-12-12 09:46:54 20,480 ----a-w C:\WINDOWS\system32\Ctxfihlp.exe
- 2005-08-07 22:04:44 699,392 ----a-w C:\WINDOWS\system32\CTXFISPI.EXE
+ 2006-12-12 09:43:58 842,240 ----a-w C:\WINDOWS\system32\CTxfispi.exe
- 2005-08-07 22:10:24 29,184 ----a-w C:\WINDOWS\system32\CTXFISPK.DLL
+ 2006-12-12 09:46:56 50,176 ----a-w C:\WINDOWS\system32\CTxfiSpk.dll
- 2005-08-07 21:52:10 12,545 ----a-r C:\WINDOWS\system32\Data\ctd20x.dat
+ 2006-12-04 10:02:32 27,935 ----a-w C:\WINDOWS\system32\Data\ctd20x.dat
- 2005-08-07 21:54:12 244,057 ----a-w C:\WINDOWS\system32\Data\CTP0460W.DAT
+ 2006-12-04 10:04:48 264,060 ----a-w C:\WINDOWS\system32\Data\CTP0460W.DAT
+ 2006-12-04 10:04:52 264,060 ----a-w C:\WINDOWS\system32\Data\CTP0462W.DAT
- 2005-08-07 21:54:12 244,503 ----a-w C:\WINDOWS\system32\Data\CTP0463W.DAT
+ 2006-12-04 10:04:48 264,318 ----a-w C:\WINDOWS\system32\Data\CTP0463W.DAT
- 2005-08-07 21:54:12 244,057 ----a-w C:\WINDOWS\system32\Data\CTP0464W.DAT
+ 2006-12-04 10:04:50 264,060 ----a-w C:\WINDOWS\system32\Data\CTP0464W.DAT
+ 2006-12-04 10:04:50 264,060 ----a-w C:\WINDOWS\system32\Data\CTP0465W.DAT
- 2005-08-07 21:54:12 244,057 ----a-w C:\WINDOWS\system32\Data\CTP0466W.DAT
+ 2006-12-04 10:04:48 264,060 ----a-w C:\WINDOWS\system32\Data\CTP0466W.DAT
- 2005-08-07 21:54:12 244,057 ----a-w C:\WINDOWS\system32\Data\CTP0468W.DAT
+ 2006-12-04 10:04:50 264,060 ----a-w C:\WINDOWS\system32\Data\CTP0468W.DAT
+ 2006-12-04 10:04:50 264,060 ----a-w C:\WINDOWS\system32\Data\CTP0469W.DAT
+ 2006-12-04 10:04:50 264,060 ----a-w C:\WINDOWS\system32\Data\CTP046AW.DAT
+ 2006-12-04 10:04:52 264,060 ----a-w C:\WINDOWS\system32\Data\CTP046BW.DAT
+ 2006-12-04 10:04:52 264,060 ----a-w C:\WINDOWS\system32\Data\CTP046CW.DAT
- 2005-08-07 21:54:12 244,315 ----a-w C:\WINDOWS\system32\Data\CTP0550W.DAT
+ 2006-12-04 10:04:50 264,318 ----a-w C:\WINDOWS\system32\Data\CTP0550W.DAT
+ 2006-12-04 10:04:52 264,318 ----a-w C:\WINDOWS\system32\Data\CTP055AW.DAT
+ 2006-12-04 10:04:54 346,019 ----a-w C:\WINDOWS\system32\Data\CTP0678W.DAT
- 2005-08-07 21:54:12 325,430 ----a-w C:\WINDOWS\system32\Data\CTP0679W.DAT
+ 2006-12-04 10:04:48 346,019 ----a-w C:\WINDOWS\system32\Data\CTP0679W.DAT
+ 2006-12-04 10:04:50 265,708 ----a-w C:\WINDOWS\system32\Data\CTP0730W.DAT
+ 2006-12-04 10:04:52 265,708 ----a-w C:\WINDOWS\system32\Data\CTP073AW.DAT
+ 2006-12-04 10:04:50 263,801 ----a-w C:\WINDOWS\system32\Data\CTP0760W.DAT
+ 2006-12-04 10:04:52 263,436 ----a-w C:\WINDOWS\system32\Data\CTP0773W.DAT
+ 2006-12-04 10:04:52 263,436 ----a-w C:\WINDOWS\system32\Data\CTP0930W.DAT
- 2001-08-18 02:52:56 98,304 -c--a-w C:\WINDOWS\system32\dllcache\a3d.dll
+ 2006-12-12 09:47:24 34,816 -c--a-w C:\WINDOWS\system32\dllcache\a3d.dll
- 2004-08-03 21:08:00 60,288 -c--a-w C:\WINDOWS\system32\dllcache\drmk.sys
+ 2004-08-03 22:08:00 60,288 -c--a-w C:\WINDOWS\system32\dllcache\drmk.sys
- 2004-08-03 21:15:22 140,928 -c--a-w C:\WINDOWS\system32\dllcache\ks.sys
+ 2004-08-03 22:15:22 140,928 -c--a-w C:\WINDOWS\system32\dllcache\ks.sys
- 2004-08-03 22:57:24 4,096 -c--a-w C:\WINDOWS\system32\dllcache\ksuser.dll
+ 2004-08-03 23:57:24 4,096 -c--a-w C:\WINDOWS\system32\dllcache\ksuser.dll
- 2006-08-17 12:28:44 729,600 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:27:10 729,600 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
- 2007-10-04 16:14:00 6,854,464 -c--a-w C:\WINDOWS\system32\dllcache\nv4_mini.sys
+ 2007-12-05 00:41:00 7,435,392 -c--a-w C:\WINDOWS\system32\dllcache\nv4_mini.sys
- 2004-08-03 21:15:50 145,792 -c--a-w C:\WINDOWS\system32\dllcache\portcls.sys
+ 2004-08-03 22:15:50 145,792 -c--a-w C:\WINDOWS\system32\dllcache\portcls.sys
- 2004-08-03 21:08:04 48,640 -c--a-w C:\WINDOWS\system32\dllcache\stream.sys
+ 2004-08-03 22:08:04 48,640 -c--a-w C:\WINDOWS\system32\dllcache\stream.sys
- 2006-04-20 11:51:50 359,808 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2007-10-30 17:20:55 360,064 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2005-08-07 21:54:14 501,760 ----a-r C:\WINDOWS\system32\drivers\ctac32k.sys
+ 2006-12-19 07:35:40 511,288 ----a-w C:\WINDOWS\system32\drivers\ctac32k.sys
- 2005-08-07 21:54:36 439,424 ----a-r C:\WINDOWS\system32\drivers\ctaud2k.sys
+ 2007-06-18 02:01:28 514,560 ----a-w C:\WINDOWS\system32\drivers\ctaud2k.sys
- 2005-08-07 21:54:22 114,688 ----a-r C:\WINDOWS\system32\drivers\ctoss2k.sys
+ 2006-12-19 07:36:32 128,312 ----a-w C:\WINDOWS\system32\drivers\ctoss2k.sys
- 2005-08-07 21:54:38 7,168 ----a-r C:\WINDOWS\system32\drivers\ctprxy2k.sys
+ 2006-12-19 07:36:36 14,648 ----a-w C:\WINDOWS\system32\drivers\ctprxy2k.sys
- 2005-08-07 21:54:18 142,848 ----a-r C:\WINDOWS\system32\drivers\ctsfm2k.sys
+ 2006-12-19 07:36:42 156,984 ----a-w C:\WINDOWS\system32\drivers\ctsfm2k.sys
- 2004-08-03 21:08:00 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
+ 2004-08-03 22:08:00 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
- 2005-08-07 21:54:18 77,824 ----a-r C:\WINDOWS\system32\drivers\emupia2k.sys
+ 2006-12-19 07:36:46 90,936 ----a-w C:\WINDOWS\system32\drivers\emupia2k.sys
- 2005-08-07 21:54:30 1,093,632 ----a-r C:\WINDOWS\system32\drivers\ha20x2k.sys
+ 2006-12-19 07:36:54 1,160,504 ----a-w C:\WINDOWS\system32\drivers\ha20x2k.sys
- 2004-08-03 21:15:22 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys
+ 2004-08-03 22:15:22 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys
- 2005-08-07 22:15:38 9,216 ----a-r C:\WINDOWS\system32\drivers\pfmodnt.sys
+ 2006-12-19 07:37:02 16,184 ----a-w C:\WINDOWS\system32\drivers\pfmodnt.sys
- 2004-08-03 21:15:50 145,792 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
+ 2004-08-03 22:15:50 145,792 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
- 2004-08-03 21:08:04 48,640 ----a-w C:\WINDOWS\system32\drivers\stream.sys
+ 2004-08-03 22:08:04 48,640 ----a-w C:\WINDOWS\system32\drivers\stream.sys
- 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2003-04-10 18:29:34 31,744 ----a-w C:\WINDOWS\system32\E_DCINST.DLL
+ 2004-09-10 20:12:28 49,152 ----a-w C:\WINDOWS\system32\E_DCINST.DLL
+ 2006-10-30 23:10:00 71,840 ----a-w C:\WINDOWS\system32\EPPicMgr.dll
+ 2004-03-03 05:10:00 26,154 ----a-w C:\WINDOWS\system32\EPPICPattern1.dat
+ 2004-03-03 05:10:00 27,417 ----a-w C:\WINDOWS\system32\EPPICPattern121.dat
+ 2004-03-03 05:10:00 31,053 ----a-w C:\WINDOWS\system32\EPPICPattern131.dat
+ 2004-03-03 05:10:00 20,148 ----a-w C:\WINDOWS\system32\EPPICPattern2.dat
+ 2004-03-03 05:10:00 24,903 ----a-w C:\WINDOWS\system32\EPPICPattern3.dat
+ 2004-03-03 05:10:00 11,811 ----a-w C:\WINDOWS\system32\EPPICPattern4.dat
+ 2004-03-03 05:10:00 21,390 ----a-w C:\WINDOWS\system32\EPPICPattern5.dat
+ 2004-03-03 05:10:00 4,943 ----a-w C:\WINDOWS\system32\EPPICPattern6.dat
+ 2005-05-31 23:20:00 111,932 ----a-w C:\WINDOWS\system32\EPPICPrinterDB.dat
+ 2006-10-30 23:10:00 120,992 ----a-w C:\WINDOWS\system32\EpPicPrt.dll
- 2007-03-13 22:31:24 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-09-24 21:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-03-13 22:31:28 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-24 21:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-03-14 00:04:46 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2007-09-24 22:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2004-08-03 22:57:24 4,096 ------w C:\WINDOWS\system32\ksuser.dll
+ 2004-08-03 23:57:24 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll
- 2006-08-17 12:28:44 729,600 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2007-11-07 09:27:10 729,600 ----a-w C:\WINDOWS\system32\lsasrv.dll
- 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-10-04 16:14:00 1,073,152 ----a-w C:\WINDOWS\system32\nvcpluir.dll
+ 2007-12-05 00:41:00 1,073,152 ----a-w C:\WINDOWS\system32\nvcpluir.dll
+ 2007-12-05 00:41:00 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll
- 2007-10-04 16:14:00 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
+ 2007-12-05 00:41:00 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
- 2007-10-04 16:14:00 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll
+ 2007-12-05 00:41:00 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
- 2007-10-04 16:14:00 1,150,976 ----a-w C:\WINDOWS\system32\nvmobls.dll
+ 2007-12-05 00:41:00 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll
- 2007-10-04 16:14:00 126,976 ----a-w C:\WINDOWS\system32\nvrszht.dll
+ 2007-12-05 00:41:00 126,976 ----a-w C:\WINDOWS\system32\nvrszht.dll
- 2007-10-04 16:14:00 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
+ 2007-12-05 00:41:00 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
- 2007-10-04 16:14:00 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
+ 2007-12-05 00:41:00 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
- 2007-10-04 16:14:00 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
+ 2007-12-05 00:41:00 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
- 2005-08-07 21:54:16 73,728 ----a-r C:\WINDOWS\system32\piaproxy.dll
+ 2006-12-12 09:36:32 81,920 ----a-w C:\WINDOWS\system32\piaproxy.dll
+ 2006-10-19 23:10:00 108,704 ----a-w C:\WINDOWS\system32\PICEntry.dll
+ 2006-10-19 23:10:00 80,024 ----a-w C:\WINDOWS\system32\PICSDK.dll
+ 2006-10-19 23:10:00 501,912 ----a-w C:\WINDOWS\system32\PICSDK2.dll
- 2005-08-07 21:54:16 33,792 ----a-w C:\WINDOWS\system32\REGPLIB.EXE
+ 2006-12-12 09:36:32 35,328 ----a-w C:\WINDOWS\system32\regplib.exe
+ 2007-10-04 16:14:00 5,783,424 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\nv4_disp.dll
+ 2007-10-04 16:14:00 6,854,464 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\nv4_mini.sys
+ 2007-10-04 16:14:00 364,544 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\nvapi.dll
+ 2007-10-04 16:14:00 36,864 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\nvcod.dll
+ 2007-10-04 16:14:00 8,491,008 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\nvcpl.dll
+ 2007-10-04 16:14:00 6,344,704 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\nvdisps.dll
+ 2007-10-04 16:14:00 5,509,120 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\nvdispsr.dll
+ 2007-10-04 16:14:00 3,334,144 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\nvgames.dll
+ 2007-10-04 16:14:00 3,166,208 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\nvgamesr.dll
+ 2007-10-04 16:14:00 229,376 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\nvmccs.dll
+ 2007-10-04 16:14:00 188,416 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\nvmccss.dll
+ 2007-10-04 16:14:00 458,752 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\nvmccssr.dll
+ 2007-10-04 16:14:00 81,920 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\nvmctray.dll
+ 2007-10-04 16:14:00 1,150,976 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\nvmobls.dll
+ 2007-10-04 16:14:00 2,854,912 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\nvmoblsr.dll
+ 2007-10-04 16:14:00 286,720 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\nvnt4cpl.dll
+ 2007-10-04 16:14:00 6,750,208 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\nvoglnt.dll
+ 2007-10-04 16:14:00 155,716 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\nvsvc32.exe
+ 2007-10-04 16:14:00 3,551,232 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\nvvitvs.dll
+ 2007-10-04 16:14:00 3,629,056 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\nvvitvsr.dll
+ 2007-10-04 16:14:00 81,920 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\nvwddi.dll
+ 2007-10-04 16:14:00 2,371,584 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\nvwss.dll
+ 2007-10-04 16:14:00 2,441,216 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\nvwssr.dll
- 2005-08-07 21:54:20 21,504 ----a-r C:\WINDOWS\system32\sfman32.dll
+ 2006-12-12 09:36:36 22,528 ----a-w C:\WINDOWS\system32\sfman32.dll
- 2005-08-07 21:54:18 120,832 ----a-w C:\WINDOWS\system32\SFMS32.DLL
+ 2006-12-12 09:36:36 130,048 ----a-w C:\WINDOWS\system32\sfms32.dll
+ 2007-02-02 18:57:42 202,912 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_DUPA20.EXE
+ 2007-02-14 02:00:02 7,168 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_DUPA2E.DLL
+ 2007-02-26 06:00:00 397,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FABRCEE.DLL
+ 2007-02-15 06:00:00 3,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FAIFCEE.DAT
+ 2007-01-22 01:02:00 138,752 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FAIRCEE.DLL
+ 2007-03-09 05:01:00 173,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FAMTCEE.EXE
+ 2007-04-12 06:00:00 677,888 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FAPRCEE.DLL
+ 2007-03-12 05:01:00 156,160 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FARNCEE.EXE
+ 2006-11-13 05:00:00 129,536 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FASKCEE.DLL
+ 2007-03-06 01:01:00 454,656 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FASOCEE.DLL
+ 2007-04-16 06:05:00 74,240 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FASRCEE.DLL
+ 2007-04-12 06:00:00 182,272 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICEE.EXE
+ 2006-11-13 01:00:00 23,552 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FAUDCEE.DLL
+ 2007-02-21 06:01:00 32,768 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FBA6CEE.DLL
+ 2006-11-30 05:12:00 172,032 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FBAPCEE.DLL
+ 2006-11-16 01:01:00 176,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FBCSCEE.EXE
+ 2007-01-30 06:03:00 35,840 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FBL6CEE.DLL
+ 2006-11-13 04:00:00 458,752 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FCONCEE.DLL
+ 2007-04-10 05:00:00 71,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FDSPCEE.DLL
+ 2007-02-26 01:01:00 9,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FGEPCEE.DLL
+ 2006-09-21 03:04:00 18,432 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FGRCCEE.DLL
+ 2007-03-30 01:00:00 504,832 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FHBRCEE.DLL
+ 2007-01-18 04:20:00 328,192 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FHM0CEE.DLL
+ 2007-03-30 01:05:00 40,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FHSRCEE.DLL
+ 2007-02-13 04:20:00 104,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FHT0CEE.DLL
+ 2007-03-30 10:06:00 218,624 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FHUTCEE.DLL
+ 2007-03-30 10:06:00 105,984 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FHUTCEE.EXE
+ 2007-04-05 04:00:00 561,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FJBCCEE.DLL
+ 2007-01-22 05:00:00 119,296 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FMAICEE.DLL
+ 2007-03-23 04:20:00 48,640 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FMW0CEE.DLL
+ 2006-12-13 14:55:34 536,576 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FOKACEE.DLL
+ 2006-10-31 04:00:00 196,608 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FPRECEE.EXE
+ 2007-01-23 04:00:00 626,688 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FPRUCEE.DLL
+ 2007-03-30 04:20:00 1,480,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FSR0CEE.DLL
+ 2007-01-22 07:01:00 740,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FUI1CEE.DLL
+ 2007-03-15 06:00:00 1,187,840 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FUICCEE.DLL
+ 2007-04-04 06:05:00 8,192 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FUIPCEE.DLL
+ 2007-03-26 07:05:00 201,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FUIRCEE.DLL
+ 2007-01-11 04:02:00 113,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S40RP7.EXE
- 2002-11-15 01:03:00 139,264 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EBAPI4.DLL
+ 2006-11-30 05:12:00 172,032 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EBAPI4.DLL
+ 2007-01-30 06:03:00 35,840 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EBPBIDI.DLL
- 2003-02-20 01:08:00 54,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EPSET32.DLL
+ 2007-03-06 03:09:00 296,448 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EPSET32.DLL
+ 2004-04-21 00:00:00 7,019 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EPUPDATE.DAT
- 2003-02-04 05:58:00 420,448 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EPUPDATE.EXE
+ 2007-02-26 06:18:00 723,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EPUPDATE.EXE
+ 2007-02-02 18:57:42 202,912 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_DUPA20.EXE
+ 2007-02-14 02:00:02 7,168 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_DUPA2E.DLL
+ 2007-02-26 06:00:00 397,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FABRCEE.DLL
+ 2007-02-15 06:00:00 3,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FAIFCEE.DAT
+ 2007-01-22 01:02:00 138,752 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FAIRCEE.DLL
+ 2007-03-09 05:01:00 173,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FAMTCEE.EXE
+ 2007-04-12 06:00:00 677,888 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FAPRCEE.DLL
+ 2007-03-12 05:01:00 156,160 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FARNCEE.EXE
+ 2006-11-13 05:00:00 129,536 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FASKCEE.DLL
+ 2007-03-06 01:01:00 454,656 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FASOCEE.DLL
+ 2007-04-16 06:05:00 74,240 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FASRCEE.DLL
+ 2007-04-12 06:00:00 182,272 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FATICEE.EXE
+ 2006-11-13 01:00:00 23,552 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FAUDCEE.DLL
+ 2007-02-21 06:01:00 32,768 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FBA6CEE.DLL
+ 2006-11-30 05:12:00 172,032 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FBAPCEE.DLL
+ 2006-11-16 01:01:00 176,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FBCSCEE.EXE
+ 2007-01-30 06:03:00 35,840 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FBL6CEE.DLL
+ 2006-11-13 04:00:00 458,752 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FCONCEE.DLL
+ 2007-04-10 05:00:00 71,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FDSPCEE.DLL
+ 2007-02-26 01:01:00 9,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FGEPCEE.DLL
+ 2006-09-21 03:04:00 18,432 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FGRCCEE.DLL
+ 2007-03-30 01:00:00 504,832 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FHBRCEE.DLL
+ 2007-01-18 04:20:00 328,192 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FHM0CEE.DLL
+ 2007-03-30 01:05:00 40,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FHSRCEE.DLL
+ 2007-02-13 04:20:00 104,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FHT0CEE.DLL
+ 2007-03-30 10:06:00 218,624 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FHUTCEE.DLL
+ 2007-03-30 10:06:00 105,984 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FHUTCEE.EXE
+ 2007-04-05 04:00:00 561,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FJBCCEE.DLL
+ 2007-01-22 05:00:00 119,296 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FMAICEE.DLL
+ 2007-03-23 04:20:00 48,640 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FMW0CEE.DLL
+ 2006-12-13 14:55:34 536,576 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FOKACEE.DLL
+ 2006-10-31 04:00:00 196,608 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FPRECEE.EXE
+ 2007-01-23 04:00:00 626,688 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FPRUCEE.DLL
+ 2007-03-30 04:20:00 1,480,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FSR0CEE.DLL
+ 2007-01-22 07:01:00 740,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FUI1CEE.DLL
+ 2007-03-15 06:00:00 1,187,840 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FUICCEE.DLL
+ 2007-04-04 06:05:00 8,192 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FUIPCEE.DLL
+ 2007-03-26 07:05:00 201,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_FUIRCEE.DLL
+ 2007-01-11 04:02:00 113,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\E_S40RP7.EXE
+ 2006-11-30 05:12:00 172,032 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\EBAPI4.DLL
+ 2007-01-30 06:03:00 35,840 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\EBPBIDI.DLL
+ 2007-03-06 03:09:00 296,448 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\EPSET32.DLL
+ 2004-04-21 00:00:00 7,019 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\EPUPDATE.DAT
+ 2007-02-26 06:18:00 723,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_dx8400127c\EPUPDATE.EXE
+ 2004-04-21 00:00:00 7,019 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\EPUPDATE.DAT
+ 2007-02-26 06:18:00 723,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\EPUPDATE.EXE
- 2007-12-13 20:26:50 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 07:00:00 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2004-07-02 15:02:56 409,600 ----a-w C:\WINDOWS\twain_32\escndv\encm.dll
+ 2004-07-02 15:02:56 180,224 ----a-w C:\WINDOWS\twain_32\escndv\encmutil.dll
+ 2004-07-02 15:02:56 184,320 ----a-w C:\WINDOWS\twain_32\escndv\enll.dll
+ 2004-07-02 15:02:56 167,936 ----a-w C:\WINDOWS\twain_32\escndv\enludp.dll
+ 2007-04-09 23:00:00 86,016 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ade.dll
+ 2004-07-02 15:02:56 409,600 ----a-w C:\WINDOWS\twain_32\escndv\es0080\encm.dll
+ 2004-07-02 15:02:56 180,224 ----a-w C:\WINDOWS\twain_32\escndv\es0080\encmutil.dll
+ 2004-07-02 15:02:56 184,320 ----a-w C:\WINDOWS\twain_32\escndv\es0080\enll.dll
+ 2004-07-02 15:02:56 167,936 ----a-w C:\WINDOWS\twain_32\escndv\es0080\enludp.dll
+ 2007-03-07 23:00:00 3,518,464 ----a-w C:\WINDOWS\twain_32\escndv\es0080\escires.dll
+ 2006-11-01 23:00:00 90,112 ----a-w C:\WINDOWS\twain_32\escndv\es0080\esddc.dll
+ 2007-03-29 23:00:00 188,416 ----a-w C:\WINDOWS\twain_32\escndv\es0080\esdevcl.dll
+ 2007-03-07 23:00:00 131,072 ----a-w C:\WINDOWS\twain_32\escndv\es0080\esdevif.dll
+ 2007-03-07 23:00:00 49,152 ----a-w C:\WINDOWS\twain_32\escndv\es0080\esdscl.dll
+ 2006-12-11 23:00:00 425,984 ----a-w C:\WINDOWS\twain_32\escndv\es0080\esdtr.dll
+ 2007-01-28 23:00:00 454,656 ----a-w C:\WINDOWS\twain_32\escndv\es0080\esdtr2.dll
+ 2007-02-06 23:00:00 188,416 ----a-w C:\WINDOWS\twain_32\escndv\es0080\esfit.dll
+ 2005-09-26 23:00:00 53,248 ----a-w C:\WINDOWS\twain_32\escndv\es0080\esicm.dll
+ 2006-11-01 23:00:00 561,152 ----a-w C:\WINDOWS\twain_32\escndv\es0080\esimfl.dll
+ 2007-03-07 23:00:00 229,376 ----a-w C:\WINDOWS\twain_32\escndv\es0080\esimgctl.dll
+ 2006-07-31 23:00:00 1,658,880 ----a-w C:\WINDOWS\twain_32\escndv\es0080\esimgdet.dll
+ 2007-03-29 23:00:00 348,287 ----a-w C:\WINDOWS\twain_32\escndv\es0080\esmps.dll
+ 2007-03-07 23:00:00 86,016 ----a-w C:\WINDOWS\twain_32\escndv\es0080\esmpsres.dll
+ 2005-04-24 23:00:00 126,976 ----a-w C:\WINDOWS\twain_32\escndv\es0080\esnetbg.dll
+ 2007-03-07 23:00:00 139,264 ----a-w C:\WINDOWS\twain_32\escndv\es0080\esres.dll
+ 2007-03-29 23:00:00 348,160 ----a-w C:\WINDOWS\twain_32\escndv\es0080\esscncl.dll
+ 2007-03-07 23:00:00 40,960 ----a-w C:\WINDOWS\twain_32\escndv\es0080\estwm.exe
+ 2007-03-07 23:00:00 249,856 ----a-w C:\WINDOWS\twain_32\escndv\es0080\estwpmg.dll
+ 2007-03-29 23:00:00 1,028,096 ----a-w C:\WINDOWS\twain_32\escndv\es0080\esui.dll
+ 2007-03-07 23:00:00 126,976 ----a-w C:\WINDOWS\twain_32\escndv\es0080\esutwb.dll
+ 2007-03-29 23:00:00 73,728 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\epbmp.dll
+ 2007-03-07 23:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\epbmpres.dll
+ 2007-03-29 23:00:00 151,552 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\epjpg.dll
+ 2007-03-07 23:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\epjpgres.dll
+ 2007-03-29 23:00:00 98,304 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\epmtf.dll
+ 2007-03-07 23:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\epmtfres.dll
+ 2007-04-04 23:00:00 114,688 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\eppdf.dll
+ 2007-03-07 23:00:00 49,152 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\eppdfres.dll
+ 2007-03-29 23:00:00 86,016 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\eppij.dll
+ 2007-03-07 23:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\eppijres.dll
+ 2007-03-29 23:00:00 86,016 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\eppit.dll
+ 2007-03-07 23:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\eppitres.dll
+ 2007-03-29 23:00:00 102,400 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\eptif.dll
+ 2007-03-07 23:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\eptifres.dll
+ 2005-08-28 23:00:00 143,360 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\esexf.dll
+ 2005-08-28 23:00:00 98,304 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\espimtif.dll
+ 2007-03-07 23:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\local\epbmpres.dll
+ 2007-03-07 23:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\local\epjpgres.dll
+ 2007-03-07 23:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\local\epmtfres.dll
+ 2007-03-07 23:00:00 49,152 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\local\eppdfres.dll
+ 2007-03-07 23:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\local\eppijres.dll
+ 2007-03-07 23:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\local\eppitres.dll
+ 2007-03-07 23:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\local\eptifres.dll
+ 2007-03-19 23:00:00 520,192 ----a-w C:\WINDOWS\twain_32\escndv\es0080\ffmt\pdflib.dll
+ 2007-03-07 23:00:00 86,016 ----a-w C:\WINDOWS\twain_32\escndv\es0080\local\esmpsres.dll
+ 2007-03-07 23:00:00 151,552 ----a-w C:\WINDOWS\twain_32\escndv\es0080\local\esres.dll
+ 2007-02-08 23:00:00 176,128 ----a-w C:\WINDOWS\twain_32\escndv\escfg.exe
+ 2007-03-07 23:00:00 118,784 ----a-w C:\WINDOWS\twain_32\escndv\escndv.exe
+ 2007-03-07 23:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\escndvrs.dll
+ 2005-04-24 23:00:00 126,976 ----a-w C:\WINDOWS\twain_32\escndv\esnetbg.dll
+ 2007-03-07 23:00:00 40,960 ----a-w C:\WINDOWS\twain_32\escndv\estwm.exe
+ 2007-03-07 23:00:00 81,920 ----a-w C:\WINDOWS\twain_32\escndv\local\escfgres.dll
+ 2007-03-07 23:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\local\escndvrs.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Programme\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]
"RocketDock"="D:\Progiez\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"EPSON Stylus DX8400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.exe" [2007-04-12 07:00 182272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="D:\Progiez\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-31 20:49 249896]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"!AVG Anti-Spyware"="C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-12-11 21:23 6731312]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\
BOINC Manager.lnk - C:\Programme\BOINC\boincmgr.exe [2007-02-19 20:14:18]
Sinus 154 stick WLAN Manager.lnk - C:\Programme\DT\Sinus 154 stick\Wifiusb.exe [2005-10-24 13:12:06]

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Seppe^Startmenü^Programme^Autostart^Xfire.lnk]
path=C:\Dokumente und Einstellungen\Seppe\Startmenü\Programme\Autostart\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--a------ 2006-07-11 11:15 3144800 D:\Progiez\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 11:55 5674352 C:\Programme\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-12-09 15:47 1266936 d:\games\steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Irmon"=2 (0x2)
"gusvc"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"WMPNSCFG"=C:\Programme\Windows Media Player\WMPNSCFG.exe
"Microsoft Works Update Detection"=C:\Programme\Microsoft Works\WkDetect.exe
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" /background
"Octoshape Streaming Services"="C:\Programme\Octoshape Streaming Services\Seppe\OctoshapeClient.exe" -inv:bootrun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"QuickTime Task"="C:\Programme\QuickTime\QTTask.exe" -atboottime
"CTHelper"=CTHELPER.EXE
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"Microsoft Works Portfolio"=C:\Programme\Microsoft Works\WksSb.exe /AllUsers
"Microsoft Works Update Detection"=C:\Programme\Microsoft Works\WkDetect.exe
"WorksFUD"=C:\Programme\Microsoft Works\wkfud.exe
"CTxfiHlp"=CTXFIHLP.EXE
"VirtualCloneDrive"="C:\Programme\VirtualCloneDrive\VCDDaemon.exe" /s
"RemoteControl"=C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"Tarantula"=C:\Programme\Razer\Tarantula\razerhid.exe
"ISUSPM Startup"=C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
"SSBkgdUpdate"=C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
"DNS7reminder"="D:\Progiez\NaturallySpeaking\Program\ereg.exe" -r "D:\Progiez\NaturallySpeaking\Program\ereg.ini"

R0 m5288;m5288;C:\WINDOWS\system32\DRIVERS\m5288.sys [2005-12-23 21:54]
R0 ULiFilter;ULi PCIE Bridge Filter;C:\WINDOWS\system32\DRIVERS\ULiFiltr.sys [2005-12-08 08:20]
R0 ULipnp;ULi PnP Driver;C:\WINDOWS\system32\DRIVERS\ULipnp.sys [2005-12-30 10:20]
R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2004-08-04 13:00]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 08:36]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 19:36]
S1 amdtools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\amdtools.sys []
S2 voicetuner;Voice Tuner;D:\Progiez\Scramby\voicetunerserver.exe []
S3 DT T-Sinus 130data(R);DT T-Sinus 130data(R) Service for T-Sinus 130data;C:\WINDOWS\system32\DRIVERS\dtusbxp.sys [2002-09-23 11:17]
S3 scramby_out;Scramby Output;C:\WINDOWS\system32\drivers\scramby_out.sys [2007-08-08 08:31]
S3 SER120;OTI Serial port driver;C:\WINDOWS\system32\DRIVERS\SER120.sys [2004-12-08 17:24]
S3 TarFltr;Razer Tarantula USB Keyboard;C:\WINDOWS\system32\Drivers\UsbFltr.sys [2006-09-27 13:48]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{595A0DAB-575E-7639-6CA5-BFF8D4E3A197}]
C:\WINDOWS\system32\system32\svchost.exe s

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A203A538-AD1B-A830-CFEF-BB1C7E050698}]
C:\WINDOWS\dLlrun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CAC7B150-B41B-B8F0-F160-F2F006DD303D}]
C:\WINDOWS\system32\My_Server.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DBC86A62-C52C-C9FF-F280-A31E17DEBA4D}]
C:\WINDOWS\system32\My_Server.exe
.
Inhalt des "geplante Tasks" Ordners
"2008-01-14 13:02:31 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- D:\Progiez\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-10-08 12:30:51 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programme\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-14 20:15:59
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> D:\Progiez\RocketDock\RocketDock.dll
.
Zeit der Fertigstellung: 2008-01-14 20:16:38
ComboFix-quarantined-files.txt 2008-01-14 19:16:18
ComboFix2.txt 2007-12-27 10:38:51
ComboFix3.txt 2007-11-02 22:20:30
ComboFix4.txt 2007-11-02 00:46:35
.
2008-01-09 12:59:49 --- E O F ---

Gruß Seppe

#4 @Seppe
Schau mal unter Start -> Einstellungen -> Systemsteuerung -> Software
nach,welcher "Microsoft Net Framework" installiert ist
__________
MfG Argus

#5 Es ist installiert:

Microsoft .NET Framework 2.0 und
Microsoft .NET Framework 2.0 Language Pack - DEU

Hoffe das ist das, dass du gemeint hast

Danke und Gruß Seppe

#6 Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.

Zitat:
File::
C:\Dokumente und Einstellungen\Seppe\kkneag.exe
C:\Dokumente und Einstellungen\Seppe\kzgrtk.exe
C:\Dokumente und Einstellungen\Seppe\fnrcig.exe

und mit der rechten Maustaste auf das Symbol von Combofix ziehen


Combofix noch mal anwenden - tippe 1

poste das neue Log von Combofix
__________

#7 Download LKCleanMSG zum Desktop

Doppelklick LKCleanMSG
Doppelklick LiveKillCleanMessenger_setup
Waehle:English >> OK
Installieren
Klicke LiveKill (Bild)


Wenn etwas gefunden wird Entfernen(Delete)
Am Ende erscheint ein Log auf dein desktop “log.LiveKillCleanMessenger”
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
__________
MfG Argus

#8 Achso, vll ist das wichtig:

Es ist auch noch

Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Hotifx (KB928366)

#9 Ok das ist das Log von "liveKill"

Montag, 14. Januar 2008 20:30:57 build 1256

Microsoft Windows XP Home Edition(de-DE)
2047 Mo (RAM)
Last DataBase update : 1.624
C:\Programme\LiveKillCleanMessenger
NORMAL MODE

C:\Dokumente und Einstellungen\Seppe\Lokale Einstellungen\Temp\services.exe

#10 Ich starte den PC jetzt neu, bzw er wird ovn LiveKill neugestartet

#11 Microsoft .NET Framework 2.0 ist schon gut
__________
MfG Argus

#12 Sodelle^^PC ist restarted. Soll ich nun zur Kontrolle noch irgendwelche Logs posten?

Dickes Danke an dich/euch

Gruß Seppe

#13 Fuehre jetzt was Tonstudio angegeben hat aus
__________
MfG Argus

#14 Oh sry hatte ich überlesen...*sorry_zu_tonstudio_sag*

Hier ist das Combofix Log:

ComboFix 08-01-14.4 - Seppe 2008-01-14 20:51:01.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.1588 [GMT 1:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Seppe\Desktop\ComboFix.exe
Command switches used :: C:\Dokumente und Einstellungen\Seppe\Desktop\cfscript.txt
* Neuer Wiederherstellungspunkt wurde erstellt

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((( Dateien erstellt von 2007-12-14 bis 2008-01-14 ))))))))))))))))))))))))))))))
.

2008-01-14 20:30 . 2008-01-14 20:32 <DIR> d-------- C:\Programme\LiveKillCleanMessenger
2008-01-14 20:30 . 2008-01-14 20:30 <DIR> d-------- C:\Dokumente und Einstellungen\Seppe\Anwendungsdaten\Live-Prod
2008-01-14 20:12 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 15:20 . 2008-01-14 20:33 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-01-13 15:20 . 2008-01-14 20:33 1,080 --a------ C:\WINDOWS\system32\settings.sfm
2008-01-13 15:00 . 2008-01-13 15:00 72 --a------ C:\WINDOWS\sbwin.ini
2008-01-13 14:47 . 2008-01-14 20:33 64,756 --a------ C:\WINDOWS\system32\DVCState-{00000005-00000000-0000000C-00001102-00000005-00211102}.rfx
2008-01-13 14:47 . 2008-01-14 20:33 53,968 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000005-00000000-0000000C-00001102-00000005-00211102}.rfx
2008-01-13 14:47 . 2008-01-14 20:33 53,968 --a------ C:\WINDOWS\system32\BMXState-{00000005-00000000-0000000C-00001102-00000005-00211102}.rfx
2008-01-13 13:23 . 2008-01-13 13:24 132,104 --a------ C:\Dokumente und Einstellungen\Seppe\kkneag.exe
2008-01-13 13:21 . 2008-01-13 13:50 51,646 --a------ C:\Dokumente und Einstellungen\Seppe\kzgrtk.exe
2008-01-13 13:21 . 2008-01-13 13:21 44,590 --a------ C:\Dokumente und Einstellungen\Seppe\fnrcig.exe
2008-01-08 19:43 . 2008-01-10 19:22 <DIR> d-------- C:\WINDOWS\system32\Coca-Cola Zero Screensaver dir
2008-01-05 21:06 . 2007-12-17 13:53 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
2007-12-29 17:51 . 2007-12-30 12:06 <DIR> d-------- C:\RVAXO
2007-12-28 13:05 . 2007-12-29 00:34 579,934 --a------ C:\WINDOWS\system32\RVAXO.bat
2007-12-28 13:05 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
2007-12-27 20:11 . 2007-12-27 20:11 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
2007-12-27 20:09 . 2007-12-27 20:43 <DIR> d-------- C:\Programme\ABBYY FineReader 6.0 Sprint
2007-12-27 20:07 . 2007-12-27 20:07 <DIR> d-------- C:\Dokumente und Einstellungen\Seppe\Anwendungsdaten\InstallShield
2007-12-27 20:06 . 2007-12-27 20:06 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
2007-12-27 20:06 . 2006-12-08 03:04 76,800 --a------ C:\WINDOWS\system32\E_FLBCEE.DLL
2007-12-27 20:06 . 2006-04-19 03:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BCEE.DLL
2007-12-27 20:06 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-27 20:06 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-12-27 20:00 . 2007-04-18 00:00 67,072 --a------ C:\WINDOWS\system32\escwiad.dll
2007-12-27 20:00 . 2007-12-27 20:00 25 --a------ C:\WINDOWS\CDE DX8400DEFGIPS.ini
2007-12-27 11:05 . 2007-12-27 11:05 <DIR> d-------- C:\Programme\Trend Micro
2007-12-22 20:55 . 2007-12-22 20:55 <DIR> d-------- C:\Dokumente und Einstellungen\Seppe\Anwendungsdaten\TeamViewer
2007-12-22 20:54 . 2007-12-22 20:54 <DIR> d-------- C:\Dokumente und Einstellungen\Seppe\temp
2007-12-17 19:51 . 2007-12-17 19:51 <DIR> d--h----- C:\WINDOWS\Icons

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 19:53 --------- d-----w C:\Programme\BOINC
2008-01-13 14:15 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Creative
2008-01-13 13:40 81,920 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-01-13 13:40 233,472 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-01-12 12:29 --------- d-----w C:\Programme\Java
2008-01-11 21:00 --------- d-----w C:\Dokumente und Einstellungen\Seppe\Anwendungsdaten\Creative
2008-01-11 19:00 --------- d-----w C:\Dokumente und Einstellungen\Seppe\Anwendungsdaten\teamspeak2
2007-12-27 19:16 --------- d--h--w C:\Programme\InstallShield Installation Information
2007-12-27 19:10 --------- d-----w C:\Programme\EPSON
2007-12-27 09:51 --------- d-----w C:\Dokumente und Einstellungen\Seppe\Anwendungsdaten\Xfire
2007-12-23 10:39 --------- d-----w C:\Programme\MSN Messenger
2007-12-11 19:32 --------- d-----w C:\Dokumente und Einstellungen\Seppe\Anwendungsdaten\FreeStone Group
2007-12-11 17:32 --------- d-----w C:\Programme\DivX
2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-12-05 00:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-12-05 00:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-12-05 00:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-12-05 00:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-12-05 00:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-12-05 00:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-12-05 00:41 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-12-05 00:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-12-05 00:41 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-12-05 00:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-12-05 00:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-12-05 00:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-12-05 00:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-12-05 00:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-12-05 00:41 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-12-05 00:41 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-12-05 00:41 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-12-05 00:41 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-12-05 00:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-12-05 00:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-12-05 00:41 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-12-05 00:41 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-12-05 00:41 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-12-05 00:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-12-05 00:41 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-12-05 00:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-12-05 00:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-12-05 00:41 3,334,144 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-12-05 00:41 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-12-05 00:41 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-12-05 00:41 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-12-05 00:41 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-12-05 00:41 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-12-05 00:41 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll
2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-12-05 00:41 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2007-12-05 00:41 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll
2007-12-05 00:41 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
2007-12-05 00:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-12-05 00:41 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll
2007-12-05 00:41 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
2007-12-05 00:41 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
2007-12-05 00:41 2,519,040 ----a-w C:\WINDOWS\system32\nvwssr.dll
2007-12-05 00:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-12-05 00:41 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll
2007-12-05 00:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-12-05 00:41 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll
2007-12-05 00:41 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll
2007-12-05 00:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-12-05 00:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
.

((((((((((((((((((((((((((((( snapshot_2008-01-14_20.16.09,28 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-14 19:13:08 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-14 19:50:57 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-14 19:13:08 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-14 19:50:57 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-14 19:13:08 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-14 19:50:57 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-14 19:13:08 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-14 19:50:57 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-14 19:13:08 9,318,400 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-14 19:50:57 9,318,400 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-14 19:13:08 909,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-14 19:50:57 909,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Programme\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]
"RocketDock"="D:\Progiez\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
"EPSON Stylus DX8400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.exe" [2007-04-12 07:00 182272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="D:\Progiez\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-31 20:49 249896]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"!AVG Anti-Spyware"="C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-12-11 21:23 6731312]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\
BOINC Manager.lnk - C:\Programme\BOINC\boincmgr.exe [2007-02-19 20:14:18]
Sinus 154 stick WLAN Manager.lnk - C:\Programme\DT\Sinus 154 stick\Wifiusb.exe [2005-10-24 13:12:06]

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Seppe^Startmenü^Programme^Autostart^Xfire.lnk]
path=C:\Dokumente und Einstellungen\Seppe\Startmenü\Programme\Autostart\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--a------ 2006-07-11 11:15 3144800 D:\Progiez\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 11:55 5674352 C:\Programme\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-12-09 15:47 1266936 d:\games\steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Irmon"=2 (0x2)
"gusvc"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"WMPNSCFG"=C:\Programme\Windows Media Player\WMPNSCFG.exe
"Microsoft Works Update Detection"=C:\Programme\Microsoft Works\WkDetect.exe
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" /background
"Octoshape Streaming Services"="C:\Programme\Octoshape Streaming Services\Seppe\OctoshapeClient.exe" -inv:bootrun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"QuickTime Task"="C:\Programme\QuickTime\QTTask.exe" -atboottime
"CTHelper"=CTHELPER.EXE
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"Microsoft Works Portfolio"=C:\Programme\Microsoft Works\WksSb.exe /AllUsers
"Microsoft Works Update Detection"=C:\Programme\Microsoft Works\WkDetect.exe
"WorksFUD"=C:\Programme\Microsoft Works\wkfud.exe
"CTxfiHlp"=CTXFIHLP.EXE
"VirtualCloneDrive"="C:\Programme\VirtualCloneDrive\VCDDaemon.exe" /s
"RemoteControl"=C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"Tarantula"=C:\Programme\Razer\Tarantula\razerhid.exe
"ISUSPM Startup"=C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
"SSBkgdUpdate"=C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
"DNS7reminder"="D:\Progiez\NaturallySpeaking\Program\ereg.exe" -r "D:\Progiez\NaturallySpeaking\Program\ereg.ini"

R0 m5288;m5288;C:\WINDOWS\system32\DRIVERS\m5288.sys [2005-12-23 21:54]
R0 ULiFilter;ULi PCIE Bridge Filter;C:\WINDOWS\system32\DRIVERS\ULiFiltr.sys [2005-12-08 08:20]
R0 ULipnp;ULi PnP Driver;C:\WINDOWS\system32\DRIVERS\ULipnp.sys [2005-12-30 10:20]
R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2004-08-04 13:00]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 08:36]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 19:36]
S1 amdtools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\amdtools.sys []
S2 voicetuner;Voice Tuner;D:\Progiez\Scramby\voicetunerserver.exe []
S3 DT T-Sinus 130data(R);DT T-Sinus 130data(R) Service for T-Sinus 130data;C:\WINDOWS\system32\DRIVERS\dtusbxp.sys [2002-09-23 11:17]
S3 scramby_out;Scramby Output;C:\WINDOWS\system32\drivers\scramby_out.sys [2007-08-08 08:31]
S3 SER120;OTI Serial port driver;C:\WINDOWS\system32\DRIVERS\SER120.sys [2004-12-08 17:24]
S3 TarFltr;Razer Tarantula USB Keyboard;C:\WINDOWS\system32\Drivers\UsbFltr.sys [2006-09-27 13:48]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{595A0DAB-575E-7639-6CA5-BFF8D4E3A197}]
C:\WINDOWS\system32\system32\svchost.exe s

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A203A538-AD1B-A830-CFEF-BB1C7E050698}]
C:\WINDOWS\dLlrun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CAC7B150-B41B-B8F0-F160-F2F006DD303D}]
C:\WINDOWS\system32\My_Server.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DBC86A62-C52C-C9FF-F280-A31E17DEBA4D}]
C:\WINDOWS\system32\My_Server.exe
.
Inhalt des "geplante Tasks" Ordners
"2008-01-14 13:02:31 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- D:\Progiez\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-10-08 12:30:51 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programme\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-14 20:54:15
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> D:\Progiez\RocketDock\RocketDock.dll
.
Zeit der Fertigstellung: 2008-01-14 20:54:57
ComboFix-quarantined-files.txt 2008-01-14 19:54:37
ComboFix2.txt 2008-01-14 19:16:38
ComboFix3.txt 2007-12-27 10:38:51
ComboFix4.txt 2007-11-02 22:20:30
ComboFix5.txt 2007-11-02 00:46:35
.
2008-01-09 12:59:49 --- E O F ---


Gruß Seppe

#15 cfscript.txt

1.
Den folgenden blauen Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.

Folder::
C:\Dokumente und Einstellungen\Seppe\kkneag.exe
C:\Dokumente und Einstellungen\Seppe\kzgrtk.exe
C:\Dokumente und Einstellungen\Seppe\fnrcig.exe

2.
Sleppe diese Datei in ComboFix.exe(sehe Bild)
ComboFix wird jetzt starten und die Daten ausfuehren
Nach neustart des Rechners,poste das log von ComboFix


__________
MfG Argus