ComboFix 08-12-14.05 - Johannes 2008-12-16 15:46:53.2 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1031.18.2047.1132 [GMT 1:00] ausgeführt von:: c:\users\Johannes\Desktop\ComboFix.exe Benutzte Befehlsschalter :: c:\users\Johannes\Desktop\cfscript.txt * Neuer Wiederherstellungspunkt wurde erstellt FILE :: c:\windows\System32\dgmlurl1.ico c:\windows\System32\dgmlurl2.ico c:\windows\System32\promo.exe . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\System32\dgmlurl1.ico c:\windows\System32\dgmlurl2.ico c:\windows\System32\promo.exe . ((((((((((((((((((((((( Dateien erstellt von 2008-11-16 bis 2008-12-16 )))))))))))))))))))))))))))))) . 2008-12-15 21:17 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll 2008-12-15 16:58 . 2008-12-15 16:58 d-------- c:\users\Johannes\AppData\Roaming\Malwarebytes 2008-12-15 16:58 . 2008-12-15 16:58 d-------- c:\users\All Users\Malwarebytes 2008-12-15 16:58 . 2008-12-15 16:58 d-------- c:\programdata\Malwarebytes 2008-12-15 16:58 . 2008-12-15 16:58 d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-15 16:58 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2008-12-15 16:58 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2008-12-14 20:13 . 2008-12-14 20:13 d-------- c:\users\Johannes\AppData\Roaming\PC Tools 2008-12-14 20:13 . 2008-12-15 18:03 d-------- c:\program files\Spyware Doctor 2008-12-14 20:13 . 2008-08-25 12:36 81,288 --a------ c:\windows\System32\drivers\iksyssec.sys 2008-12-14 20:13 . 2008-08-25 12:36 66,952 --a------ c:\windows\System32\drivers\iksysflt.sys 2008-12-14 20:13 . 2008-08-25 12:36 40,840 --a------ c:\windows\System32\drivers\ikfilesec.sys 2008-12-14 20:13 . 2008-06-02 16:19 29,576 --a------ c:\windows\System32\drivers\kcom.sys 2008-12-10 21:42 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll 2008-12-10 21:42 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll 2008-12-10 21:42 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll 2008-12-07 19:41 . 2008-12-15 17:09 207,158,325 --a------ c:\windows\MEMORY.DMP 2008-12-05 18:21 . 2008-01-19 06:49 6,144 --a------ c:\windows\System32\drivers\beep.sys 2008-12-05 18:20 . 2008-12-05 18:20 d-------- c:\program files\Pegasus Media Software 2008-12-05 18:19 . 2008-12-05 18:19 d-------- C:\AigoVideo 2008-12-05 18:18 . 2008-12-14 20:09 d-------- c:\program files\Aigo Video to iPhone Converter 2008-11-27 20:20 . 2008-11-27 20:20 d-------- c:\program files\TuneUpMedia 2008-11-25 15:39 . 2008-12-02 21:05 d-------- c:\program files\HandBrake 2008-11-21 14:23 . 2008-11-21 14:24 d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-21 14:23 . 2008-11-21 14:24 d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-21 14:23 . 2008-11-21 14:23 d-------- c:\program files\iPod 2008-11-21 14:22 . 2008-11-21 14:22 d-------- c:\program files\QuickTime 2008-11-20 15:09 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll 2008-11-20 15:09 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll 2008-11-20 15:09 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll 2008-11-20 15:09 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll 2008-11-20 15:09 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe 2008-11-20 15:09 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll 2008-11-20 15:09 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll 2008-11-20 15:08 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll 2008-11-20 15:08 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe 2008-11-18 14:38 . 2008-12-15 21:32 d-------- c:\users\Johannes\AppData\Roaming\TuneUpMedia 2008-11-18 14:37 . 2008-11-27 20:20 d-------- c:\users\All Users\TuneUpMedia 2008-11-18 14:37 . 2008-11-27 20:20 d-------- c:\programdata\TuneUpMedia . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-16 14:55 --------- d---a-w c:\programdata\TEMP 2008-12-16 14:29 --------- d-----w c:\programdata\AntiVir PersonalEdition Classic 2008-12-15 20:24 --------- d-----w c:\programdata\Microsoft Help 2008-12-15 17:51 --------- d-----w c:\program files\Common Files\Adobe 2008-12-09 18:44 --------- d-s---w c:\program files\HLSW 2008-12-09 18:32 201,440 ----a-w c:\windows\System32\PnkBstrB.exe 2008-12-09 18:32 138,512 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2008-12-06 16:06 --------- d-----w c:\programdata\TrackMania 2008-11-21 13:24 --------- d-----w c:\program files\iTunes 2008-11-21 13:23 --------- d-----w c:\program files\Common Files\Apple 2008-11-04 16:39 --------- d-----w c:\program files\Wolfenstein - Enemy Territory 2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll 2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll 2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2008-11-01 00:18 --------- d-----w c:\program files\Opera 2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe 2008-10-27 17:31 --------- d-----w c:\users\Johannes\AppData\Roaming\ProtectDisc 2008-10-27 17:31 --------- d-----w c:\programdata\RTL Winter Sports 2009 2008-10-25 18:05 --------- d-----w c:\users\Johannes\AppData\Roaming\U3 2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll 2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe 2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe 2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys 2008-06-03 18:58 174 --sha-w c:\program files\desktop.ini 2008-04-03 17:57 3,954 ----a-w c:\users\Johannes\AppData\Roaming\SAS7_000.DAT 2008-02-01 20:28 22,328 ----a-w c:\users\Johannes\AppData\Roaming\PnkBstrK.sys 2007-09-22 14:59 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007092220070923\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-12-15_20.13.03.39 ))))))))))))))))))))))))))))))))))))))))) . - 2008-11-14 15:58:01 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2008-12-15 20:24:10 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe - 2008-11-14 15:58:02 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2008-12-15 20:24:10 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe - 2008-11-14 15:58:01 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe + 2008-12-15 20:24:10 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe - 2008-11-14 15:58:01 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe + 2008-12-15 20:24:10 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe - 2008-11-14 15:58:02 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe + 2008-12-15 20:24:10 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe - 2008-11-14 15:58:02 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe + 2008-12-15 20:24:10 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe - 2008-11-14 15:58:02 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe + 2008-12-15 20:24:10 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe - 2008-11-14 15:58:01 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe + 2008-12-15 20:24:10 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe - 2008-11-14 15:58:02 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe + 2008-12-15 20:24:10 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe - 2008-11-14 15:58:02 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe + 2008-12-15 20:24:10 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe - 2008-11-14 15:58:02 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe + 2008-12-15 20:24:10 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe - 2008-11-14 15:58:01 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe + 2008-12-15 20:24:10 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe - 2008-12-15 19:11:34 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-12-16 14:54:44 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-12-16 14:54:44 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-06-27 22:16:16 2,689,327 -c--a-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat + 2008-12-16 14:28:10 2,689,327 -c--a-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat - 2008-12-15 19:11:41 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-12-16 14:54:46 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-12-16 14:54:46 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2008-12-15 19:09:53 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-12-16 14:48:42 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-12-15 19:09:53 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-12-16 14:48:42 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-12-15 19:09:53 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-12-16 14:48:42 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-10-02 03:49:14 6,068,736 ----a-w c:\windows\System32\ieframe.dll + 2008-10-16 04:47:29 6,068,736 ----a-w c:\windows\System32\ieframe.dll - 2008-10-02 03:49:14 270,336 ----a-w c:\windows\System32\iertutil.dll + 2008-10-16 04:47:29 270,336 ----a-w c:\windows\System32\iertutil.dll - 2008-10-02 03:49:14 28,160 ----a-w c:\windows\System32\jsproxy.dll + 2008-10-16 04:47:30 28,160 ----a-w c:\windows\System32\jsproxy.dll - 2008-01-19 07:33:14 94,720 ----a-w c:\windows\System32\logagent.exe + 2008-06-23 01:58:43 94,720 ----a-w c:\windows\System32\logagent.exe - 2008-01-19 07:36:08 2,867,712 ----a-w c:\windows\System32\mf.dll + 2008-06-23 01:59:25 2,868,736 ----a-w c:\windows\System32\mf.dll - 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\System32\mrt.exe + 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\System32\mrt.exe - 2008-10-02 03:49:15 3,578,880 ----a-w c:\windows\System32\mshtml.dll + 2008-10-16 04:47:30 3,578,880 ----a-w c:\windows\System32\mshtml.dll - 2008-10-02 03:49:16 671,232 ----a-w c:\windows\System32\mstime.dll + 2008-10-16 04:47:32 671,232 ----a-w c:\windows\System32\mstime.dll - 2008-04-24 04:58:20 11,580,416 ----a-w c:\windows\System32\shell32.dll + 2008-11-06 13:14:25 11,580,928 ----a-w c:\windows\System32\shell32.dll - 2008-12-10 20:48:45 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT + 2008-12-15 20:34:47 6,815,744 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT - 2008-10-02 03:49:19 1,166,336 ----a-w c:\windows\System32\urlmon.dll + 2008-10-16 04:47:34 1,166,336 ----a-w c:\windows\System32\urlmon.dll - 2008-01-19 07:36:59 996,352 ----a-w c:\windows\System32\WMNetMgr.dll + 2008-06-23 01:59:26 996,352 ----a-w c:\windows\System32\WMNetMgr.dll - 2008-01-19 07:36:11 2,386,944 ----a-w c:\windows\System32\WMVCORE.DLL + 2008-06-23 01:59:25 2,386,944 ----a-w c:\windows\System32\WMVCORE.DLL - 2008-12-10 20:35:41 174,456,576 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin + 2008-12-15 20:19:06 174,910,184 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin + 2008-11-01 03:33:48 28,672 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.16772_none_7fd1ee2663d3b893\Apphlpdm.dll + 2008-11-01 03:24:17 28,672 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.20949_none_8082fea17cd2b312\Apphlpdm.dll + 2008-11-01 03:44:34 28,672 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.18165_none_81c5fd9660ef7998\Apphlpdm.dll + 2008-10-31 03:35:04 28,672 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.22299_none_82332bc57a21d291\Apphlpdm.dll + 2008-10-31 23:23:42 2,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16772_none_09f24c89f55cce48\AcRes.dll + 2008-10-31 23:23:36 2,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20949_none_0aa35d050e5bc8c7\AcRes.dll + 2008-10-31 01:05:22 2,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22299_none_0c538a290baae846\AcRes.dll + 2008-11-01 03:33:48 2,144,256 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16772_none_09f44d1df55b00f6\AcGenral.dll + 2008-11-01 03:24:15 2,144,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.20949_none_0aa55d990e59fb75\AcGenral.dll + 2008-11-01 03:44:34 2,154,496 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18165_none_0be85c8df276c1fb\AcGenral.dll + 2008-10-31 03:35:04 2,154,496 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22299_none_0c558abd0ba91af4\AcGenral.dll + 2008-11-01 03:33:48 449,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16772_none_09f54d67f55a1a4d\AcSpecfc.dll + 2008-11-01 03:24:15 450,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.20949_none_0aa65de30e5914cc\AcSpecfc.dll + 2008-11-01 03:44:34 460,288 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18165_none_0be95cd7f275db52\AcSpecfc.dll + 2008-10-31 03:35:04 460,288 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22299_none_0c568b070ba8344b\AcSpecfc.dll + 2008-11-01 03:33:48 537,600 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16772_none_09f64db1f55933a4\AcLayers.dll + 2008-11-01 03:33:48 173,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16772_none_09f64db1f55933a4\AcXtrnal.dll + 2008-11-01 03:24:15 537,600 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20949_none_0aa75e2d0e582e23\AcLayers.dll + 2008-11-01 03:24:15 173,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20949_none_0aa75e2d0e582e23\AcXtrnal.dll + 2008-11-01 03:44:34 541,696 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18165_none_0bea5d21f274f4a9\AcLayers.dll + 2008-11-01 03:44:34 173,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18165_none_0bea5d21f274f4a9\AcXtrnal.dll + 2008-10-31 03:35:04 541,696 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22299_none_0c578b510ba74da2\AcLayers.dll + 2008-10-31 03:35:04 173,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22299_none_0c578b510ba74da2\AcXtrnal.dll + 2008-10-16 04:40:33 124,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16764_none_a9a84a59f5d70728\advpack.dll + 2008-10-16 04:19:25 124,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20937_none_aa5559ad0ed99c4b\advpack.dll + 2008-10-29 06:20:29 2,923,520 ----a-w c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe + 2008-10-28 02:15:02 2,923,520 ----a-w c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe + 2008-10-29 06:29:41 2,927,104 ----a-w c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe + 2008-10-30 03:59:17 2,927,616 ----a-w c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe + 2008-11-01 03:33:49 1,687,040 ----a-w c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16772_none_3fd0636ec44d63f6\gameux.dll + 2008-10-31 23:38:08 4,247,552 ----a-w c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16772_none_3fd0636ec44d63f6\GameUXLegacyGDFs.dll + 2008-11-01 03:25:02 1,686,528 ----a-w c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20949_none_408173e9dd4c5e75\gameux.dll + 2008-10-31 23:38:11 4,247,552 ----a-w c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20949_none_408173e9dd4c5e75\GameUXLegacyGDFs.dll + 2008-11-01 01:21:40 4,240,384 ----a-w c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18165_none_41c472dec16924fb\GameUXLegacyGDFs.dll + 2008-10-31 03:35:06 1,696,256 ----a-w c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22299_none_4231a10dda9b7df4\gameux.dll + 2008-10-31 01:17:43 4,240,384 ----a-w c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22299_none_4231a10dda9b7df4\GameUXLegacyGDFs.dll + 2008-10-21 05:16:20 297,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6000.16766_none_575d8f704c563751\gdi32.dll + 2008-10-21 05:07:18 297,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6000.20940_none_57f6cc3d65690456\gdi32.dll + 2008-10-21 05:25:18 296,960 ----a-w c:\windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.18159_none_59519ee04971f856\gdi32.dll + 2008-10-21 05:21:43 297,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.22291_none_59a7f9ab62b73d2c\gdi32.dll + 2008-10-16 04:40:37 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16764_none_eba35409166fed27\pngfilt.dll + 2008-10-16 04:23:20 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20937_none_ec50635c2f72824a\pngfilt.dll + 2008-10-16 04:40:37 1,160,192 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16764_none_b2bffcbbd9d0648b\urlmon.dll + 2008-10-16 04:23:50 1,163,264 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20937_none_b36d0c0ef2d2f9ae\urlmon.dll + 2008-10-16 04:47:34 1,166,336 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18157_none_b4b40c2bd6ec2590\urlmon.dll + 2008-10-16 04:38:28 1,166,848 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22288_none_b51e397cf0213284\urlmon.dll + 2008-10-16 04:40:36 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16764_none_dea28b847f7923fa\mstime.dll + 2008-10-16 04:22:03 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20937_none_df4f9ad7987bb91d\mstime.dll + 2008-10-16 04:47:32 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18157_none_e0969af47c94e4ff\mstime.dll + 2008-10-16 04:38:25 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22288_none_e100c84595c9f1f3\mstime.dll + 2008-10-21 23:31:22 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.16767_none_13273c340c95d620\tzres.dll + 2008-10-22 03:43:38 18,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.16767_none_13273c340c95d620\tzupd.exe + 2008-10-21 23:30:56 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.20941_none_13c0790125a8a325\tzres.dll + 2008-10-22 01:13:26 18,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.20941_none_13c0790125a8a325\tzupd.exe + 2008-10-22 01:22:11 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18160_none_150678d409c2b5b0\tzres.dll + 2008-01-19 07:33:33 18,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18160_none_150678d409c2b5b0\tzupd.exe + 2008-10-22 01:04:22 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.22292_none_1571a66f22f6dbfb\tzres.dll + 2008-10-22 03:34:43 18,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.22292_none_1571a66f22f6dbfb\tzupd.exe + 2008-10-16 04:40:35 27,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16764_none_ffc5d85da4d98b1e\jsproxy.dll + 2008-10-16 04:40:37 826,368 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16764_none_ffc5d85da4d98b1e\wininet.dll + 2008-10-16 04:40:37 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16764_none_ffc5d85da4d98b1e\WininetPlugin.dll + 2008-10-16 04:20:49 27,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20937_none_0072e7b0bddc2041\jsproxy.dll + 2008-10-16 04:24:00 827,904 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20937_none_0072e7b0bddc2041\wininet.dll + 2008-10-16 04:24:00 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20937_none_0072e7b0bddc2041\WininetPlugin.dll + 2008-10-16 04:47:30 28,160 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18157_none_01b9e7cda1f54c23\jsproxy.dll + 2008-10-16 04:47:35 827,392 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18157_none_01b9e7cda1f54c23\wininet.dll + 2008-10-16 04:38:24 28,160 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22288_none_0224151ebb2a5917\jsproxy.dll + 2008-10-16 04:38:28 827,904 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22288_none_0224151ebb2a5917\wininet.dll + 2008-10-16 04:38:28 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22288_none_0224151ebb2a5917\WininetPlugin.dll + 2008-10-16 04:40:34 383,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16764_none_f96efb376ec50571\ieapfltr.dll + 2008-10-16 04:20:23 380,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20937_none_fa1c0a8a87c79a94\ieapfltr.dll + 2008-10-16 04:40:34 347,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16764_none_95a333ef84aa8b9f\dxtmsft.dll + 2008-10-16 04:40:34 214,528 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16764_none_95a333ef84aa8b9f\dxtrans.dll + 2008-10-16 04:20:03 347,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20937_none_965043429dad20c2\dxtmsft.dll + 2008-10-16 04:20:03 214,528 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20937_none_965043429dad20c2\dxtrans.dll + 2008-10-16 04:40:35 477,696 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16764_none_4605ce47466b3e2c\mshtmled.dll + 2008-10-16 04:21:41 477,696 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20937_none_46b2dd9a5f6dd34f\mshtmled.dll + 2008-10-16 04:40:35 3,593,216 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16764_none_111ff77c252ff454\mshtml.dll + 2008-10-16 04:21:40 3,595,264 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20937_none_11cd06cf3e328977\mshtml.dll + 2008-10-16 04:47:30 3,578,880 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18157_none_131406ec224bb559\mshtml.dll + 2008-10-16 04:38:25 3,579,392 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22288_none_137e343d3b80c24d\mshtml.dll + 2008-10-16 04:40:34 63,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16764_none_587864466744805d\icardie.dll + 2008-10-16 04:20:23 63,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20937_none_5925739980471580\icardie.dll + 2008-10-16 04:40:06 26,624 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16764_none_2d3ee4e91d04fa01\ieUnatt.exe + 2008-10-16 04:42:58 634,024 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16764_none_2d3ee4e91d04fa01\iexplore.exe + 2008-10-16 02:13:16 26,624 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20937_none_2debf43c36078f24\ieUnatt.exe + 2008-10-16 04:27:53 634,024 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20937_none_2debf43c36078f24\iexplore.exe + 2008-10-16 04:40:34 267,776 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16764_none_45808f398f8aa97b\iertutil.dll + 2008-10-16 04:40:37 134,144 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16764_none_45808f398f8aa97b\sqmapi.dll + 2008-10-16 04:20:24 267,776 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.20937_none_462d9e8ca88d3e9e\iertutil.dll + 2008-10-16 04:23:41 134,144 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.20937_none_462d9e8ca88d3e9e\sqmapi.dll + 2008-10-16 04:47:29 270,336 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18157_none_47749ea98ca66a80\iertutil.dll + 2008-10-16 04:38:24 270,848 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22288_none_47decbfaa5db7774\iertutil.dll + 2008-10-16 04:38:27 129,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22288_none_47decbfaa5db7774\sqmapi.dll + 2008-10-16 04:40:06 70,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16764_none_c3ad9a04617fc2a6\ie4uinit.exe + 2008-10-16 04:40:34 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16764_none_c3ad9a04617fc2a6\iernonce.dll + 2008-10-16 04:40:34 56,320 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16764_none_c3ad9a04617fc2a6\iesetup.dll + 2008-10-16 02:13:06 70,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20937_none_c45aa9577a8257c9\ie4uinit.exe + 2008-10-16 04:20:24 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20937_none_c45aa9577a8257c9\iernonce.dll + 2008-10-16 04:20:24 56,320 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20937_none_c45aa9577a8257c9\iesetup.dll + 2008-10-16 04:40:34 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16764_none_29d2b074682f9803\iebrshim.dll + 2008-11-01 03:33:49 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16772_none_29c5dff468398146\iebrshim.dll + 2008-10-16 04:20:23 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20937_none_2a7fbfc781322d26\iebrshim.dll + 2008-11-01 03:25:13 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20949_none_2a76f06f81387bc5\iebrshim.dll + 2008-11-01 03:44:36 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6001.18165_none_2bb9ef646555424b\iebrshim.dll + 2008-10-31 03:35:06 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6001.22299_none_2c271d937e879b44\iebrshim.dll + 2008-10-16 04:40:34 6,066,176 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16764_none_627f517fb1258281\ieframe.dll + 2008-10-16 04:40:34 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16764_none_627f517fb1258281\ieui.dll + 2008-10-16 04:20:24 6,068,224 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20937_none_632c60d2ca2817a4\ieframe.dll + 2008-10-16 04:20:24 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20937_none_632c60d2ca2817a4\ieui.dll + 2008-10-16 04:47:29 6,068,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18157_none_647360efae414386\ieframe.dll + 2008-10-16 04:38:24 6,069,760 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22288_none_64dd8e40c776507a\ieframe.dll + 2008-10-16 04:38:24 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22288_none_64dd8e40c776507a\ieui.dll + 2008-10-16 04:40:06 263,168 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16764_none_e678bdfe94a8d6b9\ieinstal.exe + 2008-10-16 02:13:30 263,168 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20937_none_e725cd51adab6bdc\ieinstal.exe + 2008-10-16 04:40:06 301,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16764_none_0b20f31ad723966b\ieuser.exe + 2008-10-16 02:13:32 301,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20937_none_0bce026df0262b8e\ieuser.exe + 2008-06-23 01:52:48 2,855,424 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16708_none_9a80f4cc0f93e171\mf.dll + 2008-06-22 22:34:28 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16708_none_9a80f4cc0f93e171\mferror.dll + 2008-06-23 01:52:18 24,576 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16708_none_9a80f4cc0f93e171\mfpmp.exe + 2008-06-23 01:52:48 98,816 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16708_none_9a80f4cc0f93e171\mfps.dll + 2008-06-23 01:52:29 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16708_none_9a80f4cc0f93e171\rrinstaller.exe + 2008-06-23 01:45:58 2,855,424 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.20864_none_9ac5b0e728e5c385\mf.dll + 2008-06-22 22:30:28 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.20864_none_9ac5b0e728e5c385\mferror.dll + 2008-06-22 23:56:54 24,576 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.20864_none_9ac5b0e728e5c385\mfpmp.exe + 2008-06-23 01:46:00 98,816 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.20864_none_9ac5b0e728e5c385\mfps.dll + 2008-06-22 23:56:20 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.20864_none_9ac5b0e728e5c385\rrinstaller.exe + 2008-06-23 01:59:25 2,868,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18096_none_9c03e1ac0d053e06\mf.dll + 2008-06-23 01:41:40 2,868,224 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22208_none_9cf0d03d25d8122c\mf.dll + 2008-06-23 00:00:57 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22208_none_9cf0d03d25d8122c\mferror.dll + 2008-06-23 00:01:07 24,576 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22208_none_9cf0d03d25d8122c\mfpmp.exe + 2008-06-23 01:39:32 98,816 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22208_none_9cf0d03d25d8122c\mfps.dll + 2008-06-23 00:00:33 53,248 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22208_none_9cf0d03d25d8122c\rrinstaller.exe + 2008-06-23 01:52:15 94,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_6.0.6000.16708_none_e96251c7c4db0f0d\logagent.exe + 2008-06-22 23:58:14 94,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_6.0.6000.20864_none_e9a70de2de2cf121\logagent.exe + 2008-06-23 01:58:43 94,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_6.0.6001.18096_none_eae53ea7c24c6ba2\logagent.exe + 2008-06-23 00:02:10 94,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_6.0.6001.22208_none_ebd22d38db1f3fc8\logagent.exe + 2008-06-23 01:52:51 996,352 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmnetmgr_31bf3856ad364e35_6.0.6000.16708_none_4567bba6c17416fd\WMNetMgr.dll + 2008-06-23 01:49:03 996,352 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmnetmgr_31bf3856ad364e35_6.0.6000.20864_none_45ac77c1dac5f911\WMNetMgr.dll + 2008-06-23 01:59:26 996,352 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmnetmgr_31bf3856ad364e35_6.0.6001.18096_none_46eaa886bee57392\WMNetMgr.dll + 2008-06-23 01:42:23 996,864 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmnetmgr_31bf3856ad364e35_6.0.6001.22208_none_47d79717d7b847b8\WMNetMgr.dll + 2008-06-23 01:52:51 2,433,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6000.16708_none_0554495dd8a9b82d\WMVCORE.DLL + 2008-06-23 01:49:11 2,436,096 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6000.20864_none_05990578f1fb9a41\WMVCORE.DLL + 2008-06-23 01:59:25 2,386,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6001.18096_none_06d7363dd61b14c2\WMVCORE.DLL + 2008-06-23 01:41:43 2,386,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6001.22208_none_07c424ceeeede8e8\WMVCORE.DLL + 2008-11-06 12:57:06 11,315,712 ----a-w c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16774_none_69fb3fd2150a82e8\shell32.dll + 2008-11-06 12:59:14 11,320,832 ----a-w c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.20951_none_6a977d7d2e1a9bf2\shell32.dll + 2008-11-06 13:14:25 11,580,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18167_none_6bef4f42122643ed\shell32.dll + 2008-11-06 12:59:27 11,582,976 ----a-w c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22303_none_6cb5cc532b16d3dc\shell32.dll . -- Snapshot auf jetziges Datum zurückgesetzt -- . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "Creative SB Monitoring Utility"="sbavmon.dll" [2007-05-08 c:\windows\System32\SBAVMon.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= divxa32.acm [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Johannes^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk] path=c:\users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-09-20 15:35 202024 c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-07-24 16:02 490952 c:\program files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher] --a------ 2007-02-12 02:24 109304 c:\program files\Roxio\Media Experience\DMXLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder] --a------ 2007-03-19 08:20 259624 c:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2006-12-10 21:52 49152 c:\programme\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] --a------ 2006-09-11 03:40 218032 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2008-03-28 20:42 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2007-09-20 09:51 1836328 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 15:57 153136 c:\program files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 12.0] --a------ 2007-03-28 19:41 2037352 c:\program files\Norton Ghost\Agent\VProTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2008-05-16 13:01 13535776 c:\windows\System32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2008-05-16 13:01 92704 c:\windows\System32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc] --a------ 2008-05-16 13:01 526880 c:\windows\System32\nvsvc.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray] --a------ 2007-01-16 11:50 225280 c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] --a------ 2008-01-19 08:33 1233920 c:\program files\Windows Sidebar\sidebar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] --a------ 2006-10-25 08:03 210472 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2008-01-19 08:38 1008184 c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --a------ 2008-01-19 08:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat] --a------ 2007-09-26 18:05 734264 c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative SB Monitoring Utility] --a------ 2007-05-08 09:32 89600 c:\windows\System32\SBAVMon.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Audio Engine] --a------ 2007-07-18 15:52 70144 c:\windows\System32\mmrtkrnl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter] --a------ 2008-01-19 08:36 2153472 c:\windows\System32\oobefldr.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List] "c:\\Program Files\\FlashFXP\\FlashFXP.exe"= c:\program files\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{30941BCE-8BAF-46E0-89BB-4BCDF679E478}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{297D44E2-2817-41B2-9A12-FE615130A7E4}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{426C872F-373D-4B05-9551-149F30F724E9}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{A687B8B8-577A-40E4-A296-D8EE153F5A49}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{01676CF4-5CB4-4004-90F8-0B25A6D0D2CF}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{9346932C-D7BD-483C-9FB6-F3BE089D38B3}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype "{C2525230-7190-4BAE-9722-E69C33A7AE21}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype "TCP Query User{E8A990C7-AEDF-44A3-A1F4-9F6362C321BE}c:\\program files\\bearshare\\bearshare.exe"= UDP:c:\program files\bearshare\bearshare.exe:BearShare "UDP Query User{828ABE3A-C554-4D3E-AABB-F24C991EB4CA}c:\\program files\\bearshare\\bearshare.exe"= TCP:c:\program files\bearshare\bearshare.exe:BearShare "TCP Query User{0E001D9A-80DA-43D7-906E-B4869F254E20}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{356E60FE-72A9-4D98-9424-39C0AF41EFD9}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{136C795A-D95C-4C2C-874E-0B9E2AE1E037}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser "UDP Query User{E19E3507-C5D4-4F7A-9AE6-2E2C319C9B59}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser "TCP Query User{E6A16769-B940-4AE9-8059-D12DA71D8ECE}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet "UDP Query User{EC6FD6AB-4F01-4C23-8F53-E002F9E0831E}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet "TCP Query User{1C48884A-196F-4F8F-BD5E-B1034B4B4C22}c:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:c:\program files\wolfenstein - enemy territory\et.exe:ET "UDP Query User{CA17D829-0A2F-47D7-B539-1150D14B3CD2}c:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:c:\program files\wolfenstein - enemy territory\et.exe:ET "TCP Query User{9ACD70BF-52AB-4D30-8F09-FEE0907F5BA5}c:\\program files\\hlsw\\hlsw.exe"= UDP:c:\program files\hlsw\hlsw.exe:HLSW "UDP Query User{9766F6D6-C3D3-46F3-8AED-269945335100}c:\\program files\\hlsw\\hlsw.exe"= TCP:c:\program files\hlsw\hlsw.exe:HLSW "TCP Query User{8009129A-7D3C-4C15-875A-76820DDFC1E4}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager "UDP Query User{A202CDB5-9163-4077-B8FF-A149E0490D60}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager "{B26DDBE2-674D-4399-B87F-15DEE83F5596}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{77BBA4BD-50D4-41B0-97E5-476943213A87}c:\\program files\\atari\\test drive unlimited\\testdriveunlimited.exe"= UDP:c:\program files\atari\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited "UDP Query User{A5B08F92-0679-4968-B38F-F0576BB5B8B4}c:\\program files\\atari\\test drive unlimited\\testdriveunlimited.exe"= TCP:c:\program files\atari\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited "TCP Query User{5426284B-4EDB-4D2D-A505-C1400F3A2F90}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath (BETA) "UDP Query User{95DCAEA4-78F4-4D09-8B0E-94521625EC77}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath (BETA) "TCP Query User{CF6B685F-5473-4D5A-ADE1-1968FD878990}c:\\program files\\microsoft games\\age of empires ii\\empires2.icd"= UDP:c:\program files\microsoft games\age of empires ii\empires2.icd:Age of Empires II "UDP Query User{7FAE9A17-EA78-4DC0-AFE9-FBA8021B8E97}c:\\program files\\microsoft games\\age of empires ii\\empires2.icd"= TCP:c:\program files\microsoft games\age of empires ii\empires2.icd:Age of Empires II "TCP Query User{A94636D1-661E-4265-B17A-5EA241910B9B}c:\\program files\\itunes\\itunes.exe"= UDP:c:\program files\itunes\itunes.exe:iTunes "UDP Query User{FBB9D361-F1E6-4BC5-9668-127F24D04FE9}c:\\program files\\itunes\\itunes.exe"= TCP:c:\program files\itunes\itunes.exe:iTunes "TCP Query User{5A7323C1-E7AA-410C-8525-925EA45D546A}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.exe"= UDP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe:Age of Empires II Expansion "UDP Query User{FF5825F4-A044-4417-9A3E-516BECC2A6DC}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.exe"= TCP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe:Age of Empires II Expansion "TCP Query User{0BAA9725-C780-4B1C-9BC3-20340155964B}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay-Helfer "UDP Query User{446D4089-3206-4D7B-B47D-B5F5C201F413}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay-Helfer "{6267C722-A53C-4E14-AF6F-B5F0B73D879F}"= UDP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade "{AC2CDD96-D0B8-4A8E-9A3D-4479F468C58F}"= TCP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade "TCP Query User{11485B19-4C26-4494-9239-2658B57E9BF9}c:\\program files\\ea games\\nightfire\\bond.exe"= UDP:c:\program files\ea games\nightfire\bond.exe:Bond "UDP Query User{C8ECDBB9-B2E8-4DE2-AB5C-52D5ACC8EA9F}c:\\program files\\ea games\\nightfire\\bond.exe"= TCP:c:\program files\ea games\nightfire\bond.exe:Bond "TCP Query User{1857E98B-5F79-4553-A87F-626113F9592F}c:\\program files\\rockstar games\\gta2\\gta2.exe"= UDP:c:\program files\rockstar games\gta2\gta2.exe:GTA2 main executable "UDP Query User{C3FE4357-EDDD-4B46-9760-763B739CDE9B}c:\\program files\\rockstar games\\gta2\\gta2.exe"= TCP:c:\program files\rockstar games\gta2\gta2.exe:GTA2 main executable "TCP Query User{ABF7B969-4959-4A0A-8EDA-31957974134D}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay-Helfer "UDP Query User{B8C8EE1A-9293-4F7A-BC38-B7DA4FCAC93B}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay-Helfer "TCP Query User{510ECCC2-3F88-49B2-BC7E-FB44F282A187}c:\\program files\\rockstar games\\gta2\\gta2.exe"= UDP:c:\program files\rockstar games\gta2\gta2.exe:GTA2 main executable "UDP Query User{6B674423-D2A7-4DE0-BECE-6292EA75DD81}c:\\program files\\rockstar games\\gta2\\gta2.exe"= TCP:c:\program files\rockstar games\gta2\gta2.exe:GTA2 main executable "TCP Query User{3CAEF56E-569E-433A-81E1-020744FB9403}c:\\program files\\signal\\signal.exe"= UDP:c:\program files\signal\signal.exe:Signal "UDP Query User{C5A50A2E-3569-42FA-B3A5-D2A3FC91F606}c:\\program files\\signal\\signal.exe"= TCP:c:\program files\signal\signal.exe:Signal "{7EB8D53C-F5CF-4BF4-AD6F-E673DC71620F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{1E6AE43A-98DA-45B6-A960-F3590A309B0D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{10070C50-EBC5-4B49-9AB8-C2C6DADFFE49}c:\\program files\\tightvnc\\winvnc.exe"= UDP:c:\program files\tightvnc\winvnc.exe:TightVNC Win32 Server "UDP Query User{067FD4CF-BF86-4B76-AC16-A5D331687D12}c:\\program files\\tightvnc\\winvnc.exe"= TCP:c:\program files\tightvnc\winvnc.exe:TightVNC Win32 Server "TCP Query User{72E0AD6C-B0E8-4478-BF01-86E0C0EACD28}c:\\program files\\tightvnc\\vncviewer.exe"= UDP:c:\program files\tightvnc\vncviewer.exe:vncviewer "UDP Query User{564393F7-3C3F-41A4-81B9-0E320ADE28D2}c:\\program files\\tightvnc\\vncviewer.exe"= TCP:c:\program files\tightvnc\vncviewer.exe:vncviewer "{47C105EC-DD05-4669-96A2-2854B66B449A}"= UDP:c:\program files\FreeCall.com\FreeCall\FreeCall.exe:FreeCall "{D00591BC-E57B-47B3-A7DA-F843B4FE3E2E}"= TCP:c:\program files\FreeCall.com\FreeCall\FreeCall.exe:FreeCall "TCP Query User{1FD69F92-99E2-4B2F-8334-DB96527B089D}c:\\program files\\opera\\memguard.exe"= UDP:c:\program files\opera\memguard.exe:memguard "UDP Query User{22A37D1C-56DD-4609-A749-6C417774EDF6}c:\\program files\\opera\\memguard.exe"= TCP:c:\program files\opera\memguard.exe:memguard "TCP Query User{781FC89F-0403-415B-85A8-56468CEBFDFB}c:\\users\\johannes\\desktop\\cryptload_1.0.4\\routerclient.exe"= UDP:c:\users\johannes\desktop\cryptload_1.0.4\routerclient.exe:routerclient.exe "UDP Query User{918128AC-0CE3-4876-B0B7-61DE3ECFB20F}c:\\users\\johannes\\desktop\\cryptload_1.0.4\\routerclient.exe"= TCP:c:\users\johannes\desktop\cryptload_1.0.4\routerclient.exe:routerclient.exe "TCP Query User{A6785A8C-CE27-4F0D-8107-25452CEFAF62}c:\\users\\johannes\\appdata\\local\\temp\\ir_ext_temp_0\\autoplay\\docs\\hacking\\remoteanything365\\master.exe"= UDP:c:\users\johannes\appdata\local\temp\ir_ext_temp_0\autoplay\docs\hacking\remoteanything365\master.exe:master.exe "UDP Query User{3D96F388-55CD-4692-B5E0-9517569E8825}c:\\users\\johannes\\appdata\\local\\temp\\ir_ext_temp_0\\autoplay\\docs\\hacking\\remoteanything365\\master.exe"= TCP:c:\users\johannes\appdata\local\temp\ir_ext_temp_0\autoplay\docs\hacking\remoteanything365\master.exe:master.exe "{C64B2325-2046-4C41-AF61-74E0ED1A4F47}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{36C78D37-F54F-4139-80D3-5493BB6309E2}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{D3324BBE-2CB9-41DB-9F44-265BB856DDEA}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{5C4D301B-2C05-41BE-9B52-3E87FB5B7D42}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "TCP Query User{1CAD7B2A-4932-420B-A595-8C6941F89DA6}c:\\program files\\e.w.e.-software\\befree4iphone\\befree4iphone.exe"= UDP:c:\program files\e.w.e.-software\befree4iphone\befree4iphone.exe:befree4iphone "UDP Query User{77553BB7-E49D-4AA9-8BC5-2298A7950A72}c:\\program files\\e.w.e.-software\\befree4iphone\\befree4iphone.exe"= TCP:c:\program files\e.w.e.-software\befree4iphone\befree4iphone.exe:befree4iphone "TCP Query User{9AA35598-D366-4C99-801C-06AD79109E37}c:\\program files\\ea sports\\fifa 08\\fifa08.exe"= UDP:c:\program files\ea sports\fifa 08\fifa08.exe:FIFA08 "UDP Query User{D7BC3ADA-24E0-4CEB-B921-F8B1C72E630C}c:\\program files\\ea sports\\fifa 08\\fifa08.exe"= TCP:c:\program files\ea sports\fifa 08\fifa08.exe:FIFA08 "TCP Query User{C766FF40-06E5-4D3A-920A-36A095BCF989}c:\\program files\\deusty\\mojo\\mojo.exe"= UDP:c:\program files\deusty\mojo\mojo.exe:Mojo "UDP Query User{F8D49EE1-3D7D-4955-96D2-5FD82E7A47FC}c:\\program files\\deusty\\mojo\\mojo.exe"= TCP:c:\program files\deusty\mojo\mojo.exe:Mojo "{46217524-8879-4DD8-90A2-1D6B241AC151}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{7B36F84E-1215-4CB1-97F0-B554EABFBF1A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{AD128A21-7EC3-46F2-B960-E754ECEA7583}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{7CDA0E77-4353-4306-9FEB-0BC2AA844273}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbChannelScan.exe:OrbChannelScan "{EE7DB5B6-6AB2-4058-9CF4-4A30319768FE}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbChannelScan.exe:OrbChannelScan "{10DA941A-35BB-46F6-A6C6-D2C5E74DACBB}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client "{B399F687-70A0-4F23-BB46-6FAD259C04C7}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client "{82B11468-FD39-4910-8E3D-C91E8D64F5FA}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR "{8DCC9F60-F936-43DA-BC19-A116BDB32FDD}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR "{CF591AC9-AEE5-43B3-959F-164AE6286D89}"= UDP:c:\program files\Orb Networks\Orb\bin\Orb.exe:Orb "{00348B07-724A-4DEC-BEF9-704F9895CAED}"= TCP:c:\program files\Orb Networks\Orb\bin\Orb.exe:Orb "{20243235-F1B4-4FDE-B498-5A8562E37E3B}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray "{D55C2207-83CE-4570-A411-B910F1629BD0}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray "{96550300-89D7-4313-BDBE-1FDC224EACBD}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{9D4C3B13-1588-4176-910B-33827A69CE63}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever "UDP Query User{2A3F5669-1CAA-4D5C-B16A-7BBFE76D97B5}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever "{6411A11B-F59A-408C-86C6-04D11628E996}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{AB6D7504-C804-4959-B984-46E907D5E23C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "TCP Query User{E6C0EFBD-0891-4097-9646-F20AD14CF942}c:\\users\\johannes\\temp\\teamviewer3\\teamviewer.exe"= UDP:c:\users\johannes\temp\teamviewer3\teamviewer.exe:teamviewer.exe "UDP Query User{9A68D3A0-5A8F-4AFF-A30F-2AC9E3F85E0A}c:\\users\\johannes\\temp\\teamviewer3\\teamviewer.exe"= TCP:c:\users\johannes\temp\teamviewer3\teamviewer.exe:teamviewer.exe "{B399B23B-D0B7-482C-8EC9-76D7325FEFA7}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{D1F59639-1C88-4EA3-87CC-9465EED88CD3}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\FlashFXP\\FlashFXP.exe"= c:\program files\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3 R2 ACEDRV09;ACEDRV09;\??\c:\windows\system32\drivers\ACEDRV09.sys [2008-01-13 110304] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-14 356920] R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2007-05-19 400896] S0 OemBiosDevice;Royalty OEM BIOS Extension;c:\windows\system32\DRIVERS\royal.sys [2007-07-05 240128] S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;"c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{597ae3fc-a298-11dd-8a1d-001731642551}] \shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] %SystemRoot%\system32\soundschemes.exe /AddRegistration . Inhalt des "geplante Tasks" Ordners 2008-11-28 c:\windows\Tasks\1-Klick-Wartung.job - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26 19:08] 2008-12-16 c:\windows\Tasks\User_Feed_Synchronization-{68F5F252-B701-4E74-914C-ACDF6256AA89}.job - c:\windows\system32\msfeedssync.exe [2008-01-19 08:33] . - - - - Entfernte verwaiste Registrierungseinträge - - - - MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_05\bin\jusched.exe ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-16 15:54:57 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'Explorer.exe'(3884) c:\windows\System32\mediametadatahandler.dll c:\program files\VistaCodecPack\filters\splitter.ax c:\program files\VistaCodecPack\filters\mkzlib.dll c:\program files\VistaCodecPack\filters\mkunicode.dll c:\program files\VistaCodecPack\filters\mkx.dll c:\program files\VistaCodecPack\filters\mp4.dll c:\program files\Common Files\Sonic Shared\SonicHDDemuxer.dll c:\program files\Common Files\Sonic Shared\SonicMC01\sonicMP4Demux.ax c:\program files\Common Files\Nero\DSFilter\NeVideo.ax c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll c:\program files\Common Files\Nero\DSFilter\NeResize.ax c:\program files\Common Files\Nero\DSFilter\NeVideoHD.ax c:\program files\WinSCP\DragExt.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\System32\nvvsvc.exe c:\windows\System32\audiodg.exe c:\windows\System32\rundll32.exe c:\program files\AntiVir PersonalEdition Classic\avguard.exe c:\windows\System32\conime.exe c:\program files\AntiVir PersonalEdition Classic\sched.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\program files\Norton Ghost\Agent\VProSvc.exe c:\windows\System32\rundll32.exe c:\windows\System32\PnkBstrA.exe c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe c:\program files\Spyware Doctor\pctsSvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Zeit der Fertigstellung: 2008-12-16 16:04:30 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2008-12-16 15:04:03 ComboFix2.txt 2008-12-15 19:17:11 Vor Suchlauf: 20 Verzeichnis(se), 44.495.253.504 Bytes frei Nach Suchlauf: 20 Verzeichnis(se), 44,237,422,592 Bytes frei 566 --- E O F --- 2008-12-16 14:37:58