System ALert popup, bei anclick Weiterleitung zu Spydawn

#1 Hallo,

habe ein blinkendes "System Alert"-icon in der toolbar, welches mich permanent auf "activeSpyware applications" mittels popups hinweist. Beim anklicken erfolgt Weiterleitung auf folgenden Link:
spydawn.com/?aff=344

Habe recherchiert und werde mit meinem Wissenstand dieses Problems nicht maechtig. Wie gehe ich also vor um dieses 'Uebel nebst Anhang' dauerhaft zu entfernen.

Bitte bei Anweisungen auch erlaeutern warum/wieso/weshalb damit ich nachhaltig davon lernen kann.

Vielen Dank MacTac


nachfolgend das Hijackthis-Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 1:52:06 PM, on 3/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Olaf\LOCALS~1\Temp\Rar$EX00.599\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dict.cc/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video Access ActiveX Object\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 01
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\tsyssmon.exe /detect
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Shortcut to ccApp.lnk = C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O15 - Trusted IP range: http://195.95.*.*
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173011785475
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - The Firebird Project - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#2 poste dieses log
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit

#3 Hallo Sabina,

siehe unten das gewuenschte log. habe sechs weitere logs (datfind.bat) als Anhang hinzugefuegt.

Ist's hilfreich auch das log vom Virenscan zu posten?

ciau MacTac


"Olaf" - 07-03-18 16:06:19 Service Pack 2
ComboFix 07-03-15.2 - Running from: "C:\My Downloads"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Screensavers.com\Wallpaper\Heidi Klum.jpg
C:\Program Files\Screensavers.com\Wallpaper\swpstart.exe
C:\Program Files\Screensavers.com\Wallpaper\Thumbs.db
C:\WINDOWS\system32\system\msxml4.dll
C:\WINDOWS\system32\system\msxml4r.dll
C:\Program Files\INSTALL.LOG
C:\Program Files\Screensavers.com
C:\Program Files\Screensavers.com\Wallpaper
C:\WINDOWS\system32\system


((((((((((((((((((((((((((((((( Files Created from 2007-02-18 to 2007-03-18 ))))))))))))))))))))))))))))))))))


2007-03-16 02:23 <DIR> d-------- C:\Program Files\SpyDawn
2007-03-16 01:57 <DIR> d-------- C:\DOCUME~1\Olaf\APPLIC~1\Azureus
2007-03-16 01:56 <DIR> d-------- C:\WINDOWS\Sun
2007-03-16 01:56 <DIR> d-------- C:\DOCUME~1\Olaf\APPLIC~1\Sun
2007-03-16 01:53 <DIR> d-------- C:\Program Files\Java
2007-03-16 01:52 <DIR> d-------- C:\Program Files\Common Files\Java
2007-03-15 16:49 <DIR> d-------- C:\DOCUME~1\Olaf\APPLIC~1\acccore
2007-03-15 16:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-03-15 16:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-03-15 16:40 <DIR> d-------- C:\Program Files\Common Files\AOL
2007-03-15 16:39 335 --a------ C:\WINDOWS\nsreg.dat
2007-03-15 16:39 <DIR> d-------- C:\Program Files\AIM6
2007-03-15 16:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-03-11 20:27 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-03-11 20:17 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-03-11 20:17 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-03-11 18:46 <DIR> d-------- C:\Program Files\BitTorrent
2007-03-11 18:28 <DIR> d-------- C:\Program Files\Common Files\Viewpoint
2007-03-09 00:47 <DIR> d-------- C:\Program Files\Azureus
2007-03-07 12:13 <DIR> d-------- C:\Program Files\PokerStars.NET
2007-03-06 22:58 1,099,264 --a------ C:\WINDOWS\system32\drivers\yacxg.sys
2007-03-06 22:56 <DIR> d-------- C:\Audio.temp
2007-03-06 22:54 <DIR> d-------- C:\Yamaha
2007-03-06 04:51 <DIR> d-------- C:\WINDOWS\Prefetch
2007-03-06 02:28 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2007-03-06 02:28 9,216 --------- C:\WINDOWS\system32\proxycfg.exe
2007-03-06 02:28 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2007-03-06 02:28 81,920 --------- C:\WINDOWS\system32\ieencode.dll
2007-03-06 02:28 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2007-03-06 02:28 755,200 --------- C:\WINDOWS\system32\ir50_32.dll
2007-03-06 02:28 71,680 --------- C:\WINDOWS\system32\blastcln.exe
2007-03-06 02:28 7,680 --------- C:\WINDOWS\system32\kbdsmsno.dll
2007-03-06 02:28 7,680 --------- C:\WINDOWS\system32\kbdsmsfi.dll
2007-03-06 02:28 7,168 --------- C:\WINDOWS\system32\kbdukx.dll
2007-03-06 02:28 7,168 --------- C:\WINDOWS\system32\kbdno1.dll
2007-03-06 02:28 7,168 --------- C:\WINDOWS\system32\kbdfi1.dll
2007-03-06 02:28 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-03-06 02:28 67,584 --------- C:\WINDOWS\system32\drivers\sdbus.sys
2007-03-06 02:28 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-03-06 02:28 60,416 --------- C:\WINDOWS\system32\fwcfg.dll
2007-03-06 02:28 6,656 --------- C:\WINDOWS\system32\kbdinmal.dll
2007-03-06 02:28 6,656 --------- C:\WINDOWS\system32\kbdinben.dll
2007-03-06 02:28 6,144 --------- C:\WINDOWS\system32\kbdmlt48.dll
2007-03-06 02:28 6,144 --------- C:\WINDOWS\system32\kbdmlt47.dll
2007-03-06 02:28 6,144 --------- C:\WINDOWS\system32\kbdinbe1.dll
2007-03-06 02:28 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
2007-03-06 02:28 59,392 --------- C:\WINDOWS\system32\logman.exe
2007-03-06 02:28 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-03-06 02:28 516,768 --------- C:\WINDOWS\system32\ativvaxx.dll
2007-03-06 02:28 50,688 --------- C:\WINDOWS\system32\btpanui.dll
2007-03-06 02:28 5,632 --------- C:\WINDOWS\system32\kbdmaori.dll
2007-03-06 02:28 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys
2007-03-06 02:28 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2007-03-06 02:28 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys
2007-03-06 02:28 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys
2007-03-06 02:28 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys
2007-03-06 02:28 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys
2007-03-06 02:28 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys
2007-03-06 02:28 41,088 --------- C:\WINDOWS\system32\drivers\sisagp.sys
2007-03-06 02:28 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2007-03-06 02:28 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-03-06 02:28 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
2007-03-06 02:28 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-03-06 02:28 36,096 --------- C:\WINDOWS\system32\drivers\intelppm.sys
2007-03-06 02:28 35,456 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2007-03-06 02:28 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-03-06 02:28 32,768 --------- C:\WINDOWS\system32\ativtmxx.dll
2007-03-06 02:28 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll
2007-03-06 02:28 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
2007-03-06 02:28 30,208 --------- C:\WINDOWS\system32\bthserv.dll
2007-03-06 02:28 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-03-06 02:28 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-03-06 02:28 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll
2007-03-06 02:28 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-03-06 02:28 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-03-06 02:28 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-03-06 02:28 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-03-06 02:28 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-03-06 02:28 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-03-06 02:28 274,304 --------- C:\WINDOWS\system32\drivers\bthport.sys
2007-03-06 02:28 263,040 --------- C:\WINDOWS\system32\drivers\http.sys
2007-03-06 02:28 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2007-03-06 02:28 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2007-03-06 02:28 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2007-03-06 02:28 25,471 --------- C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-03-06 02:28 24,576 --------- C:\WINDOWS\system32\httpapi.dll
2007-03-06 02:28 229,376 --------- C:\WINDOWS\system32\ati2cqag.dll
2007-03-06 02:28 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2007-03-06 02:28 22,528 --------- C:\WINDOWS\system32\fltmc.exe
2007-03-06 02:28 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2007-03-06 02:28 21,343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-03-06 02:28 21,183 --------- C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-03-06 02:28 200,192 --------- C:\WINDOWS\system32\ir50_qc.dll
2007-03-06 02:28 20,992 --------- C:\WINDOWS\system32\bthci.dll
2007-03-06 02:28 193,024 --------- C:\WINDOWS\system32\fsquirt.exe
2007-03-06 02:28 183,808 --------- C:\WINDOWS\system32\ir50_qcx.dll
2007-03-06 02:28 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2007-03-06 02:28 18,944 --------- C:\WINDOWS\system32\drivers\bthusb.sys
2007-03-06 02:28 17,279 --------- C:\WINDOWS\system32\drivers\atv10nt5.dll
2007-03-06 02:28 17,024 --------- C:\WINDOWS\system32\drivers\bthenum.sys
2007-03-06 02:28 166,912 --------- C:\WINDOWS\system32\drivers\s3gnbm.sys
2007-03-06 02:28 16,896 --------- C:\WINDOWS\system32\fltlib.dll
2007-03-06 02:28 15,488 --------- C:\WINDOWS\system32\drivers\mssmbios.sys
2007-03-06 02:28 15,423 --------- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2007-03-06 02:28 14,336 --------- C:\WINDOWS\system32\auditusr.exe
2007-03-06 02:28 14,143 --------- C:\WINDOWS\system32\drivers\atv06nt5.dll
2007-03-06 02:28 13,824 --------- C:\WINDOWS\system32\cmsetacl.dll
2007-03-06 02:28 13,776 --------- C:\WINDOWS\system32\drivers\recagent.sys
2007-03-06 02:28 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2007-03-06 02:28 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2007-03-06 02:28 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2007-03-06 02:28 124,800 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2007-03-06 02:28 12,672 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2007-03-06 02:28 12,047 --------- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2007-03-06 02:28 118,784 --------- C:\WINDOWS\system32\msdadiag.dll
2007-03-06 02:28 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
2007-03-06 02:28 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2007-03-06 02:28 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-03-06 02:28 11,807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys
2007-03-06 02:28 11,615 --------- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2007-03-06 02:28 11,359 --------- C:\WINDOWS\system32\drivers\atv02nt5.dll
2007-03-06 02:28 11,325 --------- C:\WINDOWS\system32\drivers\vchnt5.dll
2007-03-06 02:28 11,295 --------- C:\WINDOWS\system32\drivers\wadv08nt.sys
2007-03-06 02:28 11,136 --------- C:\WINDOWS\system32\drivers\sffdisk.sys
2007-03-06 02:28 100,992 --------- C:\WINDOWS\system32\drivers\bthpan.sys
2007-03-06 02:28 10,240 --------- C:\WINDOWS\system32\drivers\sffp_sd.sys
2007-03-06 02:28 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2007-03-06 02:28 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2007-03-06 02:28 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2007-03-06 02:28 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2007-03-06 02:27 81,408 --------- C:\WINDOWS\system32\wscsvc.dll
2007-03-06 02:27 8,192 --------- C:\WINDOWS\system32\smbinst.exe
2007-03-06 02:27 75,776 --------- C:\WINDOWS\system32\strmfilt.dll
2007-03-06 02:27 73,832 --------- C:\WINDOWS\system32\slcoinst.dll
2007-03-06 02:27 73,796 --------- C:\WINDOWS\system32\slserv.exe
2007-03-06 02:27 50,176 --------- C:\WINDOWS\system32\xmlprovi.dll
2007-03-06 02:27 49,152 --------- C:\WINDOWS\system32\powercfg.exe
2007-03-06 02:27 44,032 --------- C:\WINDOWS\system32\twext.dll
2007-03-06 02:27 397,056 --------- C:\WINDOWS\system32\s3gnb.dll
2007-03-06 02:27 32,866 --------- C:\WINDOWS\system32\slrundll.exe
2007-03-06 02:27 32,866 --------- C:\WINDOWS\slrundll.exe
2007-03-06 02:27 29,184 --------- C:\WINDOWS\system32\sdhcinst.dll
2007-03-06 02:27 286,792 --------- C:\WINDOWS\system32\slextspk.dll
2007-03-06 02:27 188,508 --------- C:\WINDOWS\system32\slgen.dll
2007-03-06 02:27 17,408 --------- C:\WINDOWS\system32\winshfhc.dll
2007-03-06 02:27 15,872 --------- C:\WINDOWS\system32\w3ssl.dll
2007-03-06 02:27 13,824 --------- C:\WINDOWS\system32\wscntfy.exe
2007-03-06 02:27 129,536 --------- C:\WINDOWS\system32\xmlprov.dll
2007-03-06 02:27 108,032 --------- C:\WINDOWS\system32\wshbth.dll
2007-03-06 02:27 <DIR> d-------- C:\WINDOWS\provisioning
2007-03-05 22:11 51,712 --a------ C:\WINDOWS\system32\wzcsapi.dll
2007-03-05 22:11 378,368 --a------ C:\WINDOWS\system32\wzcdlg.dll
2007-03-05 22:11 359,936 --a------ C:\WINDOWS\system32\wzcsvc.dll
2007-03-05 22:11 1,708,032 --a------ C:\WINDOWS\system32\netshell.dll
2007-03-05 22:10 <DIR> d-------- C:\WINDOWS\PeerNet
2007-03-05 20:06 72,704 --a------ C:\WINDOWS\system32\magnify.exe
2007-03-05 20:06 60,416 --a------ C:\WINDOWS\system32\cryptsvc.dll
2007-03-05 20:06 53,760 --a------ C:\WINDOWS\system32\narrator.exe
2007-03-05 20:06 248,832 --a------ C:\WINDOWS\system32\newdev.dll
2007-03-05 20:06 215,552 --a------ C:\WINDOWS\system32\osk.exe
2007-03-05 20:06 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-03-05 20:05 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-03-05 20:05 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-03-05 20:05 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-03-04 20:26 57,407 --a------ C:\WINDOWS\system32\ANICtl.dll
2007-03-04 20:26 49,152 --a------ C:\WINDOWS\system32\AQCKGen.dll
2007-03-04 20:26 372,736 --a------ C:\WINDOWS\system32\ANIWZCS2.dll
2007-03-04 20:26 233,472 --a------ C:\WINDOWS\system32\wlanapi.dll
2007-03-04 20:26 208,896 --a------ C:\WINDOWS\system32\aIPH.dll
2007-03-04 20:26 143,360 --a------ C:\WINDOWS\system32\WlanApp.dll
2007-03-04 20:26 1,323,095 --a------ C:\WINDOWS\system32\odSupp_M.dll
2007-03-04 20:25 36,864 --a------ C:\WINDOWS\system32\ANIOApi.dll
2007-03-04 20:25 28,205 --a------ C:\WINDOWS\system32\ANIO.sys
2007-03-04 20:25 11,904 --a------ C:\WINDOWS\system32\anio4.sys
2007-03-04 20:25 <DIR> d-------- C:\Program Files\D-Link
2007-03-04 20:25 <DIR> d-------- C:\Program Files\ANI
2007-03-04 20:03 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-03-04 18:24 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2007-03-04 17:44 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-03-04 17:44 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-03-04 14:52 92,672 --a------ C:\WINDOWS\system32\wlnotify.dll
2007-03-04 14:52 91,648 --a------ C:\WINDOWS\system32\xactsrv.dll
2007-03-04 14:52 77,824 --a------ C:\WINDOWS\system32\wmpstub.exe
2007-03-04 14:52 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-03-04 14:52 53,760 --a------ C:\WINDOWS\system32\winsta.dll
2007-03-04 14:52 51,200 --a------ C:\WINDOWS\system32\wmerrenu.dll
2007-03-04 14:52 446,464 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2007-03-04 14:52 42,496 --a------ C:\WINDOWS\system32\wsnmp32.dll
2007-03-04 14:52 311,327 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2007-03-04 14:52 303,616 --a------ C:\WINDOWS\system32\wmstream.dll
2007-03-04 14:52 283,648 --a------ C:\WINDOWS\winhlp32.exe
2007-03-04 14:52 18,432 --a------ C:\WINDOWS\system32\wtsapi32.dll
2007-03-04 14:52 176,128 --a------ C:\WINDOWS\system32\winmm.dll
2007-03-04 14:52 172,032 --a------ C:\WINDOWS\system32\wldap32.dll
2007-03-04 14:52 115,200 --a------ C:\WINDOWS\system32\wmsdmoe.dll
2007-03-04 14:51 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-03-04 14:51 92,168 --a------ C:\WINDOWS\system32\rdpdd.dll
2007-03-04 14:51 90,624 --a------ C:\WINDOWS\system32\trkwks.dll
2007-03-04 14:51 9,216 --a------ C:\WINDOWS\system32\scrnsave.scr
2007-03-04 14:51 89,600 --a------ C:\WINDOWS\system32\smlogsvc.exe
2007-03-04 14:51 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-03-04 14:51 77,312 --a------ C:\WINDOWS\system32\sdbinst.exe
2007-03-04 14:51 77,312 --a------ C:\WINDOWS\system32\rtcshare.exe
2007-03-04 14:51 75,776 --a------ C:\WINDOWS\system32\telnet.exe
2007-03-04 14:51 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-03-04 14:51 74,752 --a------ C:\WINDOWS\system32\spoolss.dll
2007-03-04 14:51 71,680 --a------ C:\WINDOWS\system32\ssdpsrv.dll
2007-03-04 14:51 704,512 --a------ C:\WINDOWS\system32\ss3dfo.scr
2007-03-04 14:51 70,144 --a------ C:\WINDOWS\system32\sigverif.exe
2007-03-04 14:51 69,632 --a------ C:\WINDOWS\system32\raschap.dll
2007-03-04 14:51 68,096 --a------ C:\WINDOWS\system32\shgina.dll
2007-03-04 14:51 679,936 --a------ C:\WINDOWS\system32\sstext3d.scr
2007-03-04 14:51 67,584 --a------ C:\WINDOWS\system32\sti.dll
2007-03-04 14:51 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-03-04 14:51 65,536 --a------ C:\WINDOWS\system32\wextract.exe
2007-03-04 14:51 65,536 --a------ C:\WINDOWS\system32\shimeng.dll
2007-03-04 14:51 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-03-04 14:51 610,304 --a------ C:\WINDOWS\system32\sspipes.scr
2007-03-04 14:51 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-03-04 14:51 6,656 --a------ C:\WINDOWS\system32\sensapi.dll
2007-03-04 14:51 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys
2007-03-04 14:51 55,808 --a------ C:\WINDOWS\system32\secur32.dll
2007-03-04 14:51 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-03-04 14:51 51,712 --a------ C:\WINDOWS\system32\vdmredir.dll
2007-03-04 14:51 50,176 --a------ C:\WINDOWS\system32\utilman.exe
2007-03-04 14:51 50,176 --a------ C:\WINDOWS\system32\reg.exe
2007-03-04 14:51 49,664 --a------ C:\WINDOWS\system32\regapi.dll
2007-03-04 14:51 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-03-04 14:51 438,272 --a------ C:\WINDOWS\system32\shimgvw.dll
2007-03-04 14:51 430,592 --a------ C:\WINDOWS\system32\vssapi.dll
2007-03-04 14:51 42,496 --a------ C:\WINDOWS\system32\shmgrate.exe
2007-03-04 14:51 417,792 --a------ C:\WINDOWS\system32\vbscript.dll
2007-03-04 14:51 406,528 --a------ C:\WINDOWS\system32\usp10.dll
2007-03-04 14:51 393,216 --a------ C:\WINDOWS\system32\ssflwbox.scr
2007-03-04 14:51 385,536 --a------ C:\WINDOWS\system32\themeui.dll
2007-03-04 14:51 38,912 --a------ C:\WINDOWS\system32\sens.dll
2007-03-04 14:51 363,008 --a------ C:\WINDOWS\system32\smlogcfg.dll
2007-03-04 14:51 35,840 --a------ C:\WINDOWS\system32\umandlg.dll
2007-03-04 14:51 35,840 --a------ C:\WINDOWS\system32\rcimlby.exe
2007-03-04 14:51 34,816 --a------ C:\WINDOWS\system32\ssdpapi.dll
2007-03-04 14:51 313,856 --a------ C:\WINDOWS\system32\scesrv.dll
2007-03-04 14:51 3,338 --a------ C:\WINDOWS\system32\redir.exe
2007-03-04 14:51 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-03-04 14:51 26,112 --a------ C:\WINDOWS\system32\skeys.exe
2007-03-04 14:51 25,600 --a------ C:\WINDOWS\system32\udhisapi.dll
2007-03-04 14:51 25,088 --a------ C:\WINDOWS\system32\slayerxp.dll
2007-03-04 14:51 25,088 --a------ C:\WINDOWS\system32\shfolder.dll
2007-03-04 14:51 246,302 --a------ C:\WINDOWS\system32\strmdll.dll
2007-03-04 14:51 239,616 --a------ C:\WINDOWS\system32\upnpui.dll
2007-03-04 14:51 23,040 --a------ C:\WINDOWS\system32\setup.exe
2007-03-04 14:51 218,624 --a------ C:\WINDOWS\system32\uxtheme.dll
2007-03-04 14:51 206,336 --a------ C:\WINDOWS\system32\rasppp.dll
2007-03-04 14:51 20,992 --a------ C:\WINDOWS\system32\ssmarque.scr
2007-03-04 14:51 19,968 --a------ C:\WINDOWS\system32\ssbezier.scr
2007-03-04 14:51 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-03-04 14:51 185,344 --a------ C:\WINDOWS\system32\upnphost.dll
2007-03-04 14:51 181,760 --a------ C:\WINDOWS\system32\tapi32.dll
2007-03-04 14:51 180,224 --a------ C:\WINDOWS\system32\scecli.dll
2007-03-04 14:51 18,944 --a------ C:\WINDOWS\system32\ssmyst.scr
2007-03-04 14:51 18,944 --a------ C:\WINDOWS\system32\snmpapi.dll
2007-03-04 14:51 18,432 --a------ C:\WINDOWS\system32\ups.exe
2007-03-04 14:51 174,592 --a------ C:\WINDOWS\system32\w32time.dll
2007-03-04 14:51 171,008 --a------ C:\WINDOWS\system32\sccsccp.dll
2007-03-04 14:51 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-03-04 14:51 17,664 --a------ C:\WINDOWS\system32\watchdog.sys
2007-03-04 14:51 169,984 --a------ C:\WINDOWS\system32\sccbase.dll
2007-03-04 14:51 16,896 --a------ C:\WINDOWS\system32\rassapi.dll
2007-03-04 14:51 152,576 --a------ C:\WINDOWS\system32\rsaenh.dll
2007-03-04 14:51 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-03-04 14:51 146,432 --a------ C:\WINDOWS\regedit.exe
2007-03-04 14:51 140,288 --a------ C:\WINDOWS\system32\sfc_os.dll
2007-03-04 14:51 14,336 --a------ C:\WINDOWS\system32\ssstars.scr
2007-03-04 14:51 14,336 --a------ C:\WINDOWS\system32\runonce.exe
2007-03-04 14:51 136,704 --a------ C:\WINDOWS\system32\sti_ci.dll
2007-03-04 14:51 135,680 --a------ C:\WINDOWS\system32\webvw.dll
2007-03-04 14:51 135,680 --a------ C:\WINDOWS\system32\taskmgr.exe
2007-03-04 14:51 132,608 --a------ C:\WINDOWS\system32\upnp.dll
2007-03-04 14:51 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-03-04 14:51 13,312 --a------ C:\WINDOWS\system32\sigtab.dll
2007-03-04 14:51 124,416 --a------ C:\WINDOWS\system32\wiadss.dll
2007-03-04 14:51 121,856 --a------ C:\WINDOWS\system32\stobject.dll
2007-03-04 14:51 12,288 --a------ C:\WINDOWS\system32\tracert.exe
2007-03-04 14:51 112,128 --a------ C:\WINDOWS\system32\rastls.dll
2007-03-04 14:51 1,580,544 --a------ C:\WINDOWS\system32\sfcfiles.dll
2007-03-04 14:51 1,435,648 --a------ C:\WINDOWS\system32\query.dll
2007-03-04 14:50 96,768 --a------ C:\WINDOWS\system32\psbase.dll
2007-03-04 14:50 937,984 --------- C:\WINDOWS\system32\winbrand.dll
2007-03-04 14:50 875,008 --a------ C:\WINDOWS\system32\netplwiz.dll
2007-03-04 14:50 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2007-03-04 14:50 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2007-03-04 14:50 713,728 --a------ C:\WINDOWS\system32\opengl32.dll
2007-03-04 14:50 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-03-04 14:50 69,632 --a------ C:\WINDOWS\system32\odbcconf.exe
2007-03-04 14:50 65,536 --a------ C:\WINDOWS\system32\odbccu32.dll
2007-03-04 14:50 65,536 --a------ C:\WINDOWS\system32\odbccr32.dll
2007-03-04 14:50 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-03-04 14:50 622,080 --a------ C:\WINDOWS\system32\netcfgx.dll
2007-03-04 14:50 62,976 --a------ C:\WINDOWS\system32\pautoenr.dll
2007-03-04 14:50 58,368 --a------ C:\WINDOWS\system32\packager.exe
2007-03-04 14:50 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-03-04 14:50 54,784 --a------ C:\WINDOWS\system32\npptools.dll
2007-03-04 14:50 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2007-03-04 14:50 435,200 --a------ C:\WINDOWS\system32\ntmssvc.dll
2007-03-04 14:50 43,520 --a------ C:\WINDOWS\system32\ntlanman.dll
2007-03-04 14:50 42,496 --a------ C:\WINDOWS\system32\net.exe
2007-03-04 14:50 407,040 --a------ C:\WINDOWS\system32\netlogon.dll
2007-03-04 14:50 40,960 --a------ C:\WINDOWS\system32\ntmsapi.dll
2007-03-04 14:50 4,096 --------- C:\WINDOWS\system32\dsprpres.dll
2007-03-04 14:50 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2007-03-04 14:50 329,728 --a------ C:\WINDOWS\system32\netsetup.exe
2007-03-04 14:50 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-03-04 14:50 32,768 --a------ C:\WINDOWS\system32\odbcad32.exe
2007-03-04 14:50 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-03-04 14:50 283,648 --a------ C:\WINDOWS\system32\pdh.dll
2007-03-04 14:50 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-03-04 14:50 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-03-04 14:50 26,624 --------- C:\WINDOWS\system32\drivers\usbehci.sys
2007-03-04 14:50 23,040 --a------ C:\WINDOWS\system32\psapi.dll
2007-03-04 14:50 201,728 --------- C:\WINDOWS\system32\ati2dvag.dll
2007-03-04 14:50 20,992 --------- C:\WINDOWS\system32\faxpatch.exe
2007-03-04 14:50 187,392 --------- C:\WINDOWS\system32\xpsp1res.dll
2007-03-04 14:50 179,712 --a------ C:\WINDOWS\system32\ntmsdba.dll
2007-03-04 14:50 17,920 --a------ C:\WINDOWS\system32\ping.exe
2007-03-04 14:50 16,384 --a------ C:\WINDOWS\system32\odbc32gt.dll
2007-03-04 14:50 159,232 --------- C:\WINDOWS\system32\sbeio.dll
2007-03-04 14:50 15,104 --------- C:\WINDOWS\system32\drivers\hidir.sys
2007-03-04 14:50 147,456 --a------ C:\WINDOWS\system32\odbctrac.dll
2007-03-04 14:50 143,872 --a------ C:\WINDOWS\system32\ntshrui.dll
2007-03-04 14:50 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2007-03-04 14:50 135,168 --a------ C:\WINDOWS\system32\odbcconf.dll
2007-03-04 14:50 134,656 --------- C:\WINDOWS\system32\mssap.dll
2007-03-04 14:50 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2007-03-04 14:50 13,824 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-03-04 14:50 13,568 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2007-03-04 14:50 124,928 --a------ C:\WINDOWS\system32\net1.exe
2007-03-04 14:50 120,832 --a------ C:\WINDOWS\system32\offfilt.dll
2007-03-04 14:50 12,672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2007-03-04 14:50 12,288 --a------ C:\WINDOWS\system32\odbcp32r.dll
2007-03-04 14:50 118,784 --a------ C:\WINDOWS\system32\ntmarta.dll
2007-03-04 14:50 107,008 --a------ C:\WINDOWS\system32\oleprn.dll
2007-03-04 14:50 104,960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-03-04 14:50 103,936 --a------ C:\WINDOWS\system32\nlhtml.dll
2007-03-04 14:50 1,677,312 --------- C:\WINDOWS\system32\wmvcore2.dll
2007-03-04 14:50 1,057,760 --------- C:\WINDOWS\system32\ati3d2ag.dll
2007-03-04 14:49 78,848 --a------ C:\WINDOWS\system32\msiexec.exe
2007-03-04 14:49 701,440 --a------ C:\WINDOWS\system32\msxml2.dll
2007-03-04 14:49 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-03-04 14:49 69,120 --a------ C:\WINDOWS\system32\msctfp.dll
2007-03-04 14:49 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-03-04 14:49 56,832 --a------ C:\WINDOWS\system32\mshtmler.dll
2007-03-04 14:49 413,696 --a------ C:\WINDOWS\system32\msvcp60.dll
2007-03-04 14:49 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-03-04 14:49 4,608 --a------ C:\WINDOWS\system32\msimg32.dll
2007-03-04 14:49 4,126 --a------ C:\WINDOWS\system32\msdxmlc.dll
2007-03-04 14:49 368,710 --a------ C:\WINDOWS\system32\msisam11.dll
2007-03-04 14:49 36,352 --a------ C:\WINDOWS\system32\ncobjapi.dll
2007-03-04 14:49 343,040 --a------ C:\WINDOWS\system32\msvcrt.dll
2007-03-04 14:49 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-03-04 14:49 294,400 --a------ C:\WINDOWS\system32\msctf.dll
2007-03-04 14:49 290,816 --a------ C:\WINDOWS\system32\msnsspc.dll
2007-03-04 14:49 271,360 --a------ C:\WINDOWS\system32\msihnd.dll
2007-03-04 14:49 25,088 --a------ C:\WINDOWS\system32\mslbui.dll
2007-03-04 14:49 248,832 --a------ C:\WINDOWS\system32\msieftp.dll
2007-03-04 14:49 241,725 --a------ C:\WINDOWS\system32\msuni11.dll
2007-03-04 14:49 2,890,240 --a------ C:\WINDOWS\system32\msi.dll
2007-03-04 14:49 195,072 --a------ C:\WINDOWS\system32\msutb.dll
2007-03-04 14:49 159,232 --a------ C:\WINDOWS\system32\msimtf.dll
2007-03-04 14:49 143,360 --a------ C:\WINDOWS\system32\msorcl32.dll
2007-03-04 14:49 120,832 --a------ C:\WINDOWS\system32\msvfw32.dll
2007-03-04 14:49 12,288 --a------ C:\WINDOWS\system32\mscpx32r.dll
2007-03-04 14:49 11,264 --a------ C:\WINDOWS\system32\msrle32.dll
2007-03-04 14:48 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-03-04 14:48 514,560 --a------ C:\WINDOWS\system32\logonui.exe
2007-03-04 14:48 4,096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2007-03-04 14:48 399,872 --a------ C:\WINDOWS\system32\lmrt.dll
2007-03-04 14:48 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-03-04 14:48 220,672 --a------ C:\WINDOWS\system32\logon.scr
2007-03-04 14:48 22,016 --a------ C:\WINDOWS\system32\licmgr10.dll
2007-03-04 14:48 216,064 --a------ C:\WINDOWS\system32\moricons.dll
2007-03-04 14:48 207,360 --a------ C:\WINDOWS\system32\mobsync.dll
2007-03-04 14:48 163,840 --a------ C:\WINDOWS\system32\mindex.dll
2007-03-04 14:48 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-03-04 14:48 11,776 --a------ C:\WINDOWS\system32\localui.dll
2007-03-04 14:48 1,192,960 --a------ C:\WINDOWS\system32\mmcndmgr.dll
2007-03-04 14:47 97,280 --a------ C:\WINDOWS\system32\dpcdll.dll
2007-03-04 14:47 9,344 --a------ C:\WINDOWS\system32\framebuf.dll
2007-03-04 14:47 82,432 --a------ C:\WINDOWS\system32\dfrgfat.exe
2007-03-04 14:47 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-03-04 14:47 80,384 --a------ C:\WINDOWS\system32\faultrep.dll
2007-03-04 14:47 8,704 --a------ C:\WINDOWS\system32\fxsperf.dll
2007-03-04 14:47 7,424 --a------ C:\WINDOWS\system32\kd1394.dll
2007-03-04 14:47 68,608 --a------ C:\WINDOWS\system32\digest.dll
2007-03-04 14:47 678,400 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-03-04 14:47 62,976 --a------ C:\WINDOWS\system32\iesetup.dll
2007-03-04 14:47 6,656 --a------ C:\WINDOWS\system32\fxsres.dll
2007-03-04 14:47 562,176 --a------ C:\WINDOWS\system32\fxsst.dll
2007-03-04 14:47 55,808 --a------ C:\WINDOWS\system32\ipconfig.exe
2007-03-04 14:47 55,808 --a------ C:\WINDOWS\system32\eventlog.dll
2007-03-04 14:47 54,272 --a------ C:\WINDOWS\system32\ixsso.dll
2007-03-04 14:47 498,205 --a------ C:\WINDOWS\system32\dxmasf.dll
2007-03-04 14:47 48,128 --a------ C:\WINDOWS\system32\docprop2.dll
2007-03-04 14:47 452,096 --a------ C:\WINDOWS\system32\fxsapi.dll
2007-03-04 14:47 42,537 --a------ C:\WINDOWS\system32\keyboard.sys
2007-03-04 14:47 400,384 --a------ C:\WINDOWS\system32\fxsxp32.dll
2007-03-04 14:47 397,312 --a------ C:\WINDOWS\system32\fxstiff.dll
2007-03-04 14:47 38,912 --a------ C:\WINDOWS\system32\dfrgsnap.dll
2007-03-04 14:47 36,921 --a------ C:\WINDOWS\system32\imeshare.dll
2007-03-04 14:47 35,840 --a------ C:\WINDOWS\system32\imgutil.dll
2007-03-04 14:47 344,064 --a------ C:\WINDOWS\system32\hnetcfg.dll
2007-03-04 14:47 330,752 --a------ C:\WINDOWS\system32\ippromon.dll
2007-03-04 14:47 304,128 --a------ C:\WINDOWS\system32\duser.dll
2007-03-04 14:47 285,184 --a------ C:\WINDOWS\system32\fxscomex.dll
2007-03-04 14:47 282,624 --a------ C:\WINDOWS\system32\devmgr.dll
2007-03-04 14:47 28,672 --a------ C:\WINDOWS\system32\dfsshlex.dll
2007-03-04 14:47 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2007-03-04 14:47 27,136 --a------ C:\WINDOWS\system32\fxsdrv.dll
2007-03-04 14:47 267,776 --a------ C:\WINDOWS\system32\fxssvc.exe
2007-03-04 14:47 254,976 --a------ C:\WINDOWS\system32\icm32.dll
2007-03-04 14:47 25,088 --a------ C:\WINDOWS\system32\defrag.exe
2007-03-04 14:47 246,272 --a------ C:\WINDOWS\system32\fxst30.dll
2007-03-04 14:47 24,064 --a------ C:\WINDOWS\system32\pidgen.dll
2007-03-04 14:47 239,104 --a------ C:\WINDOWS\system32\dsquery.dll
2007-03-04 14:47 23,552 --a------ C:\WINDOWS\system32\fxsext32.dll
2007-03-04 14:47 23,040 --a------ C:\WINDOWS\system32\ersvc.dll
2007-03-04 14:47 229,376 --a------ C:\WINDOWS\system32\fxscover.exe
2007-03-04 14:47 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-03-04 14:47 20,992 --a------ C:\WINDOWS\system32\fontview.exe
2007-03-04 14:47 193,024 --a------ C:\WINDOWS\system32\eudcedit.exe
2007-03-04 14:47 192,512 --a------ C:\WINDOWS\system32\fxswzrd.dll
2007-03-04 14:47 183,296 --a------ C:\WINDOWS\system32\els.dll
2007-03-04 14:47 181,760 --a------ C:\WINDOWS\system32\dinput8.dll
2007-03-04 14:47 180,224 --a------ C:\WINDOWS\system32\dwwin.exe
2007-03-04 14:47 16,384 --a------ C:\WINDOWS\system32\ds32gt.dll
2007-03-04 14:47 159,232 --a------ C:\WINDOWS\system32\dinput.dll
2007-03-04 14:47 154,112 --a------ C:\WINDOWS\system32\fxsui.dll
2007-03-04 14:47 150,016 --a------ C:\WINDOWS\system32\imapi.exe
2007-03-04 14:47 143,360 --a------ C:\WINDOWS\system32\fxsclnt.exe
2007-03-04 14:47 142,336 --a------ C:\WINDOWS\system32\dsprop.dll
2007-03-04 14:47 137,216 --a------ C:\WINDOWS\system32\dssenh.dll
2007-03-04 14:47 123,904 --a------ C:\WINDOWS\system32\dfrgui.dll
2007-03-04 14:47 123,392 --a------ C:\WINDOWS\system32\input.dll
2007-03-04 14:47 120,832 --a------ C:\WINDOWS\system32\idq.dll
2007-03-04 14:47 111,104 --a------ C:\WINDOWS\system32\dgnet.dll
2007-03-04 14:47 110,080 --a------ C:\WINDOWS\system32\imm32.dll
2007-03-04 14:47 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-03-04 14:47 10,752 --a------ C:\WINDOWS\system32\dumprep.exe
2007-03-04 14:47 1,032,192 --a------ C:\WINDOWS\explorer.exe
2007-03-04 14:46 98,304 --a------ C:\WINDOWS\system32\ahui.exe
2007-03-04 14:46 84,992 --a------ C:\WINDOWS\system32\avifil32.dll
2007-03-04 14:46 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-03-04 14:46 78,336 --a------ C:\WINDOWS\system32\browsewm.dll
2007-03-04 14:46 77,312 --a------ C:\WINDOWS\system32\browser.dll
2007-03-04 14:46 74,752 --a------ C:\WINDOWS\system32\cryptdlg.dll
2007-03-04 14:46 69,120 --a------ C:\WINDOWS\system32\ciodm.dll
2007-03-04 14:46 68,096 --a------ C:\WINDOWS\system32\adsmsext.dll
2007-03-04 14:46 640,000 --a------ C:\WINDOWS\system32\dbghelp.dll
2007-03-04 14:46 63,488 --a------ C:\WINDOWS\system32\browselc.dll
2007-03-04 14:46 59,904 --a------ C:\WINDOWS\system32\cabinet.dll
2007-03-04 14:46 58,880 --a------ C:\WINDOWS\system32\atl.dll
2007-03-04 14:46 57,856 --a------ C:\WINDOWS\system32\clusapi.dll
2007-03-04 14:46 47,104 --a------ C:\WINDOWS\system32\cmdl32.exe
2007-03-04 14:46 44,544 --a------ C:\WINDOWS\system32\alg.exe
2007-03-04 14:46 42,496 --a------ C:\WINDOWS\system32\audiosrv.dll
2007-03-04 14:46 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-03-04 14:46 37,376 --------- C:\WINDOWS\system32\drivers\amdk7.sys
2007-03-04 14:46 343,040 --a------ C:\WINDOWS\system32\cmdial32.dll
2007-03-04 14:46 326,656 --a------ C:\WINDOWS\system32\cscui.dll
2007-03-04 14:46 28,672 --a------ C:\WINDOWS\system32\dbnmpntw.dll
2007-03-04 14:46 27,648 --a------ C:\WINDOWS\system32\conime.exe
2007-03-04 14:46 263,680 --a------ C:\WINDOWS\system32\adsnt.dll
2007-03-04 14:46 252,928 --a------ C:\WINDOWS\system32\compatui.dll
2007-03-04 14:46 25,088 --a------ C:\WINDOWS\system32\at.exe
2007-03-04 14:46 24,576 --a------ C:\WINDOWS\system32\dbmsvinn.dll
2007-03-04 14:46 24,576 --a------ C:\WINDOWS\system32\dbmsrpcn.dll
2007-03-04 14:46 20,480 --a------ C:\WINDOWS\system32\dbmsadsn.dll
2007-03-04 14:46 194,560 --a------ C:\WINDOWS\system32\certcli.dll
2007-03-04 14:46 175,616 --a------ C:\WINDOWS\system32\adsldp.dll
2007-03-04 14:46 163,840 --a------ C:\WINDOWS\system32\credui.dll
2007-03-04 14:46 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2007-03-04 14:46 143,360 --a------ C:\WINDOWS\system32\adsldpc.dll
2007-03-04 14:46 126,976 --a------ C:\WINDOWS\system32\apphelp.dll
2007-03-04 14:46 11,264 --a------ C:\WINDOWS\system32\autolfn.exe
2007-03-04 14:46 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-03-04 14:46 1,788 --a------ C:\WINDOWS\system32\dcache.bin
2007-03-03 23:16 144,896 --a------ C:\WINDOWS\system32\schannel.dll
2007-03-03 23:13 137,216 --a------ C:\WINDOWS\system32\itss.dll
2007-03-03 21:59 332,928 --a------ C:\WINDOWS\system32\drivers\srv.sys
2007-03-03 21:45 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-03-03 21:45 <DIR> d-------- C:\WINDOWS\ehome
2007-03-03 21:33 994,304 --a------ C:\WINDOWS\system32\msgina.dll
2007-03-03 21:33 984,576 --a------ C:\WINDOWS\system32\syssetup.dll
2007-03-03 21:33 983,552 --a------ C:\WINDOWS\system32\setupapi.dll
2007-03-03 21:33 96,256 --a------ C:\WINDOWS\system32\drivers\scsiport.sys
2007-03-03 21:33 95,360 --a------ C:\WINDOWS\system32\drivers\atapi.sys
2007-03-03 21:33 91,776 --a------ C:\WINDOWS\system32\drivers\ndiswan.sys
2007-03-03 21:33 91,136 --a------ C:\WINDOWS\system32\ntprint.dll
2007-03-03 21:33 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-03-03 21:33 80,128 --a------ C:\WINDOWS\system32\drivers\parport.sys
2007-03-03 21:33 79,744 --a------ C:\WINDOWS\system32\drivers\videoprt.sys
2007-03-03 21:33 74,752 --a------ C:\WINDOWS\system32\drivers\ipsec.sys
2007-03-03 21:33 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-03-03 21:33 723,456 --a------ C:\WINDOWS\system32\userenv.dll
2007-03-03 21:33 721,920 --a------ C:\WINDOWS\system32\lsasrv.dll
2007-03-03 21:33 71,552 --a------ C:\WINDOWS\system32\drivers\bridge.sys
2007-03-03 21:33 71,040 --a------ C:\WINDOWS\system32\drivers\dxg.sys
2007-03-03 21:33 708,096 --a------ C:\WINDOWS\system32\ntdll.dll
2007-03-03 21:33 69,120 --a------ C:\WINDOWS\system32\drivers\psched.sys
2007-03-03 21:33 68,224 --a------ C:\WINDOWS\system32\drivers\pci.sys
2007-03-03 21:33 66,176 --a------ C:\WINDOWS\system32\drivers\udfs.sys
2007-03-03 21:33 657,920 --a------ C:\WINDOWS\system32\rasdlg.dll
2007-03-03 21:33 64,896 --a------ C:\WINDOWS\system32\drivers\serial.sys
2007-03-03 21:33 64,000 --a------ C:\WINDOWS\system32\samlib.dll
2007-03-03 21:33 63,744 --a------ C:\WINDOWS\system32\drivers\cdfs.sys
2007-03-03 21:33 617,472 --a------ C:\WINDOWS\system32\comctl32.dll
2007-03-03 21:33 616,960 --a------ C:\WINDOWS\system32\advapi32.dll
2007-03-03 21:33 61,824 --a------ C:\WINDOWS\system32\drivers\nic1394.sys
2007-03-03 21:33 61,440 --a------ C:\WINDOWS\system32\rasman.dll
2007-03-03 21:33 61,056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2007-03-03 21:33 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-03-03 21:33 60,800 --a------ C:\WINDOWS\system32\drivers\arp1394.sys
2007-03-03 21:33 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-03-03 21:33 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-03-03 21:33 588,800 --a------ C:\WINDOWS\system32\autochk.exe
2007-03-03 21:33 58,880 --a------ C:\WINDOWS\system32\rastapi.dll
2007-03-03 21:33 577,024 --a------ C:\WINDOWS\system32\user32.dll
2007-03-03 21:33 574,592 --a------ C:\WINDOWS\system32\drivers\ntfs.sys
2007-03-03 21:33 57,600 --a------ C:\WINDOWS\system32\drivers\usbhub.sys
2007-03-03 21:33 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-03-03 21:33 560,640 --a------ C:\WINDOWS\system32\printui.dll
2007-03-03 21:33 553,472 --------- C:\WINDOWS\system32\oleaut32.dll
2007-03-03 21:33 55,936 --a------ C:\WINDOWS\system32\drivers\atmlane.sys
2007-03-03 21:33 53,248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys
2007-03-03 21:33 52,736 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2007-03-03 21:33 52,736 --a------ C:\WINDOWS\system32\basesrv.dll
2007-03-03 21:33 51,328 --a------ C:\WINDOWS\system32\drivers\rasl2tp.sys
2007-03-03 21:33 502,272 --a------ C:\WINDOWS\system32\winlogon.exe
2007-03-03 21:33 50,688 --a------ C:\WINDOWS\system32\smss.exe
2007-03-03 21:33 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2007-03-03 21:33 49,664 --a------ C:\WINDOWS\system32\drivers\classpnp.sys
2007-03-03 21:33 49,536 --a------ C:\WINDOWS\system32\drivers\cdrom.sys
2007-03-03 21:33 48,384 --a------ C:\WINDOWS\system32\drivers\raspptp.sys
2007-03-03 21:33 453,120 --a------ C:\WINDOWS\system32\drivers\mrxsmb.sys
2007-03-03 21:33 42,496 --a------ C:\WINDOWS\system32\ftp.exe
2007-03-03 21:33 42,496 --a------ C:\WINDOWS\system32\drivers\p3.sys
2007-03-03 21:33 419,840 --a------ C:\WINDOWS\system32\ntvdm.exe
2007-03-03 21:33 41,856 --a------ C:\WINDOWS\system32\drivers\imapi.sys
2007-03-03 21:33 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-03-03 21:33 40,320 --a------ C:\WINDOWS\system32\drivers\nmnt.sys
2007-03-03 21:33 39,936 --a------ C:\WINDOWS\system32\rshx32.dll
2007-03-03 21:33 36,992 --a------ C:\WINDOWS\system32\drivers\amdk6.sys
2007-03-03 21:33 36,480 --a------ C:\WINDOWS\system32\drivers\crusoe.sys
2007-03-03 21:33 36,352 --a------ C:\WINDOWS\system32\drivers\disk.sys
2007-03-03 21:33 36,224 --a------ C:\WINDOWS\system32\drivers\hidclass.sys
2007-03-03 21:33 359,808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2007-03-03 21:33 35,328 --a------ C:\WINDOWS\system32\drivers\processr.sys
2007-03-03 21:33 341,504 --a------ C:\WINDOWS\system32\localspl.dll
2007-03-03 21:33 34,560 --a------ C:\WINDOWS\system32\drivers\netbios.sys
2007-03-03 21:33 32,768 --a------ C:\WINDOWS\system32\csrsrv.dll
2007-03-03 21:33 316,416 --a------ C:\WINDOWS\system32\untfs.dll
2007-03-03 21:33 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-03-03 21:33 291,840 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-03 21:33 280,064 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-03 21:33 276,992 --a------ C:\WINDOWS\system32\comdlg32.dll
2007-03-03 21:33 27,440 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-03-03 21:33 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-03-03 21:33 25,472 --a------ C:\WINDOWS\system32\drivers\sonydcam.sys
2007-03-03 21:33 25,088 --a------ C:\WINDOWS\system32\drivers\pciidex.sys
2007-03-03 21:33 24,576 --a------ C:\WINDOWS\system32\userinit.exe
2007-03-03 21:33 24,576 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2007-03-03 21:33 236,544 --a------ C:\WINDOWS\system32\rasapi32.dll
2007-03-03 21:33 23,040 --a------ C:\WINDOWS\system32\drivers\mouclass.sys
2007-03-03 21:33 225,664 --a------ C:\WINDOWS\system32\drivers\tcpip6.sys
2007-03-03 21:33 20,992 --a------ C:\WINDOWS\system32\drivers\vga.sys
2007-03-03 21:33 20,480 --a------ C:\WINDOWS\system32\drivers\usbuhci.sys
2007-03-03 21:33 20,480 --a------ C:\WINDOWS\system32\drivers\flpydisk.sys
2007-03-03 21:33 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-03-03 21:33 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-03-03 21:33 187,776 --a------ C:\WINDOWS\system32\drivers\acpi.sys
2007-03-03 21:33 182,912 --a------ C:\WINDOWS\system32\drivers\ndis.sys
2007-03-03 21:33 174,592 --a------ C:\WINDOWS\system32\drivers\rdbss.sys
2007-03-03 21:33 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-03-03 21:33 162,816 --a------ C:\WINDOWS\system32\drivers\netbt.sys
2007-03-03 21:33 16,000 --a------ C:\WINDOWS\system32\drivers\usbintel.sys
2007-03-03 21:33 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-03-03 21:33 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-03-03 21:33 144,384 --a------ C:\WINDOWS\system32\nwprovau.dll
2007-03-03 21:33 144,384 --a------ C:\WINDOWS\system32\imagehlp.dll
2007-03-03 21:33 143,360 --a------ C:\WINDOWS\system32\drivers\fastfat.sys
2007-03-03 21:33 142,976 --a------ C:\WINDOWS\system32\drivers\usbport.sys
2007-03-03 21:33 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-03-03 21:33 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-03-03 21:33 14,976 --a------ C:\WINDOWS\system32\drivers\tape.sys
2007-03-03 21:33 14,208 --a------ C:\WINDOWS\system32\drivers\diskdump.sys
2007-03-03 21:33 14,080 --a------ C:\WINDOWS\system32\drivers\cmbatt.sys
2007-03-03 21:33 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-03-03 21:33 138,496 --a------ C:\WINDOWS\system32\drivers\afd.sys
2007-03-03 21:33 134,912 --a------ C:\WINDOWS\system32\drivers\ipnat.sys
2007-03-03 21:33 13,312 --a------ C:\WINDOWS\system32\savedump.exe
2007-03-03 21:33 13,312 --a------ C:\WINDOWS\system32\lsass.exe
2007-03-03 21:33 129,536 --a------ C:\WINDOWS\system32\msv1_0.dll
2007-03-03 21:33 12,928 --a------ C:\WINDOWS\system32\drivers\ndisuio.sys
2007-03-03 21:33 119,936 --a------ C:\WINDOWS\system32\drivers\pcmcia.sys
2007-03-03 21:33 11,392 --a------ C:\WINDOWS\system32\drivers\sfloppy.sys
2007-03-03 21:33 107,904 --a------ C:\WINDOWS\system32\drivers\mup.sys
2007-03-03 21:33 101,888 --a------ C:\WINDOWS\system32\win32spl.dll
2007-03-03 21:33 1,839,488 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-03 21:14 <DIR> d-------- C:\e87e89cebe15d
2007-03-03 20:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-03-02 11:24 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-03-01 18:51 <DIR> d-------- C:\DOCUME~1\Olaf\APPLIC~1\T-DSL SpeedManager
2007-03-01 18:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\T-DSL SpeedManager
2007-03-01 10:59 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2007-02-23 12:25 <DIR> d-------- C:\Program Files\Panzergeneral


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-16 13:55 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-03-16 01:55 11776 --a-s---- C:\WINDOWS\system32\geplxss.dll
2007-03-15 22:38 -------- d-------- C:\Program Files\aim
2007-03-15 16:41 -------- d-------- C:\Program Files\viewpoint
2007-03-11 20:26 -------- d-------- C:\Program Files\msn messenger
2007-03-11 18:56 -------- d-------- C:\DOCUME~1\Olaf\APPLIC~1\bittorrent
2007-03-10 16:37 -------- d-------- C:\Program Files\winamp
2007-03-06 23:56 -------- d-------- C:\DOCUME~1\Olaf\APPLIC~1\skype
2007-03-06 04:49 -------- d-------- C:\Program Files\messenger
2007-03-06 02:27 -------- d-------- C:\Program Files\movie maker
2007-03-06 02:17 -------- d-------- C:\Program Files\windows nt
2007-03-04 20:26 -------- d--h----- C:\Program Files\installshield installation information
2007-03-02 11:24 -------- d-------- C:\Program Files\skype
2007-02-28 17:55 -------- d-------- C:\DOCUME~1\Olaf\APPLIC~1\smartsurfer
2007-02-11 23:42 -------- d-------- C:\Program Files\google
2007-01-18 15:58 -------- d-------- C:\Program Files\photoshop 6.0


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"00THotkey"="C:\\WINDOWS\\System32\\00THotkey.exe"
"000StTHK"="000StTHK.exe"
"Tpwrtray"="TPWRTRAY.EXE"
"TosHKCW.exe"="C:\\Program Files\\TOSHIBA\\Wireless Hotkey\\TosHKCW.exe"
"TFncKy"="TFncKy.exe /Type 01"
"TFNF5"="TFNF5.exe"
"TSysSMon"="c:\\toshiba\\sysstability\\tsyssmon.exe /detect"
"nwiz"="nwiz.exe /installquiet"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe"
"PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\2\\printray.exe"
"AcctMgr"="C:\\Program Files\\Norton Password Manager\\AcctMgr.exe /startup"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"EM_EXEC"="C:\\PROGRA~1\\Logitech\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"D-Link AirPlus XtremeG"="C:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe"
"ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader - Schnellstart.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader - Schnellstart.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader - Schnellstart.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader - Schnellstart"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\InterVideo WinCinema Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Logitech Desktop Messenger.lnk"
"backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pinger"
"hkey"="HKLM"
"command"="c:\\toshiba\\ivp\\ism\\pinger.exe /run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{aed6f6a3-183c-488d-9f90-23db99f56e7f}"="apathies"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"user32.dll"="C:\\Program Files\\Video Access ActiveX Object\\isamntr.exe"
"rare"="C:\\Program Files\\Video Access ActiveX Object\\pmsnrr.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ file:///C:/DOCUME~1/Olaf/LOCALS~1/Temp/msoclip1/01/clip_image002.gif

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Olaf.job
C:\WINDOWS\tasks\Symantec Drmc.job
C:\WINDOWS\tasks\Symantec NetDetect.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-03-18 16:16:33

#4 MacTac

das avengerscript ist nicht komplett, weil du ein engl.System hast - aber smitfraudfix loescht mit option 2 den rest
http://virus-protect.org/artikel/spyware/spydawn_remove.html

-----------------------------------------------------------------------

««
öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked"

Zitat

O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll (file missing)

O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video Access ActiveX Object\iesplugin.dll (file missing)

O15 - Trusted IP range: http://195.95.*.*

««
Avenger
http://virus-protect.org/artikel/tools/avenger.html
Input script manually (anhaken)
kopiere in: View/edit script

Zitat

Registry values to delete:
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{84938242-5C5B-4A55-B6B9-A1507543B418}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|user32.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|rare
HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|apathies
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler|{aed6f6a3-183c-488d-9f90-23db99f56e7f}

registry keys to delete:
HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6ACAE64-F798-4930-AD86-BD3FB32038DB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aed6f6a3-183c-488d-9f90-23db99f56e7f}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyDawn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpyDawn.exe
HKEY_LOCAL_MACHINE\SOFTWARE\SpyDawn
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6ACAE64-F798-4930-AD86-BD3FB32038DB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84938242-5C5B-4A55-B6B9-A1507543B418}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Video Access ActiveX Object
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Access ActiveX Object
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03

Files to delete:
C:\WINDOWS\system32\geplxss.dll

Folders to delete:
C:\Program Files\Video Access ActiveX Object
C:\Program Files\SpyDawn

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

««
smitfraud.fix abarbeiten (Option 1 und 2 - lasse auch die Registry mitreinigen)
http://virus-protect.org/artikel/tools/smitfrautfix.html
__________
MfG Sabina

rund um die PC-Sicherheit

#5 Hi Sabina,

bin Deinen Anweisungen gefolgt. Hijackthis ..... "fix checked" hat funktioniert.
Aber bei Avenger klappte es nicht wie es sollte. Siehe nachstehend das logfile. Besteht eventuell ein Zusammenhang mit dem Virenprogramm, welches zwischenzeitlich lief- habe da einiges in "Quarantine... ...(Virus moved)"

Trotz alledem habe ich smitfraud.fix abgearbeitet, mit Erfolg. Logfile nachstehend.

Das blinkende Icon in der taskbar ist verschwunden, ebenso wie die Shortcuts (System Alert Popup, Online Toubleshooting)

Konnte in Systemsteuerungen unter "Add and Remove Hardware" das System Alert Popup von der Liste entfernen.

Ciau MacTac

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Syntax error in line --- no registry value to delete found. Line will be ignored.
Error code: 1813
Line: HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6ACAE64-F798-4930-AD86-BD3FB32038DB}


Syntax error in line --- no registry value to delete found. Line will be ignored.
Error code: 1813
Line: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aed6f6a3-183c-488d-9f90-23db99f56e7f}


Syntax error in line --- no registry value to delete found. Line will be ignored.
Error code: 1813
Line: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyDawn


Syntax error in line --- no registry value to delete found. Line will be ignored.
Error code: 1813
Line: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpyDawn.exe


Syntax error in line --- no registry value to delete found. Line will be ignored.
Error code: 1813
Line: HKEY_LOCAL_MACHINE\SOFTWARE\SpyDawn


Syntax error in line --- no registry value to delete found. Line will be ignored.
Error code: 1813
Line: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6ACAE64-F798-4930-AD86-BD3FB32038DB}


Syntax error in line --- no registry value to delete found. Line will be ignored.
Error code: 1813
Line: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84938242-5C5B-4A55-B6B9-A1507543B418}


Syntax error in line --- no registry value to delete found. Line will be ignored.
Error code: 1813
Line: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Video Access ActiveX Object


Syntax error in line --- no registry value to delete found. Line will be ignored.
Error code: 1813
Line: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Access ActiveX Object


Syntax error in line --- no registry value to delete found. Line will be ignored.
Error code: 1813
Line: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006


Syntax error in line --- no registry value to delete found. Line will be ignored.
Error code: 1813
Line: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On


Syntax error in line --- no registry value to delete found. Line will be ignored.
Error code: 1813
Line: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\lndgjpkb

*******************

Script file located at: \??\C:\bqbyxvll.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\geplxss.dll not found!
Deletion of file C:\WINDOWS\system32\geplxss.dll failed!

Could not process line:
C:\WINDOWS\system32\geplxss.dll
Status: 0xc0000034



Folder C:\Program Files\Video Access ActiveX Object not found!
Deletion of folder C:\Program Files\Video Access ActiveX Object failed!

Could not process line:
C:\Program Files\Video Access ActiveX Object
Status: 0xc0000034

Folder C:\Program Files\SpyDawn deleted successfully.


Could not delete registry value HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{84938242-5C5B-4A55-B6B9-A1507543B418}
Deletion of registry value HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{84938242-5C5B-4A55-B6B9-A1507543B418} failed!
Status: 0xc0000034

Registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|user32.dll deleted successfully.
Registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|rare deleted successfully.


Could not delete registry value HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|apathies
Deletion of registry value HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|apathies failed!
Status: 0xc0000034

Registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler|{aed6f6a3-183c-488d-9f90-23db99f56e7f} deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

LOGFILE: smitfraud.fix

SmitFraudFix v2.150

Scan done at 17:24:53.08, Mon 03/19/2007
Run from C:\My Downloads\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Olaf

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Olaf\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Olaf\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:/DOCUME~1/Olaf/LOCALS~1/Temp/msoclip1/01/clip_image002.gif"
"SubscribedURL"="file:///C:/DOCUME~1/Olaf/LOCALS~1/Temp/msoclip1/01/clip_image002.gif"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

#6 noch mal AVENGER, ich hatte einen fehler gemacht

Zitat

Registry values to delete:
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{84938242-5C5B-4A55-B6B9-A1507543B418}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|user32.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|rare
HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|apathies
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler|{aed6f6a3-183c-488d-9f90-23db99f56e7f}

registry keys to delete:
HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6ACAE64-F798-4930-AD86-BD3FB32038DB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aed6f6a3-183c-488d-9f90-23db99f56e7f}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyDawn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpyDawn.exe
HKEY_LOCAL_MACHINE\SOFTWARE\SpyDawn
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6ACAE64-F798-4930-AD86-BD3FB32038DB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84938242-5C5B-4A55-B6B9-A1507543B418}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Video Access ActiveX Object
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Access ActiveX Object
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03

Files to delete:
C:\WINDOWS\system32\geplxss.dll

Folders to delete:
C:\Program Files\Video Access ActiveX Object
C:\Program Files\SpyDawn

__________
MfG Sabina

rund um die PC-Sicherheit

#7 G'n Abend,

ok, Avenger hab ich laufen lassen. Dieses mal liefs durch und Notebook bootete neu. Sieh Dir bitte das Resultat an. Bis auf eins ist alles "not found" oder "failed"


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\tyiamslo

*******************

Script file located at: \??\C:\sjgotnxi.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:


File C:\WINDOWS\system32\geplxss.dll not found!
Deletion of file C:\WINDOWS\system32\geplxss.dll failed!

Could not process line:
C:\WINDOWS\system32\geplxss.dll
Status: 0xc0000034

Folder C:\Program Files\Video Access ActiveX Object not found!
Deletion of folder C:\Program Files\Video Access ActiveX Object failed!

Could not process line:
C:\Program Files\Video Access ActiveX Object
Status: 0xc0000034

Folder C:\Program Files\SpyDawn not found!
Deletion of folder C:\Program Files\SpyDawn failed!

Could not process line:
C:\Program Files\SpyDawn
Status: 0xc0000034

Could not delete registry value HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{84938242-5C5B-4A55-B6B9-A1507543B418}
Deletion of registry value HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{84938242-5C5B-4A55-B6B9-A1507543B418} failed!
Status: 0xc0000034

Could not delete registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|user32.dll
Deletion of registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|user32.dll failed!
Status: 0xc0000034

Could not delete registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|rare
Deletion of registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|rare failed!
Status: 0xc0000034

Could not delete registry value HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|apathies
Deletion of registry value HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|apathies failed!
Status: 0xc0000034

Could not delete registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler|{aed6f6a3-183c-488d-9f90-23db99f56e7f}
Deletion of registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler|{aed6f6a3-183c-488d-9f90-23db99f56e7f} failed!
Status: 0xc0000034

Registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6ACAE64-F798-4930-AD86-BD3FB32038DB} not found!
Deletion of registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6ACAE64-F798-4930-AD86-BD3FB32038DB} failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aed6f6a3-183c-488d-9f90-23db99f56e7f} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aed6f6a3-183c-488d-9f90-23db99f56e7f} failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyDawn not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyDawn failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpyDawn.exe not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpyDawn.exe failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SpyDawn not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\SpyDawn failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6ACAE64-F798-4930-AD86-BD3FB32038DB} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6ACAE64-F798-4930-AD86-BD3FB32038DB} failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84938242-5C5B-4A55-B6B9-A1507543B418} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84938242-5C5B-4A55-B6B9-A1507543B418} failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Video Access ActiveX Object deleted successfully.

Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Access ActiveX Object not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Access ActiveX Object failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 failed!
Status: 0xc0000034

Completed script processing.
*******************
Finished! Terminate.



Muss/Soll ich ein neues Hijackthis-Logfile(bzw. datfind.bat) posten oder smitfraud.fix nun erneut abarbeiten?

MFG MacTac

#8 nun muesste wieder alles i.o. sein
__________
MfG Sabina

rund um die PC-Sicherheit

#9 Hallo Sabina,

das glaube ich auch. Ich kann jedenfalls kein Indiz fuer mein o.g. Problem mehr finden.

Danke sehr und viele Gruesse aus dem sonnigen Norden

MacTac