Home » Viren, Trojaner & Malware Forum » Ständig unbekannte Zugriffe aufs Internet beim Starten von gängigen Programmen » Themenansicht

Ständig unbekannte Zugriffe aufs Internet beim Starten von gängigen Programmen
#0
08.05.2008, 16:24
FlyingHuman
...neu hier

Beiträge: 3
#1 Hallo, ich benötige Eure Hilfe, da ich selbst nicht weiter weiß und mich auch schon dusselig gesucht habe ;)

Also...

1. CC Cleaner habe ich laufen lassen, Datenträgerbereinigung auch.
2. Combofix-Log:

Code


ComboFix 08-05-01.3 - cf 2008-05-08 16:00:17.5 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1173 [GMT 2:00]
Running from: N:\Downloads\anti-rootkit\ComboFix.exe
 * Resident AV is active

.

(((((((((((((((((((((((((   Files Created from 2008-04-08 to 2008-05-08  )))))))))))))))))))))))))))))))
.

2008-05-08 15:56 . 2001-08-23 14:00    4,952    -ra------    C:\bootfont.bin
2008-05-08 15:48 . 2008-05-08 15:48    <DIR>    d--h-----    C:\$AVG8.VAULT$
2008-05-08 15:35 . 2008-05-08 15:35    12,424    --a------    C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-05-07 23:41 . 2008-05-07 23:41    <DIR>    d--------    C:\Programme\Malwarebytes' Anti-Malware
2008-05-07 23:41 . 2008-05-07 23:41    <DIR>    d--------    C:\Documents and Settings\cf\Application Data\Malwarebytes
2008-05-07 23:41 . 2008-05-07 23:41    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-07 23:16 . 2008-05-07 23:16    <DIR>    d--------    C:\fixwareout
2008-05-07 22:56 . 2008-05-07 22:56    <DIR>    d--h-----    C:\WINDOWS\system32\GroupPolicy
2008-05-07 20:18 . 2008-05-08 00:13    16,384    --ahs----    C:\VSNAP.IDX
2008-05-07 17:20 . 2008-05-08 15:25    5,101    --a------    C:\WINDOWS\system32\oodbs.lor
2008-05-07 17:10 . 2008-05-07 17:10    0    --ah-----    C:\Documents and Settings\NetworkService\ntuser.dat_TU_26748.LOG
2008-05-07 17:10 . 2008-05-07 17:10    0    --ah-----    C:\Documents and Settings\LocalService\ntuser.dat_TU_75182.LOG
2008-05-07 17:10 . 2008-05-07 17:10    0    --ah-----    C:\Documents and Settings\cf\ntuser.dat_TU_45644.LOG
2008-05-07 16:54 . 2008-05-07 16:54    <DIR>    d--------    C:\Documents and Settings\cf\Application Data\TuneUp Software
2008-05-07 16:51 . 2008-05-07 16:51    <DIR>    d--------    C:\Programme\OO Software
2008-05-07 16:34 . 2008-04-14 05:41    1,888,992    ---------    C:\WINDOWS\system32\ati3duag.dll
2008-05-07 16:33 . 2008-05-07 16:33    <DIR>    d--------    C:\WINDOWS\system32\scripting
2008-05-07 16:27 . 2008-05-07 16:27    <DIR>    d--------    C:\WINDOWS\ServicePackFiles
2008-05-07 16:26 . 2008-04-14 05:42    294,912    ---------    C:\WINDOWS\system32\dllcache\dlimport.exe
2008-05-07 16:21 . 2006-12-29 00:31    19,569    --a------    C:\WINDOWS\[u]0[/u]03351_.tmp
2008-05-07 16:11 . 2008-05-07 16:11    <DIR>    d--------    C:\Programme\Common Files\Skype
2008-05-07 16:11 . 2008-05-07 16:11    56    --ah-----    C:\WINDOWS\system32\ezsidmv.dat
2008-05-07 15:46 . 2008-05-07 15:46    0    --a------    C:\WINDOWS\oodcnt.INI
2008-05-07 15:36 . 2008-05-07 15:36    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-07 15:32 . 2008-05-07 15:32    <DIR>    d--------    C:\Documents and Settings\cf\.gkrellm2
2008-05-07 15:11 . 2008-05-07 15:11    <DIR>    d--------    C:\Documents and Settings\cf\Application Data\Thinstall
2008-05-07 14:59 . 2008-05-07 14:59    1,240    --a------    C:\WINDOWS\mozver.dat
2008-05-07 14:45 . 2008-05-07 14:45    <DIR>    d--------    C:\WINDOWS\system32\drivers\Avg
2008-05-07 14:45 . 2008-05-07 14:45    <DIR>    d--------    C:\Documents and Settings\cf\Application Data\AVGTOOLBAR
2008-05-07 14:45 . 2008-05-07 14:45    96,520    --a------    C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-07 14:45 . 2008-05-07 14:45    75,272    --a------    C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-07 14:45 . 2008-05-07 14:45    10,520    --a------    C:\WINDOWS\system32\avgrsstx.dll
2008-05-07 14:44 . 2008-05-07 14:44    <DIR>    d--------    C:\Programme\AVG
2008-05-07 14:44 . 2008-05-07 14:44    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\avg8
2008-05-07 14:08 . 2008-05-07 14:08    <DIR>    d--------    C:\WINDOWS\nvidia icons
2008-05-07 14:05 . 2008-05-07 14:05    <DIR>    d--------    C:\NVIDIA
2008-05-07 13:53 . 2008-05-07 14:12    884    --a------    C:\WINDOWS\system32\d3d8caps.dat
2008-05-07 13:53 . 2008-05-07 14:06    664    --a------    C:\WINDOWS\system32\d3d9caps.dat
2008-05-02 22:46 . 2008-05-02 22:46    1,241,088    --a------    C:\WINDOWS\system32\nvcuda.dll
2008-04-23 00:29 . 2008-04-23 00:29    41,296    --a------    C:\WINDOWS\system32\xfcodec.dll
2008-04-14 05:42 . 2008-04-14 05:42    20,992    ---------    C:\WINDOWS\system32\spupdwxp.exe
2008-04-14 05:42 . 2008-04-14 05:42    20,992    ---------    C:\WINDOWS\system32\faxpatch.exe
2008-04-14 05:42 . 2008-04-14 05:42    7,680    --a------    C:\WINDOWS\system32\spdwnwxp.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-07 22:13    838,144    ------w    C:\WINDOWS\Internet Logs\xDB6B.tmp
2008-05-07 22:13    7,122,976    --sha-w    C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-07 22:13    105,308    --sha-w    C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-07 22:13    1,769,472    ----a-w    C:\WINDOWS\Internet Logs\xDB6C.tmp
2008-05-07 15:19    144,896    ------w    C:\WINDOWS\Internet Logs\xDB6A.tmp
2008-05-07 14:41    276,480    ------w    C:\WINDOWS\Internet Logs\xDB69.tmp
2008-05-07 12:32    1,603,072    ------w    C:\WINDOWS\Internet Logs\xDB68.tmp
2008-05-07 12:32    1,139,712    ------w    C:\WINDOWS\Internet Logs\xDB67.tmp
2008-05-07 12:07    141,312    ----a-w    C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-05-07 11:45    194,560    ------w    C:\WINDOWS\Internet Logs\xDB65.tmp
2008-05-07 11:45    1,472,000    ------w    C:\WINDOWS\Internet Logs\xDB66.tmp
2008-04-30 15:27    442,368    ----a-w    C:\WINDOWS\system32\NVUNINST.EXE
2008-04-14 03:55    1,804    ----a-w    C:\WINDOWS\system32\Dcache.bin
2008-04-14 03:46    329,728    ----a-w    C:\WINDOWS\system32\netsetup.exe
2008-04-14 03:43    92,424    ----a-w    C:\WINDOWS\system32\rdpdd.dll
2008-04-14 03:43    87,176    ----a-w    C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 03:43    40,840    ----a-w    C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 03:43    21,896    ----a-w    C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 03:43    139,656    ----a-w    C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 03:43    12,168    ----a-w    C:\WINDOWS\system32\tsddd.dll
2008-04-14 03:43    12,040    ----a-w    C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 03:41    98,304    ----a-w    C:\WINDOWS\system32\actxprxy.dll
2008-04-14 03:40    53,279    ----a-w    C:\WINDOWS\system32\odbcji32.dll
2008-04-14 03:40    4,126    ----a-w    C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 03:40    4,126    ----a-w    C:\WINDOWS\system32\dllcache\msdxmlc.dll
2008-04-14 03:40    3,584    ----a-w    C:\WINDOWS\system32\msafd.dll
2008-04-13 23:00    1,845,632    ----a-w    C:\WINDOWS\system32\win32k.sys
2008-04-13 22:58    175,744    ----a-w    C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 22:54    2,145,280    ----a-w    C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 22:51    162,816    ----a-w    C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 22:50    91,520    ----a-w    C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 22:50    361,344    ----a-w    C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 22:50    182,656    ----a-w    C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 22:49    75,264    ----a-w    C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 22:49    51,328    ----a-w    C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 22:49    48,384    ----a-w    C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 22:49    146,048    ----a-w    C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 22:49    138,112    ----a-w    C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 22:48    52,480    ----a-w    C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 22:47    83,072    ----a-w    C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 22:47    456,576    ----a-w    C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 22:47    105,344    ----a-w    C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 22:46    49,536    ----a-w    C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 22:46    141,056    ----a-w    C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 22:45    64,512    ----a-w    C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 22:45    60,800    ----a-w    C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 22:45    574,976    ----a-w    C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 22:45    334,848    ----a-w    C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 22:44    63,744    ----a-w    C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 22:44    143,744    ----a-w    C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 22:30    30,080    ----a-w    C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 22:30    225,664    ----a-w    C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 22:30    19,072    ----a-w    C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 22:27    41,472    ----a-w    C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 22:27    40,576    ----a-w    C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 22:27    34,560    ----a-w    C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 22:27    20,864    ----a-w    C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 22:27    152,832    ----a-w    C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 22:27    14,336    ----a-w    C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 22:27    10,112    ----a-w    C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 22:26    88,320    ----a-w    C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 22:26    69,120    ----a-w    C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 22:26    35,072    ----a-w    C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 22:26    34,688    ----a-w    C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 22:26    30,592    ----a-w    C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 22:26    30,592    ------w    C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 22:26    14,592    ----a-w    C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 22:26    12,800    ----a-w    C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 22:26    12,800    ------w    C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 22:26    12,288    ----a-w    C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 22:25    202,624    ----a-w    C:\WINDOWS\system32\drivers\RMCast.sys
2008-04-13 22:24    11,264    ----a-w    C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 22:23    71,552    ----a-w    C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 22:23    40,320    ----a-w    C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 22:23    36,608    ----a-w    C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 22:23    264,832    ----a-w    C:\WINDOWS\system32\drivers\http.sys
2008-04-13 22:21    61,824    ----a-w    C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 22:21    60,800    ----a-w    C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 22:21    59,904    ----a-w    C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 22:21    55,808    ----a-w    C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 22:21    101,120    ----a-w    C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 22:17    25,856    ----a-w    C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-13 22:15    60,160    ----a-w    C:\WINDOWS\system32\drivers\drmk.sys
2008-04-13 22:14    81,664    ----a-w    C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-13 22:14    799,744    ----a-w    C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 22:14    20,992    ----a-w    C:\WINDOWS\system32\drivers\vga.sys
2008-04-13 22:14    153,344    ----a-w    C:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 22:13    9,728    ------w    C:\WINDOWS\system32\comsdupd.exe
2008-04-13 22:13    14,208    ------w    C:\WINDOWS\system32\drivers\wacompen.sys
2008-04-13 22:13    12,800    ----a-w    C:\WINDOWS\system32\spiisupd.exe
2008-04-13 22:13    12,672    ------w    C:\WINDOWS\system32\drivers\mutohpen.sys
2008-04-13 22:11    52,352    ----a-w    C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-13 22:11    42,112    ----a-w    C:\WINDOWS\system32\drivers\imapi.sys
2008-04-13 22:09    92,544    ----a-w    C:\WINDOWS\system32\drivers\mqac.sys
2008-04-13 22:09    7,552    ----a-w    C:\WINDOWS\system32\drivers\mskssrv.sys
2008-04-13 22:09    5,504    ----a-w    C:\WINDOWS\system32\drivers\mstee.sys
2008-04-13 22:09    5,376    ----a-w    C:\WINDOWS\system32\drivers\mspclock.sys
2008-04-13 22:09    42,368    ----a-w    C:\WINDOWS\system32\drivers\mountmgr.sys
2008-04-13 22:09    4,992    ----a-w    C:\WINDOWS\system32\drivers\mspqm.sys
2008-04-13 22:09    4,352    ----a-w    C:\WINDOWS\system32\drivers\swenum.sys
.

(((((((((((((((((((((((((((((   snapshot@2008-05-07_23.15.51,90   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-07 18:22:30    2,048    --s-a-w    C:\WINDOWS\bootstat.dat
+ 2008-05-08 13:25:14    2,048    --s-a-w    C:\WINDOWS\bootstat.dat
+ 2001-07-14 15:32:24    69,632    ----a-w    C:\WINDOWS\setupupd\temp\wsdueng.dll
+ 2008-05-08 13:26:14    16,384    ----a-w    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Perflib_Perfdata_30c.dat
+ 2008-05-08 13:25:34    16,384    ----a-w    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Perflib_Perfdata_788.dat
+ 2008-05-08 13:26:36    16,384    ----a-w    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Perflib_Perfdata_884.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WEB.DE_WEB.DE MultiMessenger"="C:\Programme\WEB.DE\WEB.DE MultiMessenger\MESSENGR.exe" [2008-04-09 19:08 4613552]
"DAEMON Tools"="C:\Programme\DAEMON Tools\daemon.exe" [2007-09-18 16:16 171464]
"Free Download Manager"="C:\Programme\Free Download Manager\fdm.exe" [2007-10-08 03:39 2445359]
"Eraser"="C:\Programme\Eraser\Eraser.exe" [2007-07-28 22:05 277328]
"NVIDIA nTune"="C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 14:20 81920]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]
"SpybotSD TeaTimer"="P:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2006-07-10 22:10 137216]
"SoundMAX"="C:\Programme\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12 729088]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"ZoneAlarm Client"="C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016]
"DU Meter"="C:\Programme\DU Meter\DUMeter.exe" [2004-08-25 11:31 1470464]
"amd_dc_opt"="C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 11:06 77824]
"SoundMAXPnP"="C:\Programme\Analog Devices\Core\smax4pnp.exe" [2006-12-18 21:34 868352]
"Sony Ericsson PC Suite"="P:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 08:16 528384]
"WinSys2"="C:\WINDOWS\system32\winsys2.exe" [2006-04-29 11:36 208896]
"Launch LgDevAgt"="C:\Programme\Logitech\GamePanel Software\LgDevAgt.exe" [2007-12-13 17:59 346648]
"Launch LGDCore"="C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 17:57 2095640]
"Norton Ghost 12.0"="C:\Programme\Norton Ghost\Agent\VProTray.exe" [2007-03-28 20:41 2037352]
"SpywareTerminator"="C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-07 14:07 1817600]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 05:42 110592 C:\WINDOWS\system32\bthprops.cpl]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"AVG8_TRAY"="P:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-08 15:35 1177368]
"RivaTunerStatisticsServer"="P:\Programme\RivaTuner v2.08\Tools\RivaTunerStatisticsServer\RivaTunerStatisticsServer.exe" [2008-03-10 10:10 57344]
"RivaTunerStartupDaemon"="P:\Programme\RivaTuner v2.08\RivaTuner.exe" [2008-03-10 10:10 2691072]
"RivaTuner"="P:\Programme\RivaTuner v2.08\RivaTuner.exe" [2008-03-10 10:10 2691072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 05:42 15360]

C:\Documents and Settings\cf\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Programme\Stardock\ObjectDock\ObjectDock.exe [2007-10-10 21:28:28 3450608]
Verknpfung mit wawi_backup.lnk - I:\Backup\WAWI\wawi_backup.bat [2008-03-21 00:35:14 123]
gkrellm.lnk - P:\Programme\GKrellM\gkrellm.exe [2007-07-31 23:03:16 656384]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - C:\Programme\Cisco Systems\VPN Client\vpngui.exe [2007-11-04 19:54:57 1537064]
DualCoreCenter.lnk - C:\Programme\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2007-12-01 13:23:05 192512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.divxa32"= divxa32.acm
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIRECTCD]
--a------ 2005-10-25 00:49 299008 C:\Programme\InterVideo\Disc Master 2.5\DirectCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
P:\Programme\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR]
--a------ 2005-01-21 02:47 270336 C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\WINDOWS\\System32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"S:\\spiele\\wic\\wic.exe"=
"S:\\spiele\\wic\\wic_online.exe"=
"S:\\spiele\\wic\\wic_ds.exe"=
"S:\\spiele\\bf2142\\BF2142.exe"=
"S:\\spiele\\supreme_commander\\Supreme Commander\\bin\\SupremeCommander.exe"=
"S:\\spiele\\supreme_commander\\GPGNet\\GPG.Multiplayer.Client.exe"=
"C:\\Programme\\Bonjour\\mDNSResponder.exe"=
"C:\\Programme\\uTorrent\\uTorrent.exe"=
"S:\\spiele\\unreal_tournament_3\\Binaries\\UT3.exe"=
"S:\\spiele\\crysis\\Bin32\\Crysis.exe"=
"S:\\spiele\\crysis\\Bin32\\CrysisDedicatedServer.exe"=
"S:\\spiele\\call_of_duty_4\\iw3mp.exe"=
"C:\\Documents and Settings\\CF\\Local Settings\\Apps\\2.0\\KO79P4GG.WWB\\[u]0[/u]WVM7Q55.WPV\\frit..tion_f8d772dfbb3f7453_0002.0001_147a792107b9f781\\fritzbox-usb-fernanschluss.exe"=
"P:\\Programme\\SmartFTP Client\\SmartFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=
"M:2\\Programme\\AVG\\AVG8\\avgupd.exe"=
"M:2\\Programme\\AVG\\AVG8\\avgemc.exe"=
"M:2\\Programme\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 AmdAcpi;AmdAcpi Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\AmdAcpi.sys [2006-09-05 16:04]
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-05-08 15:35]
R0 ivicd;Ivi CDVD Filter Driver;C:\WINDOWS\system32\drivers\ivicd.sys [2005-01-12 06:29]
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 20:27]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-07 14:45]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-05-07 14:07]
R1 VBoxDrv;VirtualBox Service;C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2007-12-29 09:32]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;"C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 10:53]
R2 avg8emc;AVG8 E-mail Scanner;P:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-07 14:44]
R2 avg8wd;AVG8 WatchDog;P:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-08 15:35]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-07 14:45]
R2 drhard;drhard;C:\WINDOWS\system32\drivers\drhard.sys [2005-12-01 10:49]
R2 MSSQL$JTLWAWI;SQL Server (JTLWAWI);"C:\Programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sJTLWAWI []
R2 SQLWriter;SQL Server VSS Writer;"C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys [2006-08-24 15:37]
R3 DigiCellDriver;DigiCellDriver;C:\Programme\MSI\DualCoreCenter\NTGLM7X.sys [2006-10-05 15:32]
R3 iviudf;iviudf;C:\WINDOWS\system32\drivers\IviUdf.sys [2005-06-23 02:09]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2007-11-23 01:53]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\143.tmp []
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;C:\WINDOWS\system32\PLCMPR5.SYS []
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"P:\Programme\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []

*Newly Created Service* - AVGRKX86
*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-08 16:03:00
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\143.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Programme\Stardock\ObjectDock\DockShellHook.dll
-> P:\Programme\RivaTuner v2.08\Tools\RivaTunerStatisticsServer\RTSSHooks.dll
.
Completion time: 2008-05-08 16:03:47
ComboFix-quarantined-files.txt  2008-05-08 14:03:40
ComboFix4.txt  2008-05-07 21:16:22
ComboFix3.txt  2008-05-07 22:03:04
ComboFix2.txt  2008-05-07 22:07:06

Pre-Run: 11,374,755,840 bytes free
Post-Run: 11,349,966,848 bytes free

306    --- E O F ---    2008-05-07 15:52:24


-----------------------------------------
3. HiJackThis Logfile:

Code


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:06:43, on 08.05.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programme\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programme\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Norton Ghost\Agent\VProSvc.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\Spyware Terminator\sp_rsser.exe
C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
P:\Programme\stunnel\stunnel.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programme\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Programme\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\DU Meter\DUMeter.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\Programme\Logitech\GamePanel Software\LgDevAgt.exe
C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Programme\Norton Ghost\Agent\VProTray.exe
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
P:\Programme\RivaTuner v2.08\Tools\RivaTunerStatisticsServer\RivaTunerStatisticsServer.exe
C:\Programme\WEB.DE\WEB.DE MultiMessenger\MESSENGR.EXE
C:\Programme\DAEMON Tools\daemon.exe
C:\Programme\Free Download Manager\fdm.exe
C:\Programme\Eraser\Eraser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Stardock\ObjectDock\ObjectDock.exe
P:\Programme\GKrellM\gkrellm.exe
C:\Programme\MSI\DualCoreCenter\DualCoreCenter.exe
C:\WINDOWS\system32\wscntfy.exe
P:\portable\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
P:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
P:\PROGRA~1\AVG\AVG8\avgrsx.exe
P:\PROGRA~1\AVG\AVG8\avgemc.exe
P:\PROGRA~1\AVG\AVG8\avgnsx.exe
P:\portable\PortableApps\FirefoxPortable\App\firefox\firefox.exe
C:\WINDOWS\explorer.exe
P:\Programme\Spybot - Search & Destroy\TeaTimer.exe
N:\Downloads\anti-rootkit\HjThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://10.0.0.107/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - P:\Programme\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - P:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [DU Meter] C:\Programme\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "P:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Programme\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Programme\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] P:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RivaTunerStatisticsServer] "P:\Programme\RivaTuner v2.08\Tools\RivaTunerStatisticsServer\RivaTunerStatisticsServer.exe" /s
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "P:\Programme\RivaTuner v2.08\RivaTuner.exe" /S
O4 - HKLM\..\Run: [RivaTuner] "P:\Programme\RivaTuner v2.08\RivaTuner.exe" /T
O4 - HKCU\..\Run: [WEB.DE_WEB.DE MultiMessenger] "C:\Programme\WEB.DE\WEB.DE MultiMessenger\MESSENGR.EXE" /hide
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Free Download Manager] "C:\Programme\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe -hide
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] P:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Verknüpfung mit wawi_backup.lnk = I:\Backup\WAWI\wawi_backup.bat (User 'SYSTEM')
O4 - S-1-5-18 Startup: gkrellm.lnk = P:\Programme\GKrellM\gkrellm.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')
O4 - .DEFAULT Startup: Verknüpfung mit wawi_backup.lnk = I:\Backup\WAWI\wawi_backup.bat (User 'Default user')
O4 - .DEFAULT Startup: gkrellm.lnk = P:\Programme\GKrellM\gkrellm.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Verknüpfung mit wawi_backup.lnk = I:\Backup\WAWI\wawi_backup.bat
O4 - Startup: gkrellm.lnk = P:\Programme\GKrellM\gkrellm.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Programme\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: DualCoreCenter.lnk = C:\Programme\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Programme\Free Download Manager\dllink.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://P:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - P:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - P:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - P:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - P:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - P:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted IP range: http://10.0.0.107
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192034198671
O17 - HKLM\System\CCS\Services\Tcpip\..\{70614CF0-02E6-4C76-B064-9B7D178DB228}: NameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1169446-C699-495D-B5B5-383685D46FD7}: NameServer = 10.0.0.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - P:\Programme\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - P:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - P:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programme\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programme\Norton Ghost\Agent\VProSvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programme\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: stunnel - Unknown owner - P:\Programme\stunnel\stunnel.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

--
End of file - 14992 bytes


---------------------------------
4. Datfind-Log:

Code


. 
. 
 Bitte nur die Eintraege der letzten 3 Monate pro Ordner posten 
. 
. 
 Datentr„ger in Laufwerk C: ist WINXP
 Volumeseriennummer: 4032-55C5

 Verzeichnis von C:\WINDOWS\system32

08.05.2008  15:27                 0 nmp.log
08.05.2008  15:26           175.572 nvapps.xml
08.05.2008  15:25            13.646 wpa.dbl
08.05.2008  15:25               336 vsconfig.xml
08.05.2008  15:25             5.101 oodbs.lor
07.05.2008  17:45            46.535 lvcoinst.log
07.05.2008  16:57             2.626 CONFIG.NT
07.05.2008  16:46           527.082 perfh009.dat
07.05.2008  16:46           641.150 PerfStringBackup.INI
07.05.2008  16:46           103.474 perfc009.dat
07.05.2008  16:43               251 spupdwxp.log
07.05.2008  16:42         1.457.824 FNTCACHE.DAT
07.05.2008  16:11                56 ezsidmv.dat
07.05.2008  14:45            10.520 avgrsstx.dll
07.05.2008  14:26                 8 nvModes.dat
07.05.2008  14:12               884 d3d8caps.dat
07.05.2008  14:06               664 d3d9caps.dat
02.05.2008  22:46           335.872 nvwrses.dll
02.05.2008  22:46           282.624 nvrses.dll
02.05.2008  22:46           278.528 nvwrshe.dll
02.05.2008  22:46           335.872 nvwrsel.dll
02.05.2008  22:46           425.984 keystone.exe
02.05.2008  22:46            18.070 nvdisp.nvu
02.05.2008  22:46           327.680 nvrshe.dll
02.05.2008  22:46           159.812 nvsvc32.exe
02.05.2008  22:46           282.624 nvrsel.dll
02.05.2008  22:46           286.720 nvwrscs.dll
02.05.2008  22:46           274.432 nvrsesm.dll
02.05.2008  22:46           442.368 nvudisp.exe
02.05.2008  22:46         3.776.512 nvvitvs.dll
02.05.2008  22:46            41.984 nvcod.dll
02.05.2008  22:46         2.854.912 nvmoblsr.dll
02.05.2008  22:46            41.984 nvcodins.dll
02.05.2008  22:46         1.257.472 nvmobls.dll
02.05.2008  22:46           327.680 nvwrsfr.dll
02.05.2008  22:46           458.752 nvmccssr.dll
02.05.2008  22:46           282.624 nvwrsar.dll
02.05.2008  22:46         6.108.160 nv4_disp.dll
02.05.2008  22:46           182.347 nvapps.nvb
02.05.2008  22:46           167.936 nvwrszht.dll
02.05.2008  22:46           126.976 nvrszht.dll
02.05.2008  22:46           163.840 nvwrszhc.dll
02.05.2008  22:46           442.368 nvappbar.exe
02.05.2008  22:46           225.280 nvrszhc.dll
02.05.2008  22:46           327.680 nvwrsesm.dll
02.05.2008  22:46           253.952 nvrsda.dll
02.05.2008  22:46           147.456 nvcolor.exe
02.05.2008  22:46           258.048 nvrshu.dll
02.05.2008  22:46           303.104 nvwrstr.dll
02.05.2008  22:46           278.528 nvrsde.dll
02.05.2008  22:46           188.416 nvmccss.dll
02.05.2008  22:46           282.624 nvrsit.dll
02.05.2008  22:46         3.424.256 nvgamesr.dll
02.05.2008  22:46         3.391.488 nvgames.dll
02.05.2008  22:46         4.136.960 nvvitvsr.dll
02.05.2008  22:46           294.912 nvwrsda.dll
02.05.2008  22:46           323.584 nvwrsit.dll
02.05.2008  22:46         6.582.272 nvdisps.dll
02.05.2008  22:46           286.720 nvwrseng.dll
02.05.2008  22:46           258.048 nvrstr.dll
02.05.2008  22:46           249.856 nvrsfi.dll
02.05.2008  22:46           229.376 nvmccs.dll
02.05.2008  22:46           425.984 nvapi.dll
02.05.2008  22:46           286.720 nvnt4cpl.dll
02.05.2008  22:46           290.816 nvwrsth.dll
02.05.2008  22:46            81.920 nvwddi.dll
02.05.2008  22:46         1.339.392 nvdspsch.exe
02.05.2008  22:46         1.241.088 nvcuda.dll
02.05.2008  22:46           311.296 nvwrsde.dll
02.05.2008  22:46           327.680 nvrsar.dll
02.05.2008  22:46           294.912 nvwrssv.dll
02.05.2008  22:46           253.952 nvrssv.dll
02.05.2008  22:46         8.769.536 nvoglnt.dll
02.05.2008  22:46           303.104 nvwrssl.dll
02.05.2008  22:46         2.629.632 nvwss.dll
02.05.2008  22:46        13.529.088 nvcpl.dll
02.05.2008  22:46           258.048 nvrssl.dll
02.05.2008  22:46           253.952 nvrsth.dll
02.05.2008  22:46           266.240 nvrsja.dll
02.05.2008  22:46           313.888 nvexpbar.dll
02.05.2008  22:46         1.486.848 nview.dll
02.05.2008  22:46           212.992 nvwrsja.dll
02.05.2008  22:46           299.008 nvwrssk.dll
02.05.2008  22:46         1.079.840 nvcpluir.dll
02.05.2008  22:46         2.670.592 nvwssr.dll
02.05.2008  22:46           768.544 nvcplui.exe
02.05.2008  22:46           315.392 nvwrshu.dll
02.05.2008  22:46           258.048 nvrssk.dll
02.05.2008  22:46           303.104 nvwrsfi.dll
02.05.2008  22:46           420.384 nvcpl.cpl
02.05.2008  22:46           315.392 nvwrsru.dll
02.05.2008  22:46           270.336 nvrsru.dll
02.05.2008  22:46           319.488 nvwrsptb.dll
02.05.2008  22:46           266.240 nvrsptb.dll
02.05.2008  22:46           258.048 nvrsko.dll
02.05.2008  22:46           196.608 nvwrsko.dll
02.05.2008  22:46           274.432 nvrsnl.dll
02.05.2008  22:46           323.584 nvwrspt.dll
02.05.2008  22:46            45.056 nvmccsrs.dll
02.05.2008  22:46           249.856 nvrseng.dll
02.05.2008  22:46           319.488 nvwrsnl.dll
02.05.2008  22:46           253.952 nvrsno.dll
02.05.2008  22:46           274.432 nvrspt.dll
02.05.2008  22:46           299.008 nvwrsno.dll
02.05.2008  22:46           466.944 nvshell.dll
02.05.2008  22:46           258.048 nvrspl.dll
02.05.2008  22:46           294.912 nvwrspl.dll
02.05.2008  22:46         1.630.208 nwiz.exe
02.05.2008  22:46         1.019.904 nvwimg.dll
02.05.2008  22:46         1.703.936 nvwdmcpl.dll
02.05.2008  22:46         5.783.552 nvdispsr.dll
02.05.2008  22:46           249.856 nvrscs.dll
02.05.2008  22:46           286.720 nvrsfr.dll
02.05.2008  22:46            86.016 nvmctray.dll
02.05.2008  22:46            73.728 nvtuicpl.cpl
30.04.2008  17:27           442.368 NVUNINST.EXE
23.04.2008  00:29            41.296 xfcodec.dll
14.04.2008  05:55             1.804 Dcache.bin
14.04.2008  05:46           329.728 netsetup.exe
14.04.2008  05:43            87.176 rdpwsx.dll
14.04.2008  05:43            92.424 rdpdd.dll
14.04.2008  05:43            12.168 tsddd.dll
14.04.2008  05:42            17.408 ipconf.tsp
14.04.2008  05:42            29.696 hidphone.tsp
14.04.2008  05:42            47.104 ssmypics.scr
14.04.2008  05:42            23.552 wdmaud.drv
14.04.2008  05:42            33.280 kmddsp.tsp
14.04.2008  05:42           265.728 h323.tsp
14.04.2008  05:42           206.848 unimdm.tsp
14.04.2008  05:42            56.832 ndptsp.tsp
14.04.2008  05:42           188.416 msh261.drv
14.04.2008  05:42           146.432 winspool.drv
14.04.2008  05:42           294.912 msh263.drv
14.04.2008  05:42            76.800 remotesp.tsp
14.04.2008  05:42           848.384 ir41_32.ax
14.04.2008  05:42             9.216 scrnsave.scr
14.04.2008  05:42            53.248 vbicodec.ax
14.04.2008  05:42            30.208 vbisurf.ax
14.04.2008  05:42           199.680 iac25_32.ax
14.04.2008  05:42           221.184 msadds32.ax
14.04.2008  05:42           118.272 mpeg2data.ax
14.04.2008  05:42            16.896 more.com
14.04.2008  05:42           129.536 ksproxy.ax
14.04.2008  05:42           154.624 ivfsrc.ax
14.04.2008  05:42            61.952 kstvtune.ax
14.04.2008  05:42            69.632 msscds32.ax
14.04.2008  05:42            43.008 ksxbar.ax
14.04.2008  05:42             9.728 ativdaxx.ax
14.04.2008  05:42           258.048 wmvds32.ax
14.04.2008  05:42            16.384 ipsink.ax
14.04.2008  05:42            29.696 format.com
14.04.2008  05:42           148.992 mpg2splt.ax
14.04.2008  05:42           278.559 wmv8ds32.ax
14.04.2008  05:42           239.616 wstrenderer.ax
14.04.2008  05:42            28.672 vidcap.ax
14.04.2008  05:42           262.144 mpg4ds32.ax
14.04.2008  05:42            23.040 ativmvxx.ax
14.04.2008  05:42            91.136 kswdmcap.ax
14.04.2008  05:42            12.800 tree.com
14.04.2008  05:42           164.352 wstpager.ax
14.04.2008  05:42            25.600 netsetup.cpl
14.04.2008  05:42            32.768 odbccp32.cpl
14.04.2008  05:42           155.136 hdwwiz.cpl
14.04.2008  05:42           300.544 sysdm.cpl
14.04.2008  05:42           129.536 intl.cpl
14.04.2008  05:42            80.896 firewall.cpl
14.04.2008  05:42           257.024 nusrmgr.cpl
14.04.2008  05:42            30.720 xcopy.exe
14.04.2008  05:42           549.888 appwiz.cpl
14.04.2008  05:42           114.688 powercfg.cpl
14.04.2008  05:42           618.496 mmsys.cpl
14.04.2008  05:42            68.608 joy.cpl
14.04.2008  05:42           135.168 desk.cpl
14.04.2008  05:42           165.888 wuauclt1.exe
14.04.2008  05:42            13.824 wscntfy.exe
14.04.2008  05:42            11.264 wpnpinst.exe
14.04.2008  05:42            32.256 wpabaln.exe
14.04.2008  05:42             5.632 winver.exe
14.04.2008  05:42           148.480 wscui.cpl
14.04.2008  05:42           110.592 bthprops.cpl
14.04.2008  05:42           155.648 wscript.exe
14.04.2008  05:42           380.416 irprops.cpl
14.04.2008  05:42            94.208 timedate.cpl
14.04.2008  05:42           507.904 winlogon.exe
14.04.2008  05:42            12.288 tracert.exe
14.04.2008  05:42            60.416 tzchange.exe
14.04.2008  05:42            65.024 wextract.exe
14.04.2008  05:42            16.896 upnpcont.exe
14.04.2008  05:42            26.112 userinit.exe
14.04.2008  05:42           433.664 wiaacmgr.exe
14.04.2008  05:42            28.672 verclsid.exe
14.04.2008  05:42           259.584 tracerpt.exe
14.04.2008  05:42            18.432 ups.exe
14.04.2008  05:42           289.792 vssvc.exe
14.04.2008  05:42            14.336 svchost.exe
14.04.2008  05:42             7.680 spdwnwxp.exe
14.04.2008  05:42           135.680 taskmgr.exe
14.04.2008  05:42           538.624 spider.exe
14.04.2008  05:42            24.576 sort.exe
14.04.2008  05:42            71.680 systeminfo.exe
14.04.2008  05:42            20.992 spupdwxp.exe
14.04.2008  05:42           131.584 sndrec32.exe
14.04.2008  05:42           106.496 sysocmgr.exe
14.04.2008  05:42            57.856 spoolsv.exe
14.04.2008  05:42            77.824 tasklist.exe
14.04.2008  05:42            76.288 taskkill.exe
14.04.2008  05:42            50.688 smss.exe
14.04.2008  05:42            75.776 telnet.exe
14.04.2008  05:42            11.264 spnpinst.exe
14.04.2008  05:42            14.848 stimon.exe
14.04.2008  05:42            77.312 sdbinst.exe
14.04.2008  05:42            32.768 setupn.exe
14.04.2008  05:42           121.856 schtasks.exe
14.04.2008  05:42           108.544 services.exe
14.04.2008  05:42            18.944 secedit.exe
14.04.2008  05:42           141.312 sessmgr.exe
14.04.2008  05:42            73.796 slserv.exe
14.04.2008  05:42            45.056 shmgrate.exe
14.04.2008  05:42            77.824 shrpubw.exe
14.04.2008  05:42             8.192 smbinst.exe
14.04.2008  05:42            19.456 shutdown.exe
14.04.2008  05:42            89.600 smlogsvc.exe
14.04.2008  05:42            70.144 sigverif.exe
14.04.2008  05:42            32.866 slrundll.exe
14.04.2008  05:42            23.040 setup.exe
14.04.2008  05:42            62.976 rdpclip.exe
14.04.2008  05:42            19.968 qprocess.exe
14.04.2008  05:42            14.336 runonce.exe
14.04.2008  05:42            67.072 rdshost.exe
14.04.2008  05:42            13.824 rdsaddin.exe
14.04.2008  05:42            33.280 rundll32.exe
14.04.2008  05:42            21.504 rcp.exe
14.04.2008  05:42            77.312 rtcshare.exe
14.04.2008  05:42            35.840 rcimlby.exe
14.04.2008  05:42             9.216 proxycfg.exe
14.04.2008  05:42            14.848 rsh.exe
14.04.2008  05:42           107.520 rsnotify.exe
14.04.2008  05:42            95.744 scardsvr.exe
14.04.2008  05:42            13.824 rexec.exe
14.04.2008  05:42            50.176 proquota.exe
14.04.2008  05:42            50.176 reg.exe
14.04.2008  05:42            11.776 regsvr32.exe
14.04.2008  05:42            56.832 rasphone.exe
14.04.2008  05:42            32.768 odbcad32.exe
14.04.2008  05:42           109.568 progman.exe
14.04.2008  05:42            69.632 odbcconf.exe
14.04.2008  05:42           420.864 ntvdm.exe
14.04.2008  05:42            49.152 powercfg.exe
14.04.2008  05:42            67.584 openfiles.exe
14.04.2008  05:42            15.872 perfmon.exe
14.04.2008  05:42            58.368 packager.exe
14.04.2008  05:42            17.920 ping.exe
14.04.2008  05:42         1.200.640 ntbackup.exe
14.04.2008  05:42            12.288 mstinit.exe
14.04.2008  05:42           111.104 netdde.exe
14.04.2008  05:42            78.848 msiexec.exe
14.04.2008  05:42            69.120 notepad.exe
14.04.2008  05:42            42.496 net.exe
14.04.2008  05:42            76.800 nslookup.exe
14.04.2008  05:42            36.864 netstat.exe
14.04.2008  05:42           176.640 napstat.exe
14.04.2008  05:42            86.016 netsh.exe
14.04.2008  05:42           124.928 net1.exe
14.04.2008  05:42             4.096 nddeapir.exe
14.04.2008  05:42           343.040 mspaint.exe
14.04.2008  05:42             4.608 mqsvc.exe
14.04.2008  05:42            19.968 mqbkup.exe
14.04.2008  05:42           143.360 mobsync.exe
14.04.2008  05:42           123.392 mplay32.exe
14.04.2008  05:42           117.248 mqtgsvc.exe
14.04.2008  05:42             6.144 msdtc.exe
14.04.2008  05:42            59.392 logman.exe
14.04.2008  05:42            75.264 locator.exe
14.04.2008  05:42            13.312 lsass.exe
14.04.2008  05:42            57.344 makecab.exe
14.04.2008  05:42         1.414.656 mmc.exe
14.04.2008  05:42            32.768 mnmsrvc.exe
14.04.2008  05:42           514.560 logonui.exe
14.04.2008  05:42            33.792 mmcperf.exe
14.04.2008  05:42           114.688 iexpress.exe
14.04.2008  05:42            53.248 ipv6.exe
14.04.2008  05:42           677.888 mstsc.exe
14.04.2008  05:42           151.552 irftp.exe
14.04.2008  05:42            55.808 ipconfig.exe
14.04.2008  05:42            23.552 ipxroute.exe
14.04.2008  05:42            27.136 findstr.exe
14.04.2008  05:42            39.424 grpconv.exe
14.04.2008  05:42           120.832 gpresult.exe
14.04.2008  05:42            42.496 ftp.exe
14.04.2008  05:42            23.040 fltMc.exe
14.04.2008  05:42            59.904 getmac.exe
14.04.2008  05:42            20.992 fontview.exe
14.04.2008  05:42            15.872 help.exe
14.04.2008  05:42           193.024 fsquirt.exe
14.04.2008  05:42             7.680 forcedos.exe
14.04.2008  05:42            20.992 faxpatch.exe
14.04.2008  05:42            62.976 driverquery.exe
14.04.2008  05:42           193.024 eudcedit.exe
14.04.2008  05:42            24.064 extrac32.exe
14.04.2008  05:42            50.688 eventcreate.exe
14.04.2008  05:42         1.298.432 dxdiag.exe
14.04.2008  05:42            83.456 dpvsetup.exe
14.04.2008  05:42            17.920 dvdupgrd.exe
14.04.2008  05:42            82.944 eventtriggers.exe
14.04.2008  05:42             5.120 dllhost.exe
14.04.2008  05:42            30.208 ddeshare.exe
14.04.2008  05:42            15.872 dmremote.exe
14.04.2008  05:42           224.768 dmadmin.exe
14.04.2008  05:42            25.088 defrag.exe
14.04.2008  05:42           105.472 dfrgntfs.exe
14.04.2008  05:42           163.840 diskpart.exe
14.04.2008  05:42            15.360 ctfmon.exe
14.04.2008  05:42            87.040 diantz.exe
14.04.2008  05:42             6.144 dcomcnfg.exe
14.04.2008  05:42            82.944 dfrgfat.exe
14.04.2008  05:42            29.696 dplaysvr.exe
14.04.2008  05:42            17.920 dpnsvr.exe
14.04.2008  05:42           102.912 clipbrd.exe
14.04.2008  05:42           139.264 cscript.exe
14.04.2008  05:42             6.144 csrss.exe
14.04.2008  05:42            20.480 cliconfg.exe
14.04.2008  05:42             5.632 cisvc.exe
14.04.2008  05:42            64.000 cleanmgr.exe
14.04.2008  05:42           389.120 cmd.exe
14.04.2008  05:42            63.488 cmstp.exe
14.04.2008  05:42            25.600 cmdl32.exe
14.04.2008  05:42            27.648 conime.exe
14.04.2008  05:42            33.280 clipsrv.exe
14.04.2008  05:42            56.832 cipher.exe
14.04.2008  05:42            39.936 cmmon32.exe
14.04.2008  05:42            30.208 asr_fmt.exe
14.04.2008  05:42            11.264 atmadm.exe
14.04.2008  05:42            44.544 alg.exe
14.04.2008  05:42           142.848 bootcfg.exe
14.04.2008  05:42            25.088 at.exe
14.04.2008  05:42           602.624 autoconv.exe
14.04.2008  05:42            11.264 autolfn.exe
14.04.2008  05:42           580.608 autofmt.exe
14.04.2008  05:42            98.304 ahui.exe
14.04.2008  05:42            19.968 cacls.exe
14.04.2008  05:42           588.800 autochk.exe
14.04.2008  05:42            71.680 blastcln.exe
14.04.2008  05:42            32.768 asr_pfu.exe
14.04.2008  05:42             4.096 actmovie.exe
14.04.2008  05:42            12.288 attrib.exe
14.04.2008  05:42            14.336 auditusr.exe
14.04.2008  05:42           108.032 wshbth.dll
14.04.2008  05:42            11.264 WshRm.dll
14.04.2008  05:42           604.160 wsecedit.dll
14.04.2008  05:42           129.024 xmlprov.dll
14.04.2008  05:42            19.456 wshtcpip.dll
14.04.2008  05:42            22.528 wsock32.dll
14.04.2008  05:42            50.176 xmlprovi.dll
14.04.2008  05:42            82.432 ws2_32.dll
14.04.2008  05:42            14.336 wship6.dll
14.04.2008  05:42            41.984 wsnmp32.dll
14.04.2008  05:42             6.656 wuauserv.dll
14.04.2008  05:42           121.856 xmllite.dll
14.04.2008  05:42           183.296 wuaueng1.dll
14.04.2008  05:42            80.896 wscsvc.dll
14.04.2008  05:42           303.616 wmstream.dll
14.04.2008  05:42            50.688 wstdecod.dll
14.04.2008  05:42            91.648 xactsrv.dll
14.04.2008  05:42           264.192 wow32.dll
14.04.2008  05:42            18.432 wtsapi32.dll
14.04.2008  05:42            11.776 xolehlp.dll
14.04.2008  05:42            19.968 ws2help.dll
14.04.2008  05:42           383.488 wzcdlg.dll
14.04.2008  05:42            52.736 wzcsapi.dll
14.04.2008  05:42            36.864 wshcon.dll
14.04.2008  05:42           338.432 zipfldr.dll
14.04.2008  05:42           483.840 wzcsvc.dll
14.04.2008  05:42            90.112 wshext.dll
14.04.2008  05:42             8.192 wshirda.dll
14.04.2008  05:42           276.992 WMPhoto.dll
14.04.2008  05:42            51.712 vdmredir.dll
14.04.2008  05:42           215.552 wavemsp.dll
14.04.2008  05:42            16.896 usbmon.dll
14.04.2008  05:42           346.112 windowscodecsext.dll
14.04.2008  05:42           712.704 windowscodecs.dll
14.04.2008  05:42           132.096 wkssvc.dll
14.04.2008  05:42            53.760 vfwwdm32.dll
14.04.2008  05:42            17.408 winshfhc.dll
14.04.2008  05:42            69.120 wlanapi.dll
14.04.2008  05:42            20.480 wmpcore.dll
14.04.2008  05:42            20.480 wmpui.dll
14.04.2008  05:42            26.624 verifier.dll
14.04.2008  05:42           115.200 wmsdmoe.dll
14.04.2008  05:42           176.640 wintrust.dll
14.04.2008  05:42           406.016 usp10.dll
14.04.2008  05:42           176.128 winmm.dll
14.04.2008  05:42           727.040 userenv.dll
14.04.2008  05:42           578.560 user32.dll
14.04.2008  05:42           114.688 wmpasf.dll
14.04.2008  05:42            15.872 w3ssl.dll
14.04.2008  05:42            20.480 wmpcd.dll
14.04.2008  05:42           589.312 wiashext.dll
14.04.2008  05:42         4.874.240 wmp.dll
14.04.2008  05:42            74.240 usbui.dll
14.04.2008  05:42           124.416 wiadss.dll
14.04.2008  05:42           354.304 winhttp.dll
14.04.2008  05:42           233.472 wmpdxm.dll
14.04.2008  05:42           102.400 win32spl.dll
14.04.2008  05:42           133.632 upnp.dll
14.04.2008  05:42           102.400 wmpshell.dll
14.04.2008  05:42           221.184 wmpns.dll
14.04.2008  05:42            49.152 wdigest.dll
14.04.2008  05:42           463.360 wiadefui.dll
14.04.2008  05:42            75.776 wiascr.dll
14.04.2008  05:42            92.672 wlnotify.dll
14.04.2008  05:42           333.824 wiaservc.dll
14.04.2008  05:42           135.680 webvw.dll
14.04.2008  05:42            68.096 webclnt.dll
14.04.2008  05:42           172.032 wldap32.dll
14.04.2008  05:42           175.104 w32time.dll
14.04.2008  05:42           111.104 wiavideo.dll
14.04.2008  05:42           430.592 vssapi.dll
14.04.2008  05:42            26.112 vdmdbg.dll
14.04.2008  05:42           434.176 vbscript.dll
14.04.2008  05:42            53.760 winsta.dll
14.04.2008  05:42           293.376 winsrv.dll
14.04.2008  05:42            30.749 vbajet32.dll
14.04.2008  05:42            99.328 winscard.dll
14.04.2008  05:42           218.624 uxtheme.dll
14.04.2008  05:42            18.944 version.dll
14.04.2008  05:42            32.256 winipsec.dll
14.04.2008  05:42           239.616 upnpui.dll
14.04.2008  05:42           185.856 upnphost.dll
14.04.2008  05:42            16.896 winrnr.dll
14.04.2008  05:42            45.568 tcpmonui.dll
14.04.2008  05:42           275.456 ulib.dll
14.04.2008  05:42            50.688 tspkg.dll
14.04.2008  05:42            93.696 tscfgwmi.dll
14.04.2008  05:42           316.416 untfs.dll
14.04.2008  05:42            10.752 smtpapi.dll
14.04.2008  05:42            74.752 storprop.dll
14.04.2008  05:42            59.392 stclient.dll
14.04.2008  05:42           385.536 themeui.dll
14.04.2008  05:42           239.104 srrstr.dll
14.04.2008  05:42            90.112 trkwks.dll
14.04.2008  05:42           990.208 syssetup.dll
14.04.2008  05:42           180.800 sqlunirl.dll
14.04.2008  05:42           858.624 tapi3.dll
14.04.2008  05:42            14.848 tcpmib.dll
14.04.2008  05:42           249.856 tapisrv.dll
14.04.2008  05:42           358.400 termmgr.dll
14.04.2008  05:42           295.424 termsrv.dll
14.04.2008  05:42            73.832 slcoinst.dll
14.04.2008  05:42           117.760 t2embed.dll
14.04.2008  05:42           713.216 sxs.dll
14.04.2008  05:42            96.768 srvsvc.dll
14.04.2008  05:42            57.856 twext.dll
14.04.2008  05:42           136.704 sti_ci.dll
14.04.2008  05:42            68.096 sti.dll
14.04.2008  05:42           442.368 sqlsrv32.dll
14.04.2008  05:42           101.376 txflog.dll
14.04.2008  05:42           286.792 slextspk.dll
14.04.2008  05:42            18.944 snmpapi.dll
14.04.2008  05:42            75.264 spoolss.dll
14.04.2008  05:42           188.508 slgen.dll
14.04.2008  05:42            75.776 strmfilt.dll
14.04.2008  05:42           362.496 smlogcfg.dll
14.04.2008  05:42            98.304 slbiop.dll
14.04.2008  05:42            53.248 tsgqec.dll
14.04.2008  05:42            25.088 slayerxp.dll
14.04.2008  05:42           181.760 tapi32.dll
14.04.2008  05:42           246.814 strmdll.dll
14.04.2008  05:42            45.568 tcpmon.dll
14.04.2008  05:42            26.624 udhisapi.dll
14.04.2008  05:42           121.856 stobject.dll
14.04.2008  05:42           123.392 umpnpmgr.dll
14.04.2008  05:42            13.824 uniplat.dll
14.04.2008  05:42            67.584 srclient.dll
14.04.2008  05:42            74.240 unimdmat.dll
14.04.2008  05:42            71.680 ssdpsrv.dll
14.04.2008  05:42            34.816 ssdpapi.dll
14.04.2008  05:42           182.272 snmpsnap.dll
14.04.2008  05:42           171.008 srsvc.dll
14.04.2008  05:42           135.168 shsvcs.dll
14.04.2008  05:42           584.704 rpcrt4.dll
14.04.2008  05:42           474.112 shlwapi.dll
14.04.2008  05:42           438.272 shimgvw.dll
14.04.2008  05:42            31.744 rtipxmib.dll
14.04.2008  05:42            44.032 rtutils.dll
14.04.2008  05:42            65.024 shimeng.dll
14.04.2008  05:42            25.088 shfolder.dll
14.04.2008  05:42           140.288 sfc_os.dll
14.04.2008  05:42            43.520 safrcdlg.dll
14.04.2008  05:42            68.096 shgina.dll
14.04.2008  05:42           171.008 sccsccp.dll
14.04.2008  05:42            56.320 servdeps.dll
14.04.2008  05:42           144.384 schannel.dll
14.04.2008  05:42           181.248 scecli.dll
14.04.2008  05:42           314.880 scesrv.dll
14.04.2008  05:42            13.312 sigtab.dll
14.04.2008  05:42         8.461.312 shell32.dll
14.04.2008  05:42            29.184 sendcmsg.dll
14.04.2008  05:42             5.632 security.dll
14.04.2008  05:42           159.232 sbeio.dll
14.04.2008  05:42             9.728 rwnh.dll
14.04.2008  05:42           172.032 scrrun.dll
14.04.2008  05:42           152.064 shmedia.dll
14.04.2008  05:42           180.224 scrobj.dll
14.04.2008  05:42         1.499.136 shdocvw.dll
14.04.2008  05:42            18.944 seclogon.dll
14.04.2008  05:42            56.320 secur32.dll
14.04.2008  05:42            20.480 sclgntfy.dll
14.04.2008  05:42            27.648 shscrap.dll
14.04.2008  05:42           433.664 riched20.dll
14.04.2008  05:42           192.512 schedsvc.dll
14.04.2008  05:42           985.088 setupapi.dll
14.04.2008  05:42            69.632 scarddlg.dll
14.04.2008  05:42            18.944 rsmps.dll
14.04.2008  05:42           415.744 samsrv.dll
14.04.2008  05:42            45.568 safrslv.dll
14.04.2008  05:42            19.968 rdpsnd.dll
14.04.2008  05:42           270.848 sbe.dll
14.04.2008  05:42           397.056 s3gnb.dll
14.04.2008  05:42            64.000 samlib.dll
14.04.2008  05:42            39.936 rshx32.dll
14.04.2008  05:42            60.416 remotepg.dll
14.04.2008  05:42            29.184 sdhcinst.dll
14.04.2008  05:42            92.672 rsvpsp.dll
14.04.2008  05:42           290.304 rhttpaa.dll
14.04.2008  05:42            54.784 sendmail.dll
14.04.2008  05:42            39.424 sens.dll
14.04.2008  05:42            58.880 resutils.dll
14.04.2008  05:42             7.168 sensapi.dll
14.04.2008  05:42            49.664 regapi.dll
14.04.2008  05:42           397.824 regwizc.dll
14.04.2008  05:42            29.696 safrdm.dll
14.04.2008  05:42         1.614.848 sfcfiles.dll
14.04.2008  05:42             5.120 sfc.dll
14.04.2008  05:42           399.360 rpcss.dll
14.04.2008  05:42            58.368 rastapi.dll
14.04.2008  05:42           147.968 rdchost.dll
14.04.2008  05:42            18.944 qmgrprxy.dll
14.04.2008  05:42           286.208 objsel.dll
14.04.2008  05:42           143.360 ntshrui.dll
14.04.2008  05:42           412.160 photometadatahandler.dll
14.04.2008  05:42            16.384 rassapi.dll
14.04.2008  05:42            79.872 raschap.dll
14.04.2008  05:42           102.400 rcbdyctl.dll
14.04.2008  05:42           150.016 rastls.dll
14.04.2008  05:42            61.440 rasman.dll
14.04.2008  05:42           210.944 rasppp.dll
14.04.2008  05:42             7.680 rasadhlp.dll
14.04.2008  05:42            43.520 racpldlg.dll
14.04.2008  05:42         1.288.192 quartz.dll
14.04.2008  05:42            43.520 pstorec.dll
14.04.2008  05:42            96.768 psbase.dll
14.04.2008  05:42            23.040 psapi.dll
14.04.2008  05:42            15.360 pjlmon.dll
14.04.2008  05:42            17.920 perfnet.dll
14.04.2008  05:42           284.160 pdh.dll
14.04.2008  05:42            67.584 pautoenr.dll
14.04.2008  05:42           107.008 oleprn.dll
14.04.2008  05:42            74.752 olecli32.dll
14.04.2008  05:42         1.287.168 ole32.dll
14.04.2008  05:42           150.528 qagent.dll
14.04.2008  05:42           192.000 offfilt.dll
14.04.2008  05:42           278.559 odbcjt32.dll
14.04.2008  05:42           186.368 rasmans.dll
14.04.2008  05:42            65.536 odbccu32.dll
14.04.2008  05:42            65.536 odbccr32.dll
14.04.2008  05:42           291.328 qagentrt.dll
14.04.2008  05:42           106.496 odbccp32.dll
14.04.2008  05:42           658.432 rasdlg.dll
14.04.2008  05:42           135.168 odbcconf.dll
14.04.2008  05:42            88.576 rasauto.dll
14.04.2008  05:42            24.576 odbcbcp.dll
14.04.2008  05:42           249.856 odbc32.dll
14.04.2008  05:42            67.584 ocmanage.dll
14.04.2008  05:42           435.200 ntmssvc.dll
14.04.2008  05:42            44.032 ntlanman.dll
14.04.2008  05:42            67.072 ntdsapi.dll
14.04.2008  05:42           237.056 rasapi32.dll
14.04.2008  05:42            54.784 npptools.dll
14.04.2008  05:42           245.760 netui1.dll
14.04.2008  05:42            80.896 netui0.dll
14.04.2008  05:42            62.464 qcliprov.dll
14.04.2008  05:42            76.800 qutil.dll
14.04.2008  05:42            61.952 rasqec.dll
14.04.2008  05:42            64.000 nwapi32.dll
14.04.2008  05:42            98.304 nlhtml.dll
14.04.2008  05:42            17.408 powrprof.dll
14.04.2008  05:42            20.510 odpdx32.dll
14.04.2008  05:42            20.510 odfox32.dll
14.04.2008  05:42            20.510 odexl32.dll
14.04.2008  05:42            20.511 oddbse32.dll
14.04.2008  05:42           147.456 odbctrac.dll
14.04.2008  05:42           560.640 printui.dll
14.04.2008  05:42         1.703.936 netshell.dll
14.04.2008  05:42           247.808 newdev.dll
14.04.2008  05:42            28.672 nmmkcert.dll
14.04.2008  05:42           142.336 nwprovau.dll
14.04.2008  05:42           562.176 qedit.dll
14.04.2008  05:42           551.936 oleaut32.dll
14.04.2008  05:42           118.784 ntmarta.dll
14.04.2008  05:42            40.960 ntmsapi.dll
14.04.2008  05:42           179.200 ntmsdba.dll
14.04.2008  05:42           386.048 qdvd.dll
14.04.2008  05:42           488.448 ntmsmgr.dll
14.04.2008  05:42             8.192 ntlsapi.dll
14.04.2008  05:42           279.040 qdv.dll
14.04.2008  05:42            91.136 ntprint.dll
14.04.2008  05:42            15.360 ntvdmd.dll
14.04.2008  05:42           192.512 qcap.dll
14.04.2008  05:42            34.304 pstorsvc.dll
14.04.2008  05:42           409.088 qmgr.dll
14.04.2008  05:42           270.336 oakley.dll
14.04.2008  05:42            16.384 odbc32gt.dll
14.04.2008  05:42            20.511 odtext32.dll
14.04.2008  05:42           122.880 oledlg.dll
14.04.2008  05:42            84.992 olepro32.dll
14.04.2008  05:42           713.728 opengl32.dll
14.04.2008  05:42            65.536 nwwks.dll
14.04.2008  05:42           144.384 onex.dll
14.04.2008  05:42           153.600 p2p.dll
14.04.2008  05:42         1.435.648 query.dll
14.04.2008  05:42            27.648 profmap.dll
14.04.2008  05:42           105.472 p2pgasvc.dll
14.04.2008  05:42            39.936 perfctrs.dll
14.04.2008  05:42            58.880 pnrpnsp.dll
14.04.2008  05:42           105.472 polstore.dll
14.04.2008  05:42           554.496 p2psvc.dll
14.04.2008  05:42           313.856 p2pgraph.dll
14.04.2008  05:42            35.328 pid.dll
14.04.2008  05:42           176.128 photowiz.dll
14.04.2008  05:42            34.816 perfproc.dll
14.04.2008  05:42            25.088 perfos.dll
14.04.2008  05:42            26.624 perfdisk.dll
14.04.2008  05:42           115.712 p2pnetsh.dll
14.04.2008  05:42            37.376 olecnv32.dll
14.04.2008  05:42            67.584 osuninst.dll
14.04.2008  05:42            90.624 mydocs.dll
14.04.2008  05:42            72.704 msw3prt.dll
14.04.2008  05:42           143.360 msorcl32.dll
14.04.2008  05:42            66.560 mtxclu.dll
14.04.2008  05:42           245.248 mswsock.dll
14.04.2008  05:42            30.720 mtxdm.dll
14.04.2008  05:42           506.368 msxml.dll
14.04.2008  05:42         1.104.896 msxml3.dll
14.04.2008  05:42           121.344 msvfw32.dll
14.04.2008  05:42            17.920 nddeapi.dll
14.04.2008  05:42             4.096 mtxex.dll
14.04.2008  05:42           343.040 msvcrt.dll
14.04.2008  05:42            18.944 nddenb32.dll
14.04.2008  05:42            25.088 mslbui.dll
14.04.2008  05:42            29.696 mspatcha.dll
14.04.2008  05:42           134.656 mssap.dll
14.04.2008  05:42           622.592 netcfgx.dll
14.04.2008  05:42           155.136 mssha.dll
14.04.2008  05:42         1.737.856 mtxparhd.dll
14.04.2008  05:42            11.264 msrle32.dll
14.04.2008  05:42            30.208 napipsec.dll
14.04.2008  05:42           193.024 napmontr.dll
14.04.2008  05:42           875.008 netplwiz.dll
14.04.2008  05:42           407.040 netlogon.dll
14.04.2008  05:42           198.144 netman.dll
14.04.2008  05:42           139.264 netid.dll
14.04.2008  05:42           290.816 msnsspc.dll
14.04.2008  05:42           151.583 msjint40.dll
14.04.2008  05:42           105.984 msoert2.dll
14.04.2008  05:42           116.224 mstlsapi.dll
14.04.2008  05:42           195.072 msutb.dll
14.04.2008  05:42         1.384.479 msvbvm60.dll
14.04.2008  05:42            57.344 msvcirt.dll
14.04.2008  05:42            11.776 netrap.dll
14.04.2008  05:42           252.928 msoeacct.dll
14.04.2008  05:42           274.944 mstask.dll
14.04.2008  05:42            16.896 msyuv.dll
14.04.2008  05:42           337.408 netapi32.dll
14.04.2008  05:42            36.352 ncobjapi.dll
14.04.2008  05:42           701.440 msxml2.dll
14.04.2008  05:42         1.306.624 msxml6.dll
14.04.2008  05:42           203.776 mswebdvd.dll
14.04.2008  05:42            34.304 mtxlegih.dll
14.04.2008  05:42            91.648 mtxoci.dll
14.04.2008  05:42           132.608 msv1_0.dll
14.04.2008  05:42           413.696 msvcp60.dll
14.04.2008  05:42         1.428.992 msvidctl.dll
14.04.2008  05:42            86.016 msapsspc.dll
14.04.2008  05:42           151.552 msdart.dll
14.04.2008  05:42             6.656 msidle.dll
14.04.2008  05:42           297.984 msctf.dll
14.04.2008  05:42            15.360 msisip.dll
14.04.2008  05:42            36.864 mscpxl32.dLL
14.04.2008  05:42           997.376 msgina.dll
14.04.2008  05:42            49.152 mqupgrd.dll
14.04.2008  05:42            73.728 mscms.dll
14.04.2008  05:42           517.632 mqsnap.dll
14.04.2008  05:42           159.232 msimtf.dll
14.04.2008  05:42             4.608 msimg32.dll
14.04.2008  05:42           539.136 msftedit.dll
14.04.2008  05:42           271.360 msihnd.dll
14.04.2008  05:42           248.832 msieftp.dll
14.04.2008  05:42           118.784 msdadiag.dll
14.04.2008  05:42            51.712 msident.dll
14.04.2008  05:42           161.792 msdtcuiu.dll
14.04.2008  05:42         2.843.136 msi.dll
14.04.2008  05:42            57.344 msasn1.dll
14.04.2008  05:42            14.336 msdmo.dll
14.04.2008  05:42           187.392 mqtrig.dll
14.04.2008  05:42           956.928 msdtctm.dll
14.04.2008  05:42           427.008 msdtcprx.dll
14.04.2008  05:42            71.680 msacm32.dll
14.04.2008  05:42            58.880 msdtclog.dll
14.04.2008  05:42            68.608 msctfp.dll
14.04.2008  05:42            69.632 msconf.dll
14.04.2008  05:42           471.552 mqutil.dll
14.04.2008  05:41           927.504 mfc40u.dll
14.04.2008  05:41           384.512 mp4sdmod.dll
14.04.2008  05:41           177.152 mqrt.dll
14.04.2008  05:41            89.088 mqlogmgr.dll
14.04.2008  05:41            53.248 mprdim.dll
14.04.2008  05:41            59.904 mpr.dll
14.04.2008  05:41            61.440 mmcshext.dll
14.04.2008  05:41            14.848 mgmtapi.dll
14.04.2008  05:41            37.376 l2gpstore.dll
14.04.2008  05:41            61.440 kmsvc.dll
14.04.2008  05:41         2.061.824 mstscax.dll
14.04.2008  05:41            95.744 mqsec.dll
14.04.2008  05:41           225.280 mqoa.dll
14.04.2008  05:41           240.640 mpg4dmod.dll
14.04.2008  05:41           184.320 microsoft.managementconsole.dll
14.04.2008  05:41            87.040 mprapi.dll
14.04.2008  05:41            47.616 mqdscli.dll
14.04.2008  05:41            86.016 mdmxsdk.dll
14.04.2008  05:41           106.496 mmcfxcommon.dll
14.04.2008  05:41           397.312 mmcex.dll
14.04.2008  05:41             4.096 ksuser.dll
14.04.2008  05:41           299.520 kerberos.dll
14.04.2008  05:41           150.528 keymgr.dll
14.04.2008  05:41           310.272 mp43dmod.dll
14.04.2008  05:41           989.696 kernel32.dll
14.04.2008  05:41            19.968 linkinfo.dll
14.04.2008  05:41            13.824 lmhsvc.dll
14.04.2008  05:41            97.280 loadperf.dll
14.04.2008  05:41           221.696 localsec.dll
14.04.2008  05:41           343.040 localspl.dll
14.04.2008  05:41           512.000 jscript.dll
14.04.2008  05:41            11.776 localui.dll
14.04.2008  05:41            34.560 mnmdd.dll
14.04.2008  05:41            16.896 mqise.dll
14.04.2008  05:41           123.904 mqrtdep.dll
14.04.2008  05:41            58.880 licwmi.dll
14.04.2008  05:41           138.240 mqad.dll
14.04.2008  05:41           153.600 modemui.dll
14.04.2008  05:41           399.872 lmrt.dll
14.04.2008  05:41            60.928 miglibnt.dll
14.04.2008  05:41           207.360 mobsync.dll
14.04.2008  05:41            10.240 lprhelp.dll
14.04.2008  05:41            23.552 mciwave.dll
14.04.2008  05:41            17.408 mmfutil.dll
14.04.2008  05:41         1.872.896 mmcndmgr.dll
14.04.2008  05:41           163.328 mmcbase.dll
14.04.2008  05:41           118.272 mdminst.dll
14.04.2008  05:41           586.240 mlang.dll
14.04.2008  05:41            18.944 midimap.dll
14.04.2008  05:41           728.064 lsasrv.dll
14.04.2008  05:41            29.696 mimefilt.dll
14.04.2008  05:41            22.016 lpk.dll
14.04.2008  05:41            23.040 mciseq.dll
14.04.2008  05:41            40.960 mf3216.dll
14.04.2008  05:41            35.328 mciqtz32.dll
14.04.2008  05:41            84.480 mciavi32.dll
14.04.2008  05:41           663.040 mqqm.dll
14.04.2008  05:41            22.528 mfcsubs.dll
14.04.2008  05:41            14.336 mcastmib.dll
14.04.2008  05:41         1.028.096 mfc42.dll
14.04.2008  05:41           423.936 licdll.dll
14.04.2008  05:41           183.808 ipsecsvc.dll
14.04.2008  05:41           123.392 input.dll
14.04.2008  05:41           755.200 ir50_32.dll
14.04.2008  05:41           199.680 gptext.dll
14.04.2008  05:41           200.192 ir50_qc.dll
14.04.2008  05:41           163.840 jgdw400.dll
14.04.2008  05:41            41.984 htui.dll
14.04.2008  05:41           191.488 iuengine.dll
14.04.2008  05:41            81.920 isign32.dll
14.04.2008  05:41             8.192 igmpagnt.dll
14.04.2008  05:41           691.712 inetcomm.dll
14.04.2008  05:41           144.384 imagehlp.dll
14.04.2008  05:41            47.616 iyuv_32.dll
14.04.2008  05:41           155.136 itircl.dll
14.04.2008  05:41            27.648 jgpl400.dll
14.04.2008  05:41           138.240 itss.dll
14.04.2008  05:41           349.696 ipsecsnp.dll
14.04.2008  05:41            54.272 ixsso.dll
14.04.2008  05:41            32.768 isrdbg32.dll
14.04.2008  05:41            59.904 ipv6mon.dll
14.04.2008  05:41            15.872 inetppui.dll
14.04.2008  05:41           330.752 ippromon.dll
14.04.2008  05:41           384.000 ipsmsnap.dll
14.04.2008  05:41            94.720 iphlpapi.dll
14.04.2008  05:41            32.768 inetmib1.dll
14.04.2008  05:41           274.432 inetcfg.dll
14.04.2008  05:41           177.152 iprtrmgr.dll
14.04.2008  05:41           331.264 ipnathlp.dll
14.04.2008  05:41           120.832 idq.dll
14.04.2008  05:41            36.921 imeshare.dll
14.04.2008  05:41           120.320 ir41_qc.dll
14.04.2008  05:41            32.285 hsfcisp2.dll
14.04.2008  05:41           147.456 initpki.dll
14.04.2008  05:41            73.728 icwdial.dll
14.04.2008  05:41            28.160 irmon.dll
14.04.2008  05:41            75.264 inetpp.dll
14.04.2008  05:41           110.080 imm32.dll
14.04.2008  05:41           183.808 ir50_qcx.dll
14.04.2008  05:41            81.920 ils.dll
14.04.2008  05:41             7.168 hccoin.dll
14.04.2008  05:41            80.384 iccvid.dll
14.04.2008  05:41           135.680 ifmon.dll
14.04.2008  05:41           285.184 gdi32.dll
14.04.2008  05:41           338.432 ir41_qcx.dll
14.04.2008  05:41           119.808 iasrad.dll
14.04.2008  05:41           122.880 glu32.dll
14.04.2008  05:41            72.704 hlink.dll
14.04.2008  05:41            22.016 ipxwan.dll
14.04.2008  05:41            24.576 httpapi.dll
14.04.2008  05:41            21.504 hidserv.dll
14.04.2008  05:41            41.472 hhsetup.dll
14.04.2008  05:41           614.912 h323msp.dll
14.04.2008  05:41            81.920 ieencode.dll
14.04.2008  05:41           161.280 ipmontr.dll
14.04.2008  05:41            20.992 hid.dll
14.04.2008  05:41           344.064 hnetcfg.dll
14.04.2008  05:41            65.536 icwphbk.dll
14.04.2008  05:41           330.752 hnetwiz.dll
14.04.2008  05:41           254.976 icm32.dll
14.04.2008  05:41           144.896 hotplug.dll
14.04.2008  05:41           347.136 hypertrm.dll
14.04.2008  05:41            11.264 icaapi.dll
14.04.2008  05:41           181.760 dinput8.dll
14.04.2008  05:41           382.976 fontext.dll
14.04.2008  05:41            60.416 fwcfg.dll
14.04.2008  05:41            61.440 dmcompos.dll
14.04.2008  05:41           379.904 dhcpmon.dll
14.04.2008  05:41            68.608 digest.dll
14.04.2008  05:41         1.504.256 diskcopy.dll
14.04.2008  05:41            80.384 faultrep.dll
14.04.2008  05:41           125.952 exts.dll
14.04.2008  05:41           246.272 es.dll
14.04.2008  05:41           183.296 els.dll
14.04.2008  05:41            19.456 dswave.dll
14.04.2008  05:41            32.768 dispex.dll
14.04.2008  05:41            16.896 fltlib.dll
14.04.2008  05:41            80.896 fontsub.dll
14.04.2008  05:41            51.200 dssec.dll
14.04.2008  05:41            28.672 dmband.dll
14.04.2008  05:41           186.880 encdec.dll
14.04.2008  05:41           155.648 dskquoui.dll
14.04.2008  05:41            87.552 fldrclnr.dll
14.04.2008  05:41           285.184 dmdlgs.dll
14.04.2008  05:41           337.920 filemgmt.dll
14.04.2008  05:41            21.504 feclient.dll
14.04.2008  05:41            26.624 efsadu.dll
14.04.2008  05:41           124.928 fde.dll
14.04.2008  05:41           200.704 dmdskmgr.dll
14.04.2008  05:41           380.445 expsrv.dll
14.04.2008  05:41           181.248 dmime.dll
14.04.2008  05:41            56.320 eventlog.dll
14.04.2008  05:41            35.840 dmloader.dll
14.04.2008  05:41            23.552 dmserver.dll
14.04.2008  05:41         1.082.368 esent.dll
14.04.2008  05:41           105.984 dmstyle.dll
14.04.2008  05:41            20.480 encapi.dll
14.04.2008  05:41            57.344 dpwsockx.dll
14.04.2008  05:41            33.792 eapsvc.dll
14.04.2008  05:41           103.424 dmsynth.dll
14.04.2008  05:41           104.448 dmusic.dll
14.04.2008  05:41            48.640 dhcpqec.dll
14.04.2008  05:41            19.456 dimsntfy.dll
14.04.2008  05:41            39.936 dimsroam.dll
14.04.2008  05:41           498.742 dxmasf.dll
14.04.2008  05:41            73.728 fdeploy.dll
14.04.2008  05:41            26.112 dot3api.dll
14.04.2008  05:41            57.856 dot3cfg.dll
14.04.2008  05:41         1.227.264 dx8vb.dll
14.04.2008  05:41           619.008 dx7vb.dll
14.04.2008  05:41            39.936 dot3gpclnt.dll
14.04.2008  05:41             9.216 dot3dlg.dll
14.04.2008  05:41           304.128 duser.dll
14.04.2008  05:41           113.152 dsuiext.dll
14.04.2008  05:41            56.320 dot3msm.dll
14.04.2008  05:41           132.096 dot3svc.dll
14.04.2008  05:41         2.113.536 dxdiagn.dll
14.04.2008  05:41           239.104 dsquery.dll
14.04.2008  05:41           142.848 dsprop.dll
14.04.2008  05:41           650.752 dot3ui.dll
14.04.2008  05:41         1.293.824 dsound3d.dll
14.04.2008  05:41           367.616 dsound.dll
14.04.2008  05:41            71.680 dsdmoprp.dll
14.04.2008  05:41           181.248 dsdmo.dll
14.04.2008  05:41            16.384 ds32gt.dll
14.04.2008  05:41            14.336 drprov.dll
14.04.2008  05:41            30.720 eapolqec.dll
14.04.2008  05:41           116.736 dpvvox.dll
14.04.2008  05:41           212.480 dpvoice.dll
14.04.2008  05:41           184.832 eapp3hst.dll
14.04.2008  05:41            21.504 dpvacm.dll
14.04.2008  05:41           158.720 dinput.dll
14.04.2008  05:41           126.976 eappcfg.dll
14.04.2008  05:41           102.912 dpcdll.dll
14.04.2008  05:41            94.208 eappgnui.dll
14.04.2008  05:41            60.928 dpnhupnp.dll
14.04.2008  05:41           147.968 dnsapi.dll
14.04.2008  05:41            35.328 dpnhpast.dll
14.04.2008  05:41           375.296 dpnet.dll
14.04.2008  05:41            52.224 dmutil.dll
14.04.2008  05:41            23.552 dpmodemx.dll
14.04.2008  05:41           229.888 dplayx.dll
14.04.2008  05:41           180.224 eapphost.dll
14.04.2008  05:41            48.128 docprop2.dll
14.04.2008  05:41            40.960 eappprxy.dll
14.04.2008  05:41            59.392 eapqec.dll
14.04.2008  05:41            82.432 dmscript.dll
14.04.2008  05:41            45.568 dnsrslvr.dll
14.04.2008  05:41            92.672 dskquota.dll
14.04.2008  05:41           229.376 compstui.dll
14.04.2008  05:41            59.904 devenum.dll
14.04.2008  05:41           226.304 catsrv.dll
14.04.2008  05:41            58.880 atl.dll
14.04.2008  05:41           126.976 dhcpcsvc.dll
14.04.2008  05:41           824.320 d3dim700.dll
14.04.2008  05:41         1.689.088 d3d9.dll
14.04.2008  05:41             8.704 dciman32.dll
14.04.2008  05:41            50.688 btpanui.dll
14.04.2008  05:41            20.992 bthci.dll
14.04.2008  05:41             7.168 bitsprx3.dll
14.04.2008  05:41           165.376 datime.dll
14.04.2008  05:41           516.768 ativvaxx.dll
14.04.2008  05:41            32.768 ativtmxx.dll
14.04.2008  05:41           326.656 cscui.dll
14.04.2008  05:41           457.728 certmgr.dll
14.04.2008  05:41            62.464 authz.dll
14.04.2008  05:41           512.512 cryptui.dll
14.04.2008  05:41         1.888.992 ati3duag.dll
14.04.2008  05:41             8.704 batt.dll
14.04.2008  05:41            62.464 cryptsvc.dll
14.04.2008  05:41            30.208 atmlib.dll
14.04.2008  05:41            60.416 colbact.dll
14.04.2008  05:41             7.168 bitsprx4.dll
14.04.2008  05:41            64.512 cryptnet.dll
14.04.2008  05:41            50.688 camocx.dll
14.04.2008  05:41           151.040 cdfview.dll
14.04.2008  05:41         1.025.024 browseui.dll
14.04.2008  05:41            53.760 cryptext.dll
14.04.2008  05:41            74.752 cryptdlg.dll
14.04.2008  05:41            30.208 bthserv.dll
14.04.2008  05:41           233.472 azroles.dll
14.04.2008  05:41            60.416 cabinet.dll
14.04.2008  05:41            84.480 cabview.dll
14.04.2008  05:41           539.648 comuid.dll
14.04.2008  05:41            54.272 dataclen.dll
14.04.2008  05:41            28.672 dfsshlex.dll
14.04.2008  05:41           163.840 credui.dll
14.04.2008  05:41           111.104 dgnet.dll
14.04.2008  05:41            35.328 corpol.dll
14.04.2008  05:41            27.136 ddrawex.dll
14.04.2008  05:41           194.560 certcli.dll
14.04.2008  05:41            69.120 ciodm.dll
14.04.2008  05:41           124.416 dfrgui.dll
14.04.2008  05:41            39.424 dfrgsnap.dll
14.04.2008  05:41             8.192 bitsprx2.dll
14.04.2008  05:41           498.688 clbcatq.dll
14.04.2008  05:41           282.624 devmgr.dll
14.04.2008  05:41            29.184 batmeter.dll
14.04.2008  05:41            42.496 audiosrv.dll
14.04.2008  05:41            84.992 avifil32.dll
14.04.2008  05:41            52.736 basesrv.dll
14.04.2008  05:41            17.408 bidispl.dll
14.04.2008  05:41            77.824 browser.dll
14.04.2008  05:41            78.336 browsewm.dll
14.04.2008  05:41           150.016 capesnpn.dll
14.04.2008  05:41            32.256 csrsrv.dll
14.04.2008  05:41            85.504 catsrvps.dll
14.04.2008  05:41           279.552 ddraw.dll
14.04.2008  05:41            28.672 dbnmpntw.dll
14.04.2008  05:41           792.064 comres.dll
14.04.2008  05:41         1.267.200 comsvcs.dll
14.04.2008  05:41           110.592 dbnetlib.dll
14.04.2008  05:41            24.576 dbmsrpcn.dll
14.04.2008  05:41           640.000 dbghelp.dll
14.04.2008  05:41         2.091.520 cdosys.dll
14.04.2008  05:41            38.912 cfgbkend.dll
14.04.2008  05:41            25.088 davclnt.dll
14.04.2008  05:41           148.480 cic.dll
14.04.2008  05:41         1.054.208 danim.dll
14.04.2008  05:41           110.592 clbcatex.dll
14.04.2008  05:41           625.664 catsrvut.dll
14.04.2008  05:41             8.192 d3d8thk.dll
14.04.2008  05:41            39.424 cmutil.dll
14.04.2008  05:41            12.800 credssp.dll
14.04.2008  05:41         1.179.648 d3d8.dll
14.04.2008  05:41            47.104 cnbjmon.dll
14.04.2008  05:41           276.992 comdlg32.dll
14.04.2008  05:41           101.888 cscdll.dll
14.04.2008  05:41            97.792 comrepl.dll
14.04.2008  05:41           167.424 comsnap.dll
14.04.2008  05:41            33.280 cryptdll.dll
14.04.2008  05:41           599.040 crypt32.dll
14.04.2008  05:41           357.888 confmsp.dll
14.04.2008  05:41            28.160 comaddin.dll
14.04.2008  05:41           252.928 compatUI.dll
14.04.2008  05:41           617.472 comctl32.dll
14.04.2008  05:41            77.824 cliconfg.dll
14.04.2008  05:41           185.344 cmprops.dll
14.04.2008  05:41            13.312 cmsetACL.dll
14.04.2008  05:41           344.064 cmdial32.dll
14.04.2008  05:41            15.872 cmcfg32.dll
14.04.2008  05:41            58.368 clusapi.dll
14.04.2008  05:41           377.984 ati2dvaa.dll
14.04.2008  05:41            70.656 amstream.dll
14.04.2008  05:41           263.680 adsnt.dll
14.04.2008  05:41            98.304 actxprxy.dll
14.04.2008  05:41           175.616 adsldp.dll
14.04.2008  05:41           115.712 aclui.dll
14.04.2008  05:41           295.936 appmgr.dll
14.04.2008  05:41           123.392 adsnw.dll
14.04.2008  05:41           125.952 apphelp.dll
14.04.2008  05:41           167.936 appmgmts.dll
14.04.2008  05:41           136.192 aaclient.dll
14.04.2008  05:41            17.408 alrsvc.dll
14.04.2008  05:41           229.376 ati2cqag.dll
14.04.2008  05:41            68.096 adsmsext.dll
14.04.2008  05:41            65.024 asycfilt.dll
14.04.2008  05:41           201.728 ati2dvag.dll
14.04.2008  05:41           100.352 6to4svc.dll
14.04.2008  05:41           870.784 ati3d1ag.dll
14.04.2008  05:41           193.536 activeds.dll
14.04.2008  05:41           617.472 advapi32.dll
14.04.2008  05:41           143.360 adsldpc.dll
14.04.2008  05:41           135.168 wshom.ocx
14.04.2008  05:41           706.048 ntdll.dll
14.04.2008  05:41            20.480 wmp.ocx
14.04.2008  05:41             5.632 wmi.dll
14.04.2008  05:41           756.224 winntbbu.dll
14.04.2008  05:41            24.064 pidgen.dll
14.04.2008  05:40           218.624 sysmon.ocx
14.04.2008  05:40            86.016 sl_anet.acm
14.04.2008  05:40            81.920 proctexe.ocx
14.04.2008  05:40            53.279 odbcji32.dll
14.04.2008  05:40           110.592 msscript.ocx
14.04.2008  05:40           844.314 msdxm.ocx
14.04.2008  05:40             4.126 msdxmlc.dll
14.04.2008  05:40             3.584 msafd.dll
14.04.2008  05:40           294.912 msaud32.acm
14.04.2008  05:40            14.848 msadp32.acm
14.04.2008  05:40           177.152 msctfime.ime
14.04.2008  05:39           290.816 l3codeca.acm
14.04.2008  05:39             6.144 kbdinbe1.dll
14.04.2008  05:39             5.632 kbdmaori.dll
14.04.2008  05:39             7.680 kbdsmsno.dll
14.04.2008  05:39             7.168 kbdukx.dll
14.04.2008  05:39             6.144 kbdbhc.dll
14.04.2008  05:39             6.656 kbdinmal.dll
14.04.2008  05:39             6.144 kbdmlt48.dll
14.04.2008  05:39             6.144 kbdnepr.dll
14.04.2008  05:39             7.168 kbdno1.dll
14.04.2008  05:39             7.680 kbdsmsfi.dll
14.04.2008  05:39             6.144 kbdiultn.dll
14.04.2008  05:39             6.144 kbdmlt47.dll
14.04.2008  05:39             6.144 kbdinben.dll
14.04.2008  05:39             6.144 kbdpash.dll
14.04.2008  05:39             7.168 kbdfi1.dll
14.04.2008  05:39            16.384 imaadp32.acm
14.04.2008  05:39             3.584 icmp.dll
14.04.2008  05:39           545.280 hhctrl.ocx
14.04.2008  05:39           566.784 gpedit.dll
14.04.2008  05:39             9.344 framebuf.dll
14.04.2008  05:39             3.072 dpnlobby.dll
14.04.2008  05:39             3.072 dpnaddr.dll
14.04.2008  05:39           153.088 daxctle.ocx
14.04.2008  05:39            16.896 cfgmgr32.dll
14.04.2008  05:39           285.696 atmfd.dll
14.04.2008  05:39           114.688 asctrls.ocx
14.04.2008  01:00         1.845.632 win32k.sys
14.04.2008  00:54         2.145.280 ntoskrnl.exe
14.04.2008  00:15            17.664 watchdog.sys
14.04.2008  00:13             9.728 comsdupd.exe
14.04.2008  00:13            12.800 spiisupd.exe
14.04.2008  00:07           369.664 html.iec
14.04.2008  00:01             7.424 kd1394.dll
14.04.2008  00:01           134.400 HAL.DLL
14.04.2008  00:01         2.023.936 ntkrnlpa.exe
14.04.2008  00:00            61.440 msvcrt40.dll
13.04.2008  23:45            76.800 msshavmsg.dll
13.04.2008  23:09           438.784 xpob2res.dll
13.04.2008  23:09           689.152 xpsp3res.dll
13.04.2008  23:09         2.897.920 xpsp2res.dll
13.04.2008  23:09           187.392 xpsp1res.dll
13.04.2008  23:07           138.752 dssenh.dll
13.04.2008  23:07           208.384 rsaenh.dll
13.04.2008  22:58         2.940.928 wmploc.dll
13.04.2008  22:57            79.872 msxml6r.dll
13.04.2008  22:56            24.576 cliconfg.rll
13.04.2008  22:56            90.112 sqlsrv32.rll
13.04.2008  22:56             4.310 odbcconf.rsp
13.04.2008  22:56            12.288 mscpx32r.dLL
13.04.2008  22:56            94.208 odbcint.dll
13.04.2008  22:56            12.288 odbcp32r.dll
13.04.2008  22:54            16.384 simpdata.tlb
13.04.2008  22:54            20.480 msorc32r.dll
13.04.2008  22:54            12.288 msdatsrc.tlb
13.04.2008  22:53             8.192 asferror.dll
13.04.2008  22:53           168.448 wmerror.dll
13.04.2008  22:51           733.696 qedwipes.dll
13.04.2008  22:39             4.096 dsprpres.dll
13.04.2008  22:33            63.488 browselc.dll
13.04.2008  22:33           549.376 shdoclc.dll
13.04.2008  22:18         1.647.616 winbrand.dll
13.04.2008  22:15           216.064 moricons.dll
13.04.2008  21:53            48.128 msprivs.dll
13.04.2008  21:52            48.128 inetres.dll
13.04.2008  21:12            16.896 stdole2.tlb
13.04.2008  21:09           884.736 msimsg.dll
05.04.2008  22:56        19.836.024 MRT.exe
29.03.2008  19:45         1.146.232 aswBoot.exe
29.03.2008  19:23            95.608 AvastSS.scr
20.03.2008  18:06         1.480.232 LegitCheckControl.dll
01.03.2008  18:36         3.591.680 mshtml.dll
01.03.2008  15:06           826.368 wininet.dll
01.03.2008  15:06           671.232 mstime.dll
01.03.2008  15:06           102.912 occache.dll
01.03.2008  15:06            44.544 pngfilt.dll
01.03.2008  15:06           105.984 url.dll
01.03.2008  15:06         1.159.680 urlmon.dll
01.03.2008  15:06           233.472 webcheck.dll
01.03.2008  15:06           478.208 mshtmled.dll
01.03.2008  15:06           193.024 msrating.dll
01.03.2008  15:06           267.776 iertutil.dll
01.03.2008  15:06           459.264 msfeeds.dll
01.03.2008  15:06            27.648 jsproxy.dll
01.03.2008  15:06         1.831.424 inetcpl.cpl
01.03.2008  15:06            52.224 msfeedsbs.dll
01.03.2008  15:06         6.066.176 ieframe.dll
01.03.2008  15:06            44.544 iernonce.dll
01.03.2008  15:06           383.488 ieapfltr.dll
01.03.2008  15:06           384.512 iedkcs32.dll
01.03.2008  15:06           153.088 ieakeng.dll
01.03.2008  15:06           230.400 ieaksie.dll
01.03.2008  15:06           133.120 extmgr.dll
01.03.2008  15:06           347.136 dxtmsft.dll
01.03.2008  15:06           214.528 dxtrans.dll
01.03.2008  15:06            63.488 icardie.dll
01.03.2008  15:06           124.928 advpack.dll
29.02.2008  14:40           265.948 locale.nls
29.02.2008  10:55            70.656 ie4uinit.exe
22.02.2008  12:00            13.824 ieudinit.exe
16.02.2008  16:04               976 history.aaw
16.02.2008  16:04             2.592 settings.aaw
16.02.2008  11:47           138.740 TZLog.log
15.02.2008  07:44           161.792 ieakui.dll

            2487 Datei(en)    635.343.388 Bytes
               0 Verzeichnis(se), 11.374.002.176 Bytes frei
. 
. 
. 
 Datentr„ger in Laufwerk C: ist WINXP
 Volumeseriennummer: 4032-55C5

 Verzeichnis von C:\DOCUME~1\cf\LOCALS~1\Temp

08.05.2008  16:09           122.900 datfind.txt
08.05.2008  15:27            16.384 Perflib_Perfdata_1478.dat
08.05.2008  15:26            16.384 Perflib_Perfdata_960.dat
               3 Datei(en)        155.668 Bytes
               0 Verzeichnis(se), 11.374.411.776 Bytes frei
. 
. 
. 
 Datentr„ger in Laufwerk C: ist WINXP
 Volumeseriennummer: 4032-55C5

 Verzeichnis von C:\WINDOWS

08.05.2008  16:03               227 system.ini
08.05.2008  15:56               174 setupact.log
08.05.2008  15:56               254 UPGRADE.TXT
08.05.2008  15:56            56.219 wsdu.log
08.05.2008  15:54               178 DHCPUPG.LOG
08.05.2008  15:54            15.680 WINNT32.LOG
08.05.2008  15:26                 0 0.log
08.05.2008  15:26               159 wiadebug.log
08.05.2008  15:25             2.048 bootstat.dat
08.05.2008  00:13                50 wiaservc.log
08.05.2008  00:13                12 bthservsdp.dat
08.05.2008  00:13            32.584 SchedLgU.Txt
08.05.2008  00:13         1.076.489 WindowsUpdate.log
07.05.2008  23:58                 0 setuperr.log
07.05.2008  16:45           316.640 WMSysPr9.prx
07.05.2008  15:46                 0 oodcnt.INI
07.05.2008  14:59             1.240 mozver.dat
07.05.2008  14:54             4.359 ODBCINST.INI
14.04.2008  05:42           283.648 winhlp32.exe
14.04.2008  05:42            32.866 slrundll.exe
14.04.2008  05:42           146.432 regedit.exe
14.04.2008  05:42            69.120 notepad.exe
14.04.2008  05:42            10.752 hh.exe
14.04.2008  05:42         1.033.728 explorer.exe
14.04.2008  05:42            50.688 twain_32.dll
07.02.2008  22:14            54.156 QTFont.qfn
07.02.2008  10:55                38 avisplitter.INI
31.01.2008  22:27               919 BOC425.INI
27.01.2008  10:43             3.288 WINCMD.INI
27.01.2008  10:09               253 wcx_ftp.ini
24.01.2008  20:23               250 gmer.ini
24.01.2008  20:22           819.200 gmer.dll
24.01.2008  20:22                80 gmer_uninstall.cmd
24.01.2008  20:21               537 win.ini
24.01.2008  18:35               214 FTRUN32.INI
18.01.2008  20:31           757.760 gmer.exe

             123 Datei(en)     14.694.637 Bytes
               0 Verzeichnis(se), 11.374.411.776 Bytes frei
. 
. 
. 
 Datentr„ger in Laufwerk C: ist WINXP
 Volumeseriennummer: 4032-55C5

 Verzeichnis von C:\WINDOWS\temp

07.05.2008  21:04         1.755.478 dneinst.log
               1 Datei(en)      1.755.478 Bytes
               0 Verzeichnis(se), 11.374.411.776 Bytes frei
. 
. 
. 
 Datentr„ger in Laufwerk C: ist WINXP
 Volumeseriennummer: 4032-55C5

 Verzeichnis von C:\WINDOWS\Downloaded Program Files

09.10.2007  22:51                65 desktop.ini
30.07.2007  19:24               293 wuweb.inf
               2 Datei(en)            358 Bytes
               0 Verzeichnis(se), 11.374.411.776 Bytes frei


--------------------------------
5. Problembeschreibung:

Manchmal (nicht immer - jetzt gerade nicht (Murphy!)) fragt mich die installierte ZoneAlarm Firewall beim starten eines "normalen" Programms wie Firefox, Thunderbird, etc. ob ein völlig anderes Programm auf das Internet zugreifen darf. (z. B. vfind.cfexe, o.ä.). Wenn man das verneint, hat das jeweilige ursprünglich aufgerufene Programm keinen Zugriff auf das Internet (Firefox bspw.). Wenn man es erlaub, dann durchaus.

Gestern wollte ich Battlefield2 installieren. Beim starten der Setupdatei kam eine Fehlermeldung das die Datei set31A.tmp einen Fehler verursacht hat (verweißt auf Speicher 0x0000...) und gut - das Spiel lies sich nicht installieren. Bei weiteren Aufrufen immer dasselbe, jedoch ändert sich der Name der .tmp Datei (Set***.tmp) Das schreit förmlich nach einem Virus/Trojaner/Rootkit - oder?

Edit: Beim installieren des Spiels kommt nach wie vor die Fehlermeldung (set8D.tmp, set8E.tmp...). (Am SP3 kann das nicht liegen?)

Ich habe bereits schon von einem parallel installierten Vista aus mit AVG und AntiVir zu scannen - aber ohne Erfolg.

Ich hoffe Ihr könnt mir helfen.. möchte nur ungern Neuinstallieren.. morgen ist eine LanParty und da wäre es schön, wenn man nicht alles neu installieren muss.. ich probier schon die ganze Woche mit diversen Tools irgendwas zu finden. Aber keiner findet was. ;) ( wäre ja gut wenns wirklich so ist ;) )

Danke im Voraus,
MfG Fly

PS: System ist aktuell. Alle Patches installiert. SP3 ist auch drauf.
Dieser Beitrag wurde am 08.05.2008 um 16:42 Uhr von FlyingHuman editiert.
Seitenanfang Seitenende
08.05.2008, 16:58
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Hallo,

sagt dir die Startseite etwas ?

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://10.0.0.107/

scanne mit sdfix im abgesicherten modus + poste den report
http://virus-protect.org/artikel/tools/sdfix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
08.05.2008, 17:39
FlyingHuman
...neu hier

Themenstarter

Beiträge: 3
#3 Danke für deine Antwort ;)

Die Startseite ist mit bekannt, ja ;) ist ein Rechner im lokalen Netzwerk.

Hier der Report von SDFix:

Code



[b]SDFix: Version 1.180 [/b]
Run by cf on 08.05.2008 at 17:24

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


[b]Checking Files [/b]: 

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:
 


                                 [b]Final Check [/b]:

catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-08 17:29:29
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Programme\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\\WINDOWS\\System32\\ZoneLabs\\avsys\\ScanningProcess.exe"="C:\\WINDOWS\\System32\\ZoneLabs\\avsys\\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner"
"S:\\spiele\\wic\\wic.exe"="S:\\spiele\\wic\\wic.exe:*:Enabled:WORLD IN CONFLICT"
"S:\\spiele\\wic\\wic_online.exe"="S:\\spiele\\wic\\wic_online.exe:*:Enabled:WORLD IN CONFLICT - Nur Online"
"S:\\spiele\\wic\\wic_ds.exe"="S:\\spiele\\wic\\wic_ds.exe:*:Enabled:WORLD IN CONFLICT - Dedizierter Server"
"C:\\Programme\\Bonjour\\mDNSResponder.exe"="C:\\Programme\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Programme\\uTorrent\\uTorrent.exe"="C:\\Programme\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Documents and Settings\\CF\\Local Settings\\Apps\\2.0\\KO79P4GG.WWB\\0WVM7Q55.WPV\\frit..tion_f8d772dfbb3f7453_0002.0001_147a792107b9f781\\fritzbox-usb-fernanschluss.exe"="C:\\Documents and Settings\\CF\\Local Settings\\Apps\\2.0\\KO79P4GG.WWB\\0WVM7Q55.WPV\\frit..tion_f8d772dfbb3f7453_0002.0001_147a792107b9f781\\fritzbox-usb-fernanschluss.exe:*:Enabled:FRITZ!Box USB-Fernanschluss"
"P:\\Programme\\SmartFTP Client\\SmartFTP.exe"="P:\\Programme\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"M:2\\Programme\\AVG\\AVG8\\avgupd.exe"="M:2\\Programme\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"M:2\\Programme\\AVG\\AVG8\\avgemc.exe"="M:2\\Programme\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"M:2\\Programme\\AVG\\AVG8\\avgnsx.exe"="M:2\\Programme\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Wed  7 May 2008           334 A.SHR --- "C:\BOOT.BAK"
Mon 11 Feb 2008       165,232 A..H. --- "C:\System Volume Information\_restore{7DCBFCB7-93B1-4618-B4A8-37D82BC6A6FD}\RP2\A0000295.dll"
Wed  7 May 2008       165,232 A..H. --- "C:\System Volume Information\_restore{7DCBFCB7-93B1-4618-B4A8-37D82BC6A6FD}\RP2\A0000470.dll"
Wed  7 May 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\download\BIT76.tmp"
Wed  7 May 2008       165,232 A..H. --- "C:\Documents and Settings\cf\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll"
Fri 15 Feb 2008         1,301 ...HR --- "C:\Documents and Settings\cf\Application Data\SecuROM\UserData\securom_v7_01.bak"

[b]Finished![/b]



Gerade eben ging es schon wieder los, grep.cfexe, vfind.cfexe, find.exe um nur einige zu nennen wollten Zugriff auf das Internet wo ich Firefox starten wollte (IE dasselbe).

Ich bin für jede Hilfe dankbar! ;)
Seitenanfang Seitenende
09.05.2008, 00:29
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 ««
beende unter Dienste folgenden Dienst:

Spyware Terminator Realtime Shield Service (sp_rssrv)

««
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gib an "Alle Dateien" - Speichern

Zitat

KILLALL::

Driver::
MEMSWEEP2
sp_rsdrv2

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ Spyware Terminator_is1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Terminator]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sp_rsdrv2]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sp_rsdrv2]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sp_rsdrv2]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sp_rsdrv2]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sp_rsdrv2]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SP_RSDRV2]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SP_RSDRV2]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SP_RSDRV2]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SP_RSDRV2]

File::
C:\WINDOWS\system32\143.tmp
C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

Folder::
C:\Programme\Spyware Terminator
Man sollte jetzt auf dem Desktop diese Datei cfscript.txt finden.

cfscript.txt und mit der rechten Maustaste auf das Symbol von Combofix ziehen

danach: Combofix noch einmal anwenden

PC neustarten

------------------------

dann berichte, ob Ruhe herrscht....
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
09.05.2008, 13:51
FlyingHuman
...neu hier

Themenstarter

Beiträge: 3
#5 Hab tausend Dank! ;)

im Moment ist Ruhe.. ich beobachte das mal weiter.

Was war die Ursache? Trojaner? Keylogger? Virus? etc.?
Seitenanfang Seitenende
09.05.2008, 15:35
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 wahrscheinlich der Spyware Terminator - mal steht er auf der Rogue-Liste (gefakte Programme), mal nicht.... ;)
es gibt noch Einträge von dem Ding ...such mal und entferne alles, mir fehlten die Pfade... hab nur die sys entfernen lassen und unter "Programme"
oder suche mit Agent Ransack
http://virus-protect.org/artikel/tools/agentransack.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1