Trojaner TR/Vundo.GHY.36352

#1 Hallo,

ich habe mir einen Troaner eingefangen und bekomme Ihn nicht mehr los!

Es handelt sich dabei um den Trojner "TR/Vundo.GHY.36352" der sich in den WINDOWS/system32-Ordner als "wvUmjKaa.dll"-Datei eingenistet hat.

Desweiteren hatte ich auch einen weiteren "TR/Vundo.xxx"-Trojaner, im gleichen Ordner als "winzlo32.dll" drin...


Anbei meine HiJackThis-Logfile:


Logfile of HijackThis v1.99.1
Scan saved at 22:20, on 2008-07-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\0900 Alarm\bak\0900Alarm.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programme\ArcorOnline\AOButler.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\SICHERHEIT\hijackthis_199_1\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = about:blank
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [48ac4a75] rundll32.exe "C:\WINDOWS\system32\uyspkggd.dll",b
O4 - HKLM\..\Run: [BM4b9f79e9] Rundll32.exe "C:\WINDOWS\system32\kofhmsco.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [0900 Alarm] C:\Programme\0900 Alarm\bak\0900Alarm.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Programme\Ashampoo\Ashampoo UnInstaller 2002-2003\UIWatcher.exe
O4 - Startup: 0900Alarm.exe.lnk = C:\Programme\0900 Alarm\bak\0900Alarm.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Browser-Anpassung für Outpost Firewall - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} (V3ProX Control) - http://ahnlabdownload.nefficient.co.kr/plugin/myv3/myv3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125672066500
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125672051046
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.ak.studivz.net/photouploader/ImageUploader4.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.de/scan/Msie/bitdefender.cab
O16 - DPF: {87CCFDB0-C4BE-4BC2-A78C-9EAA7CF96667} - http://ps.itv.mop.com/dn/files/vodupdate_1.0.0.8_20051009.cab
O16 - DPF: {96512D57-F751-4088-A689-5778FCC77F7A} (Photo Uploader Control) - http://www.studivz.net/lib/photouploader/PhotoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp10.photoprintit.de/microsite/10551/defaults/activex/IPSUploader.cab
O16 - DPF: {DF6504AC-3EFE-4287-B259-FB299B069C95} (WEBDE Fotoalbum Upload Control) - https://img.web.de/v/fotoalbum/activex/upload_11110.cab
O16 - DPF: {ED5D2306-0FF4-11D2-B37C-0000C000D50D} (HighWay Imaging Control) - http://www.3di.it/code/iw/iwfull.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4571/mcfscan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Programme\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Unknown owner - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe

#2 Hallo boris77

>>
cleaner anwenden
http://www.virus-protect.org/ccleaner.html


>>
Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only
Setze ein Häckchen in das Kästchen vor den genannten Einträgen bei

Zitat

O4 - HKLM\..\Run: [48ac4a75] rundll32.exe "C:\WINDOWS\system32\uyspkggd.dll",b
O4 - HKLM\..\Run: [BM4b9f79e9] Rundll32.exe "C:\WINDOWS\system32\kofhmsco.dll",s

und wähle fix checked. Starte den Rechner neu.

>>
Wende Malwarebytes an, das gfundene löschen und Log posten:
http://virus-protect.org/artikel/tools/malwarebytes.html

>>
wende Combofix an - Warnmeldung wegklicken + poste den report
http://virus-protect.org/artikel/tools/combofix.html

Gruss Swiss

#3 Hallo, hier die log nach Ausführung von Malwarebytes - und untendrunter der REport nach Ausführung von ComboFix


Malwarebytes' Anti-Malware 1.23
Datenbank Version: 985
Windows 5.1.2600 Service Pack 2

10:11:53 2008-07-27
mbam-log-7-27-2008 (10-11-47).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|)
Durchsuchte Objekte: 249802
Laufzeit: 1 hour(s), 42 minute(s), 37 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 4
Infizierte Registrierungsschlüssel: 17
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 16

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\WINDOWS\system32\ssqRJyWQ.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wvUmjKaa.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\cyfdli.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\winzlo32.dll (Dialer) -> No action taken.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1e625d8c-92cd-47e0-a11c-69a63b4c7647} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1e625d8c-92cd-47e0-a11c-69a63b4c7647} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a2f7b5b8-5a38-4e75-a776-957716936a33} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a2f7b5b8-5a38-4e75-a776-957716936a33} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9b904910-78a4-489d-a825-5111b883a5b2} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9b904910-78a4-489d-a825-5111b883a5b2} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvumjkaa (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{dbac908a-20db-485e-88e0-1e2473a644a7} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzlo32 (Dialer) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/uninst.bat (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{9b904910-78a4-489d-a825-5111b883a5b2} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\uninst.bat (Trojan.Agent) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\ssqrjywq -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ssqrjywq -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system32\ssqRJyWQ.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\QWyJRqss.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\QWyJRqss.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\cyfdli.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wvUmjKaa.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP823\A0195114.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP827\A0195283.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP827\A0195294.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP830\A0195520.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rquowugy.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\winzlo32.dll (Dialer) -> No action taken.
C:\WINDOWS\Downloaded Program Files\uninst.bat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\efcATlLB.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\efcbYRKe.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM4b9f79e9.xml (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM4b9f79e9.txt (Trojan.Vundo) -> No action taken.






**************************************************
**************************************************
**************************************************

COMBOFIX-REPORT

**************************************************
**************************************************
**************************************************

ComboFix 08-07-26.1 - Boris 2008-07-27 10:20:32.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.193 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Boris\Desktop\Sicherheits Tools\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

[color=red]Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !![/color]
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\inst.exe
C:\kmd.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system\oeminfo.ini
C:\WINDOWS\system32\gogfcunr.dll
C:\WINDOWS\system32\kmd.exe
C:\WINDOWS\system32\kofhmsco.dll
C:\WINDOWS\system32\MTwFeMoq.ini
C:\WINDOWS\system32\MTwFeMoq.ini2
C:\WINDOWS\system32\QWyJRqss.ini
C:\WINDOWS\system32\QWyJRqss.ini2
C:\WINDOWS\system32\simctr.dll
C:\WINDOWS\system32\ssqRJyWQ.dll
C:\WINDOWS\winhelp.ini

.
((((((((((((((((((((((( Dateien erstellt von 2008-06-27 bis 2008-07-27 ))))))))))))))))))))))))))))))
.

2008-07-26 22:46 . 2008-07-26 22:46 <DIR> d-------- C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\Malwarebytes
2008-07-26 22:45 . 2008-07-26 22:45 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-07-26 22:45 . 2008-07-26 22:45 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-07-26 22:45 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-26 22:45 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-26 21:00 . 2008-07-26 21:00 <DIR> d-------- C:\!Submit
2008-07-26 20:39 . 2008-07-26 20:39 <DIR> d-------- C:\WINDOWS\system32\temp
2008-07-26 19:21 . 2008-07-26 19:21 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\AdobeUM
2008-07-23 16:38 . 2008-07-23 16:49 474 ---hs---- C:\WINDOWS\system32\dggkpsyu.ini
2008-07-23 14:50 . 2008-07-23 14:50 <DIR> d-------- C:\Programme\Gemeinsame Dateien\LightScribe
2008-07-23 14:48 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-07-23 14:48 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-07-23 14:48 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-07-23 14:48 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-07-23 14:48 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-07-23 14:48 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-07-23 14:47 . 2008-07-23 14:48 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Ahead
2008-07-23 14:47 . 2008-07-23 14:48 <DIR> d-------- C:\Programme\Ahead
2008-07-23 14:31 . 2008-07-23 14:31 36,352 --------- C:\WINDOWS\system32\wvUmjKaa.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 06:21 --------- d-----w C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\skypePM
2008-07-27 06:21 --------- d-----w C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\Skype
2008-07-27 00:07 --------- d-----w C:\Programme\IrfanView
2008-07-26 17:18 --------- d-----w C:\Programme\TuneUp Utilities 2004
2008-07-26 17:09 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
2008-07-26 17:08 --------- d-----w C:\Programme\Lavasoft
2008-07-26 17:07 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-07-23 13:32 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-07-23 13:31 --------- d-----w C:\Programme\ElsterFormular2005
2008-07-23 13:30 --------- d-----w C:\Programme\Spiele
2008-07-23 13:06 --------- d-----w C:\Programme\Winamp
2008-07-23 13:04 --------- d-----w C:\Programme\ANNO1602
2008-07-23 12:59 --------- d-----w C:\Programme\ShiftN
2008-07-21 17:51 --------- d-----w C:\Programme\Java
2008-07-17 06:51 --------- d-----w C:\Programme\Burn4Free Toolbar
2008-07-02 08:45 --------- d-----w C:\Programme\Gemeinsame Dateien\Adobe
2008-06-22 12:57 --------- d-----w C:\Programme\DivX
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-18 14:24 --------- d-----w C:\Programme\Burn4Free
2008-06-18 14:22 232,075 ----a-w C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_8421.exe
2008-06-14 17:57 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 12:36 --------- d-----w C:\Programme\TVAnts
2008-06-11 13:30 --------- d-----w C:\Programme\WS_FTP Pro
2008-06-11 11:46 47,360 ----a-w C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\pcouffin.sys
2008-06-11 11:46 --------- d-----w C:\Programme\vso
2008-06-11 11:46 --------- d-----w C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\Vso
2008-06-08 07:02 --------- d-----w C:\Programme\iTunes
2008-06-01 23:14 --------- d-----w C:\Programme\Gemeinsame Dateien\Java
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:22 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-05-22 22:22 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-22 22:22 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-07 05:14 1,293,312 ----a-w C:\WINDOWS\system32\quartz.dll
2007-05-09 17:02 87,608 ----a-w C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\ezpinst.exe
2004-03-15 10:11 868 ---ha-w C:\Programme\hpothb07.dat
2004-03-15 10:11 169 ---ha-w C:\Dokumente und Einstellungen\All Users\hpothb07.dat
2004-03-15 10:11 161 ---ha-w C:\Dokumente und Einstellungen\Boris\hpothb07.dat
2004-03-15 10:11 1,507 ---ha-w C:\Programme\hpothb07.tif
2003-12-13 22:15 168 ----a-w C:\Programme\_DEISREG.ISR
2003-12-13 22:15 1,862 ----a-w C:\Programme\DeIsL1.isu
1999-12-02 12:54 91,648 ------w C:\Programme\xcacls.exe
1998-04-20 19:14 1,182,208 ----a-w C:\Programme\Digibib.exe
1998-04-19 21:59 48,655 ----a-w C:\Programme\babylon.ini
1997-04-23 02:16 40,960 ----a-w C:\Programme\_ISREG32.DLL
2004-05-22 19:39 157 --sha-w C:\WINDOWS\it.bat
2007-04-02 21:57 10,022 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-01-27_12.35.35,28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-26 11:49:00 297,984 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
+ 2007-03-06 01:14:12 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll
+ 2007-03-06 01:14:17 217,312 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe
+ 2007-03-06 01:14:11 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll
+ 2007-03-06 01:14:35 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
+ 2007-03-06 01:15:25 377,568 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll
+ 2008-03-20 07:56:37 1,846,016 ----a-w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:14:12 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:14:17 217,312 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:14:11 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:14:35 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:15:25 377,568 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll
+ 2007-12-04 18:29:30 551,936 ----a-w C:\WINDOWS\$hf_mig$\KB943055\SP2QFE\oleaut32.dll
+ 2007-03-06 01:14:12 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spmsg.dll
+ 2007-03-06 01:14:17 217,312 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spuninst.exe
+ 2007-03-06 01:14:11 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\spcustom.dll
+ 2007-03-06 01:14:35 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
+ 2007-03-06 01:15:25 377,568 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\updspapi.dll
+ 2007-12-07 01:41:41 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\advpack.dll
+ 2007-12-19 22:18:03 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\dxtmsft.dll
+ 2007-12-07 01:41:42 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\dxtrans.dll
+ 2007-12-07 01:41:42 133,120 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\extmgr.dll
+ 2007-12-07 01:41:42 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\icardie.dll
+ 2007-12-06 08:34:28 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ie4uinit.exe
+ 2007-12-07 01:41:42 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieakeng.dll
+ 2007-12-07 01:41:42 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieaksie.dll
+ 2007-12-06 05:00:02 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieapfltr.dat
+ 2007-12-07 01:41:42 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieapfltr.dll
+ 2007-12-07 01:41:42 388,096 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iedkcs32.dll
+ 2007-12-07 01:41:44 6,067,200 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieframe.dll
+ 2007-12-07 01:41:44 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iernonce.dll
+ 2007-12-07 01:41:44 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iertutil.dll
+ 2007-12-06 08:34:29 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieudinit.exe
+ 2007-12-06 08:34:45 625,664 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe
+ 2007-12-07 01:41:44 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\jsproxy.dll
+ 2007-12-07 01:41:44 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\msfeeds.dll
+ 2007-12-07 01:41:44 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\msfeedsbs.dll
+ 2007-12-07 01:41:46 3,593,216 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
+ 2007-12-07 01:41:47 478,208 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\mshtmled.dll
+ 2007-12-07 01:41:47 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\msrating.dll
+ 2007-12-07 01:41:47 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\mstime.dll
+ 2007-12-07 01:41:47 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\occache.dll
+ 2008-01-11 05:49:55 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\pngfilt.dll
+ 2007-12-07 01:41:48 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\url.dll
+ 2007-12-07 01:41:48 1,162,752 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\urlmon.dll
+ 2007-12-07 01:41:48 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\webcheck.dll
+ 2007-12-07 01:41:49 825,344 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:14:12 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\spmsg.dll
+ 2007-03-06 01:14:17 217,312 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\spuninst.exe
+ 2007-03-06 01:14:11 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\update\spcustom.dll
+ 2007-03-06 01:14:35 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe
+ 2007-03-06 01:15:25 377,568 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\update\updspapi.dll
+ 2008-02-20 05:20:09 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
+ 2008-02-20 18:50:10 45,568 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
+ 2007-03-06 01:14:12 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spmsg.dll
+ 2007-03-06 01:14:17 217,312 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spuninst.exe
+ 2007-03-06 01:14:11 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\spcustom.dll
+ 2007-03-06 01:14:35 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
+ 2007-03-06 01:15:25 377,568 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\updspapi.dll
+ 2007-12-18 09:38:59 179,712 ----a-w C:\WINDOWS\$hf_mig$\KB946026\SP2QFE\mrxdav.sys
+ 2007-03-06 01:14:12 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spmsg.dll
+ 2007-03-06 01:14:17 217,312 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spuninst.exe
+ 2007-03-06 01:14:11 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\spcustom.dll
+ 2007-03-06 01:14:35 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
+ 2007-03-06 01:15:25 377,568 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\updspapi.dll
+ 2008-03-01 12:33:31 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\advpack.dll
+ 2008-03-01 12:33:31 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\dxtmsft.dll
+ 2008-03-01 12:33:31 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\dxtrans.dll
+ 2008-03-01 12:33:31 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\extmgr.dll
+ 2008-03-01 12:33:31 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\icardie.dll
+ 2008-02-22 09:39:56 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ie4uinit.exe
+ 2008-03-01 12:33:32 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieakeng.dll
+ 2008-03-01 12:33:32 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieapfltr.dat
+ 2008-03-01 12:33:32 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieapfltr.dll
+ 2008-03-01 12:33:32 388,608 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iedkcs32.dll
+ 2008-03-01 12:33:34 6,067,712 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieframe.dll
+ 2008-03-01 12:33:34 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iernonce.dll
+ 2008-03-01 12:33:35 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iertutil.dll
+ 2008-02-22 09:39:56 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieudinit.exe
+ 2008-02-22 09:40:22 625,664 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe
+ 2008-03-01 12:33:35 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\jsproxy.dll
+ 2008-03-01 12:33:36 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\msfeeds.dll
+ 2008-03-01 12:33:36 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\msfeedsbs.dll
+ 2008-03-01 12:33:37 3,593,216 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
+ 2008-03-01 12:33:37 478,208 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\mshtmled.dll
+ 2008-03-01 12:33:38 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\msrating.dll
+ 2008-03-01 12:33:38 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\mstime.dll
+ 2008-03-01 12:33:38 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\occache.dll
+ 2008-03-01 12:33:38 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\pngfilt.dll
+ 2008-03-01 12:33:38 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\url.dll
+ 2008-03-01 12:33:41 1,162,752 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\urlmon.dll
+ 2008-03-01 12:33:41 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\webcheck.dll
+ 2008-03-01 12:33:41 827,392 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:14:08 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\spmsg.dll
+ 2007-03-06 01:14:13 217,312 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\spuninst.exe
+ 2007-03-06 01:14:07 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\update\spcustom.dll
+ 2007-03-06 01:14:35 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe
+ 2007-03-06 01:15:25 377,568 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\update\updspapi.dll
+ 2008-02-20 06:52:36 282,624 ----a-w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll
+ 2007-03-06 01:14:12 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll
+ 2007-03-06 01:14:17 217,312 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe
+ 2007-03-06 01:14:11 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll
+ 2007-03-06 01:14:35 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
+ 2007-03-06 01:15:25 377,568 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll
+ 2007-03-06 01:14:08 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB948881\spmsg.dll
+ 2007-03-06 01:14:13 217,312 ----a-w C:\WINDOWS\$hf_mig$\KB948881\spuninst.exe
+ 2007-03-06 01:14:07 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\spcustom.dll
+ 2007-03-06 01:14:30 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\update.exe
+ 2007-03-06 01:15:22 377,568 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\updspapi.dll
+ 2008-01-23 04:56:21 554,008 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll
+ 2007-12-10 12:41:11 518,944 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll
+ 2007-12-10 12:41:11 326,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
+ 2007-12-10 12:41:11 1,516,568 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll
+ 2007-12-10 12:41:11 355,112 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
+ 2007-11-01 05:15:30 187,168 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll
+ 2007-12-10 12:41:12 60,192 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll
+ 2007-12-10 12:41:12 248,608 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
+ 2007-12-10 12:41:12 219,936 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll
+ 2007-12-10 12:41:12 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
+ 2007-12-10 12:41:13 432,928 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
+ 2007-12-10 12:41:13 322,336 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
+ 2007-12-10 12:41:13 559,904 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
+ 2007-12-10 12:41:13 264,992 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll
+ 2007-12-10 12:41:13 838,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
+ 2007-11-01 05:15:31 621,344 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
+ 2007-12-10 12:41:14 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
+ 2007-03-06 01:14:12 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll
+ 2007-03-06 01:14:17 217,312 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe
+ 2007-03-06 01:14:11 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll
+ 2007-03-06 01:14:35 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
+ 2007-03-06 01:15:25 377,568 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll
+ 2008-04-23 04:19:40 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\advpack.dll
+ 2008-04-23 04:19:40 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\dxtmsft.dll
+ 2008-04-23 04:19:40 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\dxtrans.dll
+ 2008-04-23 04:19:40 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\extmgr.dll
+ 2008-04-23 04:19:40 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\icardie.dll
+ 2008-04-22 08:02:19 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ie4uinit.exe
+ 2008-04-23 04:19:40 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieakeng.dll
+ 2008-04-23 04:19:40 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieaksie.dll
+ 2008-04-20 05:07:38 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieapfltr.dat
+ 2008-04-23 04:19:40 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieapfltr.dll
+ 2008-04-23 04:19:40 388,608 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iedkcs32.dll
+ 2008-04-23 04:19:40 6,068,224 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieframe.dll
+ 2008-04-23 04:19:40 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iernonce.dll
+ 2008-04-23 04:19:40 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iertutil.dll
+ 2008-04-22 08:02:19 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieudinit.exe
+ 2008-04-22 08:02:46 625,664 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe
+ 2008-04-23 04:19:41 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\jsproxy.dll
+ 2008-04-23 04:19:41 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\msfeeds.dll
+ 2008-04-23 04:19:41 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\msfeedsbs.dll
+ 2008-04-23 04:19:41 3,593,728 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
+ 2008-04-23 04:19:41 478,208 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\mshtmled.dll
+ 2008-04-23 04:19:41 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\msrating.dll
+ 2008-04-23 04:19:41 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\mstime.dll
+ 2008-04-23 04:19:41 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\occache.dll
+ 2008-04-23 04:19:41 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\pngfilt.dll
+ 2008-04-23 04:19:41 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\url.dll
+ 2008-04-23 04:19:41 1,162,752 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\urlmon.dll
+ 2008-04-23 04:19:41 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\webcheck.dll
+ 2008-04-23 04:19:41 827,392 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:14:08 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\spmsg.dll
+ 2007-03-06 01:14:13 217,312 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\spuninst.exe
+ 2007-03-06 01:14:07 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\update\spcustom.dll
+ 2007-03-06 01:14:35 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe
+ 2007-03-06 01:15:25 377,568 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\update\updspapi.dll
+ 2007-11-30 12:39:14 18,808 ----a-w C:\WINDOWS\$hf_mig$\KB950760\spmsg.dll
+ 2007-11-30 12:39:14 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB950760\spuninst.exe
+ 2007-11-30 12:39:14 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\spcustom.dll
+ 2007-11-30 12:39:14 765,304 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\update.exe
+ 2007-11-30 12:39:15 388,984 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\updspapi.dll
+ 2008-05-08 12:14:51 203,008 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP2QFE\rmcast.sys
+ 2008-05-08 14:02:52 203,136 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP3GDR\rmcast.sys
+ 2008-05-08 13:58:17 203,136 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP3QFE\rmcast.sys
+ 2007-11-30 12:39:14 18,808 ----a-w C:\WINDOWS\$hf_mig$\KB950762\spmsg.dll
+ 2007-11-30 12:39:14 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB950762\spuninst.exe
+ 2007-11-30 12:39:14 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\spcustom.dll
+ 2007-11-30 12:39:14 765,304 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\update.exe
+ 2007-11-30 12:39:15 388,984 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\updspapi.dll
+ 2008-06-14 18:01:09 273,024 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP2QFE\bthport.sys
+ 2008-06-14 17:32:01 273,024 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP3GDR\bthport.sys
+ 2008-06-14 17:37:44 273,024 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys
+ 2007-11-30 11:18:34 18,808 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\spmsg.dll
+ 2007-11-30 11:18:34 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\spuninst.exe
+ 2007-11-30 11:18:34 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\spcustom.dll
+ 2007-11-30 11:18:35 765,304 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe
+ 2007-11-30 11:18:35 388,984 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\updspapi.dll
+ 2008-04-14 16:16:13 273,024 ----a-w C:\WINDOWS\$hf_mig$\KB951376\SP2QFE\bthport.sys
+ 2008-04-14 15:58:22 273,024 ----a-w C:\WINDOWS\$hf_mig$\KB951376\SP3GDR\bthport.sys
+ 2008-04-14 16:21:08 273,024 ----a-w C:\WINDOWS\$hf_mig$\KB951376\SP3QFE\bthport.sys
+ 2007-11-30 11:18:34 18,808 ----a-w C:\WINDOWS\$hf_mig$\KB951376\spmsg.dll
+ 2007-11-30 11:18:34 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951376\spuninst.exe
+ 2007-11-30 11:18:34 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\spcustom.dll
+ 2007-11-30 11:18:35 765,304 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\update.exe
+ 2007-11-30 11:18:35 388,984 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\updspapi.dll
+ 2008-05-07 04:55:02 1,293,824 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:10:35 1,293,824 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:30 1,293,824 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:18:34 18,808 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:18:34 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:18:34 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:14 765,304 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:15 388,984 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
+ 2004-06-23 21:17:00 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\2gqkwpfr.dat
+ 2004-06-23 21:17:00 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\5jxfdrpz.dat
+ 2004-06-23 21:17:00 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\8vnrpzpj.dat
+ 2002-08-29 12:00:00 1,740 -c----w C:\WINDOWS\$NtServicePackUninstall$\dcache.bin
+ 2005-09-03 14:19:06 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\djdzjpf3.dat
+ 2002-08-29 12:00:00 2,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmkaud.sys
+ 2005-09-03 14:19:06 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\fdz9vlbx.dat
+ 2004-06-23 21:17:03 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\ikbljz3f.dat
+ 2004-06-23 21:17:01 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\lb3j7jtn.dat
+ 2002-08-29 12:00:00 184,320 -c----w C:\WINDOWS\$NtServicePackUninstall$\msh261.drv
+ 2002-08-29 12:00:00 286,720 -c----w C:\WINDOWS\$NtServicePackUninstall$\msh263.drv
+ 2005-09-03 14:19:06 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\nt7bjtbf.dat
+ 2005-09-03 14:19:11 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssgk6ljv.dat
+ 2002-08-29 12:00:00 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\wdmaud.drv
+ 2002-08-29 12:00:00 132,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\winspool.drv
+ 2005-09-03 14:19:07 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\wxzz5v1j.dat
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB926239$\spuninst\updspapi.dll
+ 2006-10-18 19:47:16 414,208 -c----w C:\WINDOWS\$NtUninstallKB929399$\msscp.dll
+ 2005-06-28 08:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe
+ 2005-06-28 08:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB929399$\spuninst\updspapi.dll
+ 2004-08-04 07:57:24 294,400 -c----w C:\WINDOWS\$NtUninstallKB932823-v3$\msctf.dll
+ 2007-03-06 01:14:17 217,312 -c----w C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe
+ 2007-03-06 01:15:25 377,568 -c----w C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\updspapi.dll
+ 2005-06-28 08:23:44 217,312 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe
+ 2005-06-28 08:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\updspapi.dll
+ 2006-10-18 19:47:20 10,834,432 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\wmp.dll
+ 2005-06-28 08:23:44 217,312 -c----w C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe
+ 2005-06-28 08:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB939683$\spuninst\updspapi.dll
+ 2006-11-03 07:55:48 316,928 -c----w C:\WINDOWS\$NtUninstallKB939683$\unregmp2.exe
+ 2007-03-06 01:14:17 217,312 -c----w C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe
+ 2007-03-06 01:15:25 377,568 -c----w C:\WINDOWS\$NtUninstallKB941693$\spuninst\updspapi.dll
+ 2007-03-08 15:32:24 1,843,712 -c----w C:\WINDOWS\$NtUninstallKB941693$\win32k.sys
+ 2007-05-17 11:28:50 549,376 -c----w C:\WINDOWS\$NtUninstallKB943055$\oleaut32.dll
+ 2007-03-06 01:14:17 217,312 -c----w C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe
+ 2007-03-06 01:15:25 377,568 -c----w C:\WINDOWS\$NtUninstallKB943055$\spuninst\updspapi.dll
+ 2006-06-26 17:40:34 148,480 -c----w C:\WINDOWS\$NtUninstallKB945553$\dnsapi.dll
+ 2004-08-04 07:57:17 45,568 -c----w C:\WINDOWS\$NtUninstallKB945553$\dnsrslvr.dll
+ 2007-03-06 01:14:17 217,312 -c----w C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe
+ 2007-03-06 01:15:25 377,568 -c----w C:\WINDOWS\$NtUninstallKB945553$\spuninst\updspapi.dll
+ 2004-08-04 06:00:56 181,248 -c----w C:\WINDOWS\$NtUninstallKB946026$\mrxdav.sys
+ 2007-03-06 01:14:17 217,312 -c----w C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe
+ 2007-03-06 01:15:25 377,568 -c----w C:\WINDOWS\$NtUninstallKB946026$\spuninst\updspapi.dll
+ 2007-06-19 13:31:19 282,112 -c----w C:\WINDOWS\$NtUninstallKB948590$\gdi32.dll
+ 2007-03-06 01:14:17 217,312 -c----w C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe
+ 2007-03-06 01:15:25 377,568 -c----w C:\WINDOWS\$NtUninstallKB948590$\spuninst\updspapi.dll
+ 2007-03-06 01:14:13 217,312 -c----w C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe
+ 2007-03-06 01:15:22 377,568 -c----w C:\WINDOWS\$NtUninstallKB948881$\spuninst\updspapi.dll
+ 2004-08-04 07:57:16 561,179 -c----w C:\WINDOWS\$NtUninstallKB950749$\dao360.dll
+ 2004-08-04 07:57:26 512,029 -c----w C:\WINDOWS\$NtUninstallKB950749$\msexch40.dll
+ 2004-08-04 07:57:26 319,517 -c----w C:\WINDOWS\$NtUninstallKB950749$\msexcl40.dll
+ 2004-08-04 07:57:26 1,507,356 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjet40.dll
+ 2004-03-01 18:52:15 358,976 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjetol1.dll
+ 2004-03-01 18:52:15 358,976 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjetoledb40.dll
+ 2004-08-04 07:57:26 180,255 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjint40.dll
+ 2004-08-04 07:57:26 53,279 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjter40.dll
+ 2004-08-04 07:57:26 241,693 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjtes40.dll
+ 2004-08-04 07:57:27 213,023 -c----w C:\WINDOWS\$NtUninstallKB950749$\msltus40.dll
+ 2004-08-04 07:57:28 348,189 -c----w C:\WINDOWS\$NtUninstallKB950749$\mspbde40.dll
+ 2004-08-04 07:57:28 421,919 -c----w C:\WINDOWS\$NtUninstallKB950749$\msrd2x40.dll
+ 2004-08-04 07:57:28 315,423 -c----w C:\WINDOWS\$NtUninstallKB950749$\msrd3x40.dll
+ 2004-08-04 07:57:28 552,989 -c----w C:\WINDOWS\$NtUninstallKB950749$\msrepl40.dll
+ 2004-08-04 07:57:28 258,077 -c----w C:\WINDOWS\$NtUninstallKB950749$\mstext40.dll
+ 2004-08-04 07:57:28 831,519 -c----w C:\WINDOWS\$NtUninstallKB950749$\mswdat10.dll
+ 2004-08-04 07:57:29 614,429 -c----w C:\WINDOWS\$NtUninstallKB950749$\mswstr10.dll
+ 2004-08-04 07:57:29 348,189 -c----w C:\WINDOWS\$NtUninstallKB950749$\msxbde40.dll
+ 2007-03-06 01:14:17 217,312 -c----w C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe
+ 2007-03-06 01:15:25 377,568 -c----w C:\WINDOWS\$NtUninstallKB950749$\spuninst\updspapi.dll
+ 2007-11-30 12:39:14 234,872 -c----w C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe
+ 2007-11-30 12:39:15 388,984 -c----w C:\WINDOWS\$NtUninstallKB950760$\spuninst\updspapi.dll
+ 2006-07-13 08:48:58 202,240 -c----w C:\WINDOWS\$NtUninstallKB950762$\rmcast.sys
+ 2007-11-30 12:39:14 234,872 -c----w C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe
+ 2007-11-30 12:39:15 388,984 -c----w C:\WINDOWS\$NtUninstallKB950762$\spuninst\updspapi.dll
+ 2008-04-14 15:51:00 273,024 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\bthport.sys
+ 2007-11-30 11:18:34 234,872 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe
+ 2007-11-30 11:18:35 388,984 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\updspapi.dll
+ 2004-08-04 07:40:52 275,200 -c----w C:\WINDOWS\$NtUninstallKB951376$\bthport.sys
+ 2007-11-30 11:18:34 234,872 -c----w C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe
+ 2007-11-30 11:18:35 388,984 -c----w C:\WINDOWS\$NtUninstallKB951376$\spuninst\updspapi.dll
+ 2007-10-29 22:42:30 1,293,312 -c----w C:\WINDOWS\$NtUninstallKB951698$\quartz.dll
+ 2007-11-30 11:18:34 234,872 -c----w C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe
+ 2007-11-30 12:39:15 388,984 -c----w C:\WINDOWS\$NtUninstallKB951698$\spuninst\updspapi.dll
+ 2006-09-25 15:58:48 221,488 -c----w C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe
+ 2006-09-25 15:58:48 379,184 -c----w C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\updspapi.dll
+ 2004-08-11 18:45:08 482,816 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\audiodev.dll
+ 2004-08-10 23:36:48 233,472 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\blackbox.dll
+ 2004-08-10 22:45:16 161,792 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\cewmdm.dll
+ 2004-08-10 23:36:58 527,360 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\drmv2clt.dll
+ 2004-08-10 20:07:06 6,656 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\laprxy.dll
+ 2004-08-10 19:46:46 96,768 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\logagent.exe
+ 2004-08-04 07:57:24 310,272 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mp43dmod.dll
+ 2004-08-04 07:57:24 384,512 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mp4sdmod.dll
+ 2004-08-04 07:57:24 240,640 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mpg4dmod.dll
+ 2004-08-10 23:36:42 141,312 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\msnetobj.dll
+ 2004-08-10 22:45:16 25,088 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mspmsnsv.dll
+ 2004-08-10 22:45:16 169,472 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mspmsp.dll
+ 2004-08-10 23:38:46 360,176 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\msscp.dll
+ 2004-08-11 18:45:08 311,808 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mswmdm.dll
+ 2004-08-10 22:45:18 221,184 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\qasf.dll
+ 2006-05-16 16:11:54 213,216 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe
+ 2006-05-16 16:11:54 371,424 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\updspapi.dll
+ 2006-11-02 09:46:52 13,312 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\wpdinstallutil.dll
+ 2004-08-10 20:05:20 47,104 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\uwdf.exe
+ 2004-08-10 20:05:12 15,872 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wdfapi.dll
+ 2004-08-10 20:05:14 38,912 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wdfmgr.exe
+ 2004-08-10 23:38:48 380,144 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmadmod.dll
+ 2004-08-10 22:45:16 712,704 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmadmoe.dll
+ 2007-10-20 05:01:32 227,328 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmasf.dll
+ 2004-08-10 22:45:16 30,208 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdmlog.dll
+ 2004-08-10 22:45:16 34,304 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdmps.dll
+ 2004-08-10 23:37:04 344,064 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdrmdev.dll
+ 2004-08-10 23:37:06 290,816 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdrmnet.dll
+ 2004-08-10 20:07:06 150,016 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmidx.dll
+ 2004-08-10 22:41:04 1,027,072 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmnetmgr.dll
+ 2004-08-10 23:39:00 773,368 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmod.dll
+ 2004-08-10 22:45:14 1,116,160 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmoe2.dll
+ 2004-08-11 18:45:10 827,392 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsetsdk.exe
+ 2004-08-10 23:38:52 531,192 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmod.dll
+ 2004-08-10 22:45:14 936,960 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmoe.dll
+ 2004-08-10 23:38:52 1,181,944 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvadvd.dll
+ 2004-08-10 22:45:18 1,509,376 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvadve.dll
+ 2006-12-07 06:40:49 2,362,184 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvcore.dll
+ 2004-08-10 23:38:56 871,160 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmod.dll
+ 2004-08-10 22:45:14 999,424 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmoe2.dll
+ 2004-08-10 20:05:56 38,912 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpd_ci.dll
+ 2004-08-10 20:05:44 61,952 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdconns.dll
+ 2004-08-10 20:05:46 114,176 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdmtp.dll
+ 2004-08-10 20:05:46 66,560 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdmtpus.dll
+ 2004-08-10 20:05:54 327,680 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdsp.dll
+ 2004-08-10 20:05:50 18,944 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdusb.sys
+ 2006-05-20 15:16:00 1,184,984 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wvc1dmod.dll
+ 2004-08-11 18:45:18 9,216 -c----w C:\WINDOWS\$NtUninstallwmp11$\asferror.dll
+ 2004-08-11 18:45:08 344,064 -c----w C:\WINDOWS\$NtUninstallwmp11$\mpvis.dll
+ 2004-09-13 11:15:34 827,392 -c----w C:\WINDOWS\$NtUninstallwmp11$\setup_wm.exe
+ 2006-05-16 16:11:54 213,216 -c----w C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe
+ 2006-05-16 16:11:54 377,568 -c----w C:\WINDOWS\$NtUninstallwmp11$\spuninst\updspapi.dll
+ 2004-08-11 18:45:10 196,608 -c----w C:\WINDOWS\$NtUninstallwmp11$\unregmp2.exe
+ 2004-08-11 18:45:18 228,352 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmerror.dll
+ 2004-08-10 19:52:18 122,880 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmlaunch.exe
+ 2007-04-30 06:20:24 5,537,792 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmp.dll
+ 2004-08-10 22:45:16 135,168 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpasf.dll
+ 2004-08-11 18:45:10 77,824 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpband.dll
+ 2004-08-10 22:45:16 282,624 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpdxm.dll
+ 2004-08-10 19:52:18 28,672 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpenc.exe
+ 2004-08-10 22:45:14 1,589,760 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpencen.dll
+ 2004-08-11 18:45:10 73,728 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmplayer.exe
+ 2004-08-11 18:45:12 3,407,872 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmploc.dll
+ 2004-08-11 18:45:12 86,016 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpshell.dll
+ 2004-08-10 22:45:14 175,104 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpsrcwp.dll
+ 2006-09-15 23:05:22 221,488 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe
+ 2006-09-15 23:05:22 379,184 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\updspapi.dll
+ 2006-09-28 17:01:52 58,368 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\WudfCustom.dll
+ 2006-10-04 14:05:26 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
+ 2008-01-15 21:12:38 312,680 ----a-w C:\WINDOWS\Downloaded Program Files\avsniff.dll
+ 2008-01-15 21:12:40 255,336 ----a-w C:\WINDOWS\Downloaded Program Files\avsniffdlgs.dll
+ 2008-02-06 00:00:00 2,504 ----a-w C:\WINDOWS\Downloaded Program Files\catalog.dat
+ 2008-01-15 21:02:44 42,112 ----a-w C:\WINDOWS\Downloaded Program Files\ecmldr32.dll
+ 2008-02-06 00:00:00 284,016 ----a-w C:\WINDOWS\Downloaded Program Files\ecmsvr32.dll
+ 2008-01-15 21:02:58 201,896 ----a-w C:\WINDOWS\Downloaded Program Files\navapi32.dll
+ 2008-02-06 00:00:00 128,368 ----a-w C:\WINDOWS\Downloaded Program Files\naveng32.dll
+ 2008-02-06 00:00:00 943,472 ----a-w C:\WINDOWS\Downloaded Program Files\navex32a.dll
+ 2008-01-15 21:12:48 296,336 ----a-w C:\WINDOWS\Downloaded Program Files\rufsi.dll
+ 2008-02-06 00:00:00 97,776 ----a-w C:\WINDOWS\Downloaded Program Files\scrauth.dat
+ 2008-02-06 00:00:00 403,505 ----a-w C:\WINDOWS\Downloaded Program Files\tcdefs.dat
+ 2008-02-06 00:00:00 2,840,968 ----a-w C:\WINDOWS\Downloaded Program Files\tcscan7.dat
+ 2008-02-06 00:00:00 441,991 ----a-w C:\WINDOWS\Downloaded Program Files\tcscan8.dat
+ 2008-02-06 00:00:00 1,028,956 ----a-w C:\WINDOWS\Downloaded Program Files\tcscan9.dat
+ 2008-02-06 00:00:00 1,957 ----a-w C:\WINDOWS\Downloaded Program Files\tinfl.dat
+ 2008-02-06 00:00:00 69,307 ----a-w C:\WINDOWS\Downloaded Program Files\tscan1.dat
+ 2008-02-06 00:00:00 3,678 ----a-w C:\WINDOWS\Downloaded Program Files\tscan1hd.dat
+ 2008-02-06 00:00:00 998,934 ----a-w C:\WINDOWS\Downloaded Program Files\virscan1.dat
+ 2008-02-06 00:00:00 571,098 ----a-w C:\WINDOWS\Downloaded Program Files\virscan2.dat
+ 2008-02-06 00:00:00 151,328 ----a-w C:\WINDOWS\Downloaded Program Files\virscan3.dat
+ 2008-02-06 00:00:00 320,253 ----a-w C:\WINDOWS\Downloaded Program Files\virscan4.dat
+ 2008-02-06 00:00:00 6,062,071 ----a-w C:\WINDOWS\Downloaded Program Files\virscan5.dat
+ 2008-02-06 00:00:00 392,918 ----a-w C:\WINDOWS\Downloaded Program Files\virscan6.dat
+ 2008-02-06 00:00:00 22,250,096 ----a-w C:\WINDOWS\Downloaded Program Files\virscan7.dat
+ 2008-02-06 00:00:00 1,937,195 ----a-w C:\WINDOWS\Downloaded Program Files\virscan8.dat
+ 2008-02-06 00:00:00 5,616,216 ----a-w C:\WINDOWS\Downloaded Program Files\virscan9.dat
+ 2008-06-14 17:57:40 273,024 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
- 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2000-08-31 06:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 06:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
+ 2002-08-29 12:00:00 2,589 ----a-w C:\WINDOWS\I386\RUNW32.BAT
+ 2007-10-10 23:46:47 124,928 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\advpack.dll
+ 2006-10-17 10:58:06 346,624 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtmsft.dll
+ 2007-10-10 23:46:47 214,528 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtrans.dll
+ 2007-10-10 23:46:47 132,608 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\extmgr.dll
+ 2007-10-10 23:46:47 63,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\icardie.dll
+ 2007-10-10 10:59:01 70,656 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ie4uinit.exe
+ 2007-10-10 23:46:47 153,088 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakeng.dll
+ 2007-10-10 23:46:47 230,400 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieaksie.dll
+ 2007-10-10 05:46:55 161,792 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakui.dll
+ 2007-10-10 23:46:47 383,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dll
+ 2007-10-10 23:46:47 384,512 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iedkcs32.dll
+ 2007-10-10 23:46:49 6,065,664 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieframe.dll
+ 2007-10-10 23:46:49 44,544 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iernonce.dll
+ 2007-10-10 23:46:49 267,776 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iertutil.dll
+ 2007-10-10 10:59:40 13,824 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieudinit.exe
+ 2007-10-10 10:59:13 625,152 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe
+ 2007-10-10 23:46:49 27,648 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\jsproxy.dll
+ 2007-10-10 23:46:49 459,264 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeeds.dll
+ 2007-10-10 23:46:49 52,224 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeedsbs.dll
+ 2007-10-30 23:19:46 3,590,656 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtml.dll
+ 2007-10-10 23:46:50 478,208 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtmled.dll
+ 2007-10-10 23:46:50 193,024 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msrating.dll
+ 2007-10-10 23:46:51 671,232 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mstime.dll
+ 2007-10-10 23:46:51 102,400 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\occache.dll
+ 2006-10-17 10:58:08 44,544 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\pngfilt.dll
+ 2007-03-06 01:14:17 217,312 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:15:25 377,568 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\updspapi.dll
+ 2007-10-10 23:46:51 105,984 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\url.dll
+ 2007-10-10 23:46:52 1,159,680 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\urlmon.dll
+ 2007-10-10 23:46:52 232,960 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\webcheck.dll
+ 2007-10-10 23:46:52 824,832 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
+ 2007-12-07 02:04:44 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-12-19 22:48:07 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-12-07 02:04:44 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-12-07 02:04:44 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-12-07 02:04:44 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-12-06 11:00:26 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-12-07 02:04:44 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-12-07 02:04:44 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-12-07 02:04:44 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-12-07 02:04:45 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-12-07 02:04:46 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-12-07 02:04:46 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-12-07 02:04:46 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-12-06 11:00:51 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-12-07 02:04:47 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-12-07 02:04:47 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-12-07 02:04:47 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-12-08 05:04:50 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-12-07 02:04:48 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-12-07 02:04:48 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-12-07 02:04:49 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-12-07 02:04:49 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2008-01-11 05:32:59 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-03-06 01:14:13 217,312 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:15:25 377,568 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-12-07 02:04:49 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-12-07 02:04:49 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-12-07 02:04:49 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-12-07 02:04:49 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
+ 2008-03-01 12:53:51 124,928 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2008-03-01 12:53:51 347,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2008-03-01 12:53:52 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2008-03-01 12:53:52 133,120 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2008-03-01 12:53:52 63,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll
+ 2008-02-29 08:54:43 70,656 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2008-03-01 12:53:52 153,088 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2008-03-01 12:53:52 230,400 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2008-03-01 12:53:52 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2008-03-01 12:53:53 384,512 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2008-03-01 12:53:56 6,066,176 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll
+ 2008-03-01 12:53:57 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2008-03-01 12:53:57 267,776 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll
+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2008-02-29 08:55:08 625,664 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2008-03-01 12:53:58 27,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2008-03-01 12:53:59 459,264 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll
+ 2008-03-01 12:53:59 52,224 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2008-03-01 16:24:04 3,591,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2008-03-01 12:54:02 478,208 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2008-03-01 12:54:03 193,024 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2008-03-01 12:54:03 671,232 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2008-03-01 12:54:03 102,912 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2008-03-01 12:54:04 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 01:14:13 217,312 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:15:25 377,568 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2008-03-01 12:54:04 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2008-03-01 12:54:04 1,159,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2008-03-01 12:54:05 233,472 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2008-03-01 12:54:05 826,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
- 2004-08-11 18:45:10 196,608 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2007-06-29 10:02:06 318,464 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2004-06-23 21:17:00 2,678 ----a-w C:\WINDOWS\java\Packages\Data\2GQKWPFR.DAT
+ 2004-06-23 21:17:00 2,678 ----a-w C:\WINDOWS\java\Packages\Data\5JXFDRPZ.DAT
+ 2004-06-23 21:17:00 2,678 ----a-w C:\WINDOWS\java\Packages\Data\8VNRPZPJ.DAT
+ 2005-09-03 14:19:06 2,678 ----a-w C:\WINDOWS\java\Packages\Data\DJDZJPF3.DAT
+ 2005-09-03 14:19:06 2,678 ----a-w C:\WINDOWS\java\Packages\Data\FDZ9VLBX.DAT
+ 2004-06-23 21:17:03 2,678 ----a-w C:\WINDOWS\java\Packages\Data\IKBLJZ3F.DAT
+ 2004-06-23 21:17:01 2,678 ----a-w C:\WINDOWS\java\Packages\Data\LB3J7JTN.DAT
+ 2005-09-03 14:19:06 2,678 ----a-w C:\WINDOWS\java\Packages\Data\NT7BJTBF.DAT
+ 2005-09-03 14:19:11 2,678 ----a-w C:\WINDOWS\java\Packages\Data\SSGK6LJV.DAT
+ 2005-09-03 14:19:07 2,678 ----a-w C:\WINDOWS\java\Packages\Data\WXZZ5V1J.DAT
- 2000-08-31 07:00:00 51,200 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 06:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe
+ 2008-07-23 10:13:52 75,906 ----a-w C:\WINDOWS\Plaxo\Users\1526350744\Outlook\content.dat
+ 2008-07-23 10:14:30 18,338 ----a-w C:\WINDOWS\Plaxo\Users\1526350744\Outlook\fmgr2.dat
+ 2008-07-23 10:14:30 121,508 ----a-w C:\WINDOWS\Plaxo\Users\1526350744\Outlook\store.dat
+ 2000-08-31 06:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2004-08-04 08:12:37 1,788 ------w C:\WINDOWS\ServicePackFiles\i386\dcache.bin
+ 2004-08-04 06:07:57 2,944 ------w C:\WINDOWS\ServicePackFiles\i386\drmkaud.sys
+ 2004-08-04 07:58:25 192,512 ------w C:\WINDOWS\ServicePackFiles\i386\msh261.drv
+ 2004-08-04 07:58:25 299,008 ------w C:\WINDOWS\ServicePackFiles\i386\msh263.drv
+ 2004-08-04 07:58:26 23,552 ------w C:\WINDOWS\ServicePackFiles\i386\wdmaud.drv
+ 2004-08-04 07:58:26 146,944 ------w C:\WINDOWS\ServicePackFiles\i386\winspool.drv
+ 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 06:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
+ 2000-08-31 06:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
+ 2002-08-29 12:00:00 2,000 ----a-w C:\WINDOWS\system\KEYBOARD.DRV
+ 2002-08-29 12:00:00 73,760 ----a-w C:\WINDOWS\system\MCIAVI.DRV
+ 2002-08-29 12:00:00 25,296 ----a-w C:\WINDOWS\system\MCISEQ.DRV
+ 2002-08-29 12:00:00 28,160 ----a-w C:\WINDOWS\system\MCIWAVE.DRV
+ 2002-08-29 12:00:00 2,032 ----a-w C:\WINDOWS\system\MOUSE.DRV
+ 2002-08-29 12:00:00 1,744 ----a-w C:\WINDOWS\system\SOUND.DRV
+ 2002-08-29 12:00:00 3,360 ----a-w C:\WINDOWS\system\SYSTEM.DRV
+ 2002-08-29 12:00:00 4,048 ----a-w C:\WINDOWS\system\TIMER.DRV
+ 2002-08-29 12:00:00 2,176 ----a-w C:\WINDOWS\system\VGA.DRV
+ 2002-08-29 12:00:00 13,600 ----a-w C:\WINDOWS\system\WFWNET.DRV
+ 2004-08-04 07:58:26 146,944 ----a-w C:\WINDOWS\system\winspool.drv
+ 2008-03-19 17:23:20 114,688 ----a-w C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
+ 2008-03-19 17:36:22 202,168 ----a-w C:\WINDOWS\system32\Adobe\Director\SwDir.dll
+ 2008-03-19 17:24:02 487,424 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Control.dll
+ 2008-03-19 16:46:26 1,798,144 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\dirapi.dll
+ 2008-03-19 17:24:04 9,216 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2008-03-19 16:36:14 754,688 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gi.dll
+ 2008-03-19 16:36:16 1,145,896 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gt.exe
+ 2008-03-19 16:36:14 52,288 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gtapi.dll
+ 2008-03-19 16:42:42 892,928 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\iml32.dll
+ 2008-03-19 17:22:34 249,856 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Plugin.dll
+ 2008-03-19 17:25:36 442,368 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Proj.dll
+ 2008-03-19 17:36:06 439,736 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1100429.exe
+ 2008-03-19 17:26:20 110,592 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe
+ 2008-03-19 17:22:22 94,208 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2008-03-19 16:36:14 50,808 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 1999-06-25 08:55:30 149,504 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\UNWISE.EXE
- 2007-10-10 23:46:47 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-04-23 04:16:29 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2004-08-11 18:45:18 9,216 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2006-11-03 07:54:08 8,192 ----a-w C:\WINDOWS\system32\asferror.dll
- 2004-08-11 18:45:08 482,816 ----a-w C:\WINDOWS\system32\Audiodev.dll
+ 2006-10-18 19:47:08 276,992 ----a-w C:\WINDOWS\system32\audiodev.dll
+ 2008-02-29 04:14:04 223,744 ----a-w C:\WINDOWS\system32\b4fm.dll
- 2004-08-10 23:36:48 233,472 ----a-w C:\WINDOWS\system32\blackbox.dll
+ 2006-10-18 19:47:10 542,720 ----a-w C:\WINDOWS\system32\blackbox.dll
- 2004-08-10 22:45:16 161,792 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2006-10-18 19:47:10 229,376 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2002-08-29 12:00:00 10,544 ----a-w C:\WINDOWS\system32\comm.drv
+ 2004-08-04 08:12:37 1,788 ----a-w C:\WINDOWS\system32\dcache.bin
- 2007-10-10 23:46:47 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-04-23 04:16:29 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-06-20 10:44:38 138,368 -c----w C:\WINDOWS\system32\dllcache\afd.sys
- 2004-08-11 18:45:18 9,216 -c--a-w C:\WINDOWS\system32\dllcache\asferror.dll
+ 2006-11-03 07:54:08 8,192 -c--a-w C:\WINDOWS\system32\dllcache\asferror.dll
- 2004-08-10 23:36:48 233,472 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
+ 2006-10-18 19:47:10 542,720 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
+ 2008-06-14 17:57:40 273,024 -c----w C:\WINDOWS\system32\dllcache\bthport.sys
- 2004-08-10 22:45:16 161,792 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
+ 2006-10-18 19:47:10 229,376 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
+ 2008-03-25 04:50:25 554,008 -c----w C:\WINDOWS\system32\dllcache\dao360.dll
- 2006-06-26 17:40:34 148,480 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:39:48 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:33:54 45,568 -c----w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
- 2004-08-10 23:36:58 527,360 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
+ 2006-10-18 19:47:10 991,744 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
- 2006-10-17 10:58:06 346,624 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-23 04:16:29 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-10-10 23:46:47 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-23 04:16:29 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-10-10 23:46:47 132,608 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-23 04:16:29 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-06-19 13:31:19 282,112 -c----w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2008-02-20 06:50:29 282,624 -c----w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2007-10-10 23:46:47 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-04-23 04:16:29 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2007-10-10 10:59:01 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-04-22 07:39:48 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-10-10 23:46:47 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-04-23 04:16:29 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-10-10 23:46:47 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-04-23 04:16:29 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-10-10 05:46:55 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-04-20 05:07:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2007-10-10 23:46:47 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-04-23 04:16:29 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2007-10-10 23:46:47 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-04-23 04:16:29 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-10-10 23:46:49 6,065,664 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-04-23 04:16:30 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-10-10 23:46:49 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-04-23 04:16:30 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-10-10 23:46:49 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-04-23 04:16:30 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2007-10-10 10:59:40 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2007-10-10 10:59:13 625,152 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-04-22 07:40:19 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-10-10 23:46:49 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-23 04:16:30 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2002-08-29 12:00:00 2,000 -c--a-w C:\WINDOWS\system32\dllcache\keyboard.drv
- 2004-08-10 20:07:06 6,656 -c--a-w C:\WINDOWS\system32\dllcache\laprxy.dll
+ 2006-10-18 19:47:14 11,264 -c--a-w C:\WINDOWS\system32\dllcache\LAPRXY.dll
- 2004-08-10 19:46:46 96,768 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
+ 2006-10-18 18:03:58 100,864 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
+ 2002-08-29 12:00:00 2,560 -c--a-w C:\WINDOWS\system32\dllcache\lz32.dll
+ 2002-08-29 12:00:00 73,760 -c--a-w C:\WINDOWS\system32\dllcache\mciavi.drv
+ 2002-08-29 12:00:00 25,296 -c--a-w C:\WINDOWS\system32\dllcache\mciseq.drv
+ 2002-08-29 12:00:00 28,160 -c--a-w C:\WINDOWS\system32\dllcache\mciwave.drv
+ 2002-08-29 12:00:00 2,032 -c--a-w C:\WINDOWS\system32\dllcache\mouse.drv
+ 2007-12-18 09:51:35 179,584 -c----w C:\WINDOWS\system32\dllcache\mrxdav.sys
+ 2008-02-26 11:59:49 294,912 -c----w C:\WINDOWS\system32\dllcache\msctf.dll
+ 2008-03-25 04:50:28 518,944 -c----w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:30 326,432 -c----w C:\WINDOWS\system32\dllcache\msexcl40.dll
- 2007-10-10 23:46:49 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-04-23 04:16:30 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2007-10-10 23:46:49 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-04-23 04:16:30 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2007-10-30 23:19:46 3,590,656 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-23 20:16:32 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-10-10 23:46:50 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-23 04:16:31 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-25 04:50:34 1,516,568 -c----w C:\WINDOWS\system32\dllcache\msjet40.dll
- 2004-03-01 18:52:15 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:51:12 187,168 -c----w C:\WINDOWS\system32\dllcache\msjint40.dll
+ 2008-03-25 04:50:42 60,192 -c----w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 248,608 -c----w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:44 219,936 -c----w C:\WINDOWS\system32\dllcache\msltus40.dll
- 2004-08-10 23:36:42 141,312 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
+ 2006-10-18 19:47:16 179,712 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
+ 2008-03-25 04:50:45 355,104 -c----w C:\WINDOWS\system32\dllcache\mspbde40.dll
- 2004-08-10 22:45:16 169,472 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
+ 2006-10-18 19:47:16 175,616 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
- 2007-10-10 23:46:50 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-23 04:16:31 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-25 04:50:47 432,928 -c----w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:49 322,336 -c----w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:52 559,904 -c----w C:\WINDOWS\system32\dllcache\msrepl40.dll
- 2004-08-10 23:38:46 360,176 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
+ 2006-12-04 14:21:50 414,720 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
+ 2008-03-25 04:50:55 264,992 -c----w C:\WINDOWS\system32\dllcache\mstext40.dll
- 2007-10-10 23:46:51 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-23 04:16:31 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-25 04:50:57 838,432 -c----w C:\WINDOWS\system32\dllcache\mswdat10.dll
- 2004-08-11 18:45:08 311,808 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
+ 2006-10-18 19:47:16 321,536 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
+ 2008-06-20 17:39:48 247,296 -c----w C:\WINDOWS\system32\dllcache\mswsock.dll
+ 2008-03-25 04:51:12 621,344 -c----w C:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:50:58 355,104 -c----w C:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2002-08-29 12:00:00 2,944 -c--a-w C:\WINDOWS\system32\dllcache\null.sys
- 2007-10-10 23:46:51 102,400 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-04-23 04:16:31 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2007-05-17 11:28:50 549,376 -c----w C:\WINDOWS\system32\dllcache\oleaut32.dll
+ 2007-12-04 18:40:03 550,912 -c----w C:\WINDOWS\system32\dllcache\oleaut32.dll
- 2006-10-17 10:58:08 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-23 04:16:31 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2004-08-10 22:45:18 221,184 -c--a-w C:\WINDOWS\system32\dllcache\qasf.dll
+ 2006-10-18 19:47:18 211,456 -c--a-w C:\WINDOWS\system32\dllcache\qasf.dll
- 2007-10-29 22:42:30 1,293,312 -c----w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:14:45 1,293,312 -c----w C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2004-09-13 11:15:34 827,392 -c--a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
+ 2006-11-03 08:02:20 1,678,848 -c--a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
+ 2002-08-29 12:00:00 1,744 -c--a-w C:\WINDOWS\system32\dllcache\sound.drv
+ 2002-08-29 12:00:00 3,360 -c--a-w C:\WINDOWS\system32\dllcache\system.drv
- 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2008-06-20 10:45:13 360,320 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2006-08-16 09:37:30 225,664 -c----w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2002-08-29 12:00:00 4,048 -c--a-w C:\WINDOWS\system32\dllcache\timer.drv
- 2004-08-11 18:45:10 196,608 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2007-06-29 10:02:06 318,464 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
- 2007-10-10 23:46:51 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-04-23 04:16:31 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2007-10-10 23:46:52 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-23 04:16:31 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2002-08-29 12:00:00 2,176 -c--a-w C:\WINDOWS\system32\dllcache\vga.drv
- 2007-10-10 23:46:52 232,960 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-04-23 04:16:32 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2002-08-29 12:00:00 13,600 -c--a-w C:\WINDOWS\system32\dllcache\wfwnet.drv
- 2007-03-08 15:32:24 1,843,712 -c----w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2008-03-20 08:03:19 1,845,376 -c----w C:\WINDOWS\system32\dllcache\win32k.sys
- 2007-10-10 23:46:52 824,832 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-23 04:16:32 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2002-08-29 12:00:00 2,864 -c--a-w C:\WINDOWS\system32\dllcache\winsock.dll
+ 2002-08-29 12:00:00 2,112 -c--a-w C:\WINDOWS\system32\dllcache\winspool.exe
- 2004-08-10 23:38:48 380,144 -c--a-w C:\WINDOWS\system32\dllcache\wmadmod.dll
+ 2006-10-18 19:47:18 757,248 -c--a-w C:\WINDOWS\system32\dllcache\WMADMOD.dll
- 2004-08-10 22:45:16 712,704 -c--a-w C:\WINDOWS\system32\dllcache\wmadmoe.dll
+ 2006-10-18 19:47:18 1,117,696 -c--a-w C:\WINDOWS\system32\dllcache\WMADMOE.dll
- 2007-10-20 05:01:32 227,328 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2007-10-25 07:28:30 222,720 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
- 2004-08-10 22:45:16 30,208 -c--a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
+ 2006-10-18 19:47:18 33,792 -c--a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
- 2004-08-10 22:45:16 34,304 -c--a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
+ 2006-10-18 19:47:18 37,376 -c--a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
- 2004-08-10 22:41:04 1,027,072 -c--a-w C:\WINDOWS\system32\dllcache\wmnetmgr.dll
+ 2006-10-18 19:47:20 937,984 -c--a-w C:\WINDOWS\system32\dllcache\WMNetMgr.dll
- 2004-08-11 18:45:10 73,728 -c--a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
+ 2006-11-03 07:56:14 64,000 -c--a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
- 2004-08-11 18:45:12 3,407,872 -c--a-w C:\WINDOWS\system32\dllcache\wmploc.dll
+ 2006-11-03 08:02:58 8,282,112 -c--a-w C:\WINDOWS\system32\dllcache\wmploc.dll
- 2004-08-11 18:45:12 86,016 -c--a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
+ 2006-11-03 07:56:20 99,840 -c--a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
- 2004-08-10 23:39:00 773,368 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
+ 2006-10-18 19:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
- 2006-12-07 06:40:49 2,362,184 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2006-10-18 19:47:22 2,450,944 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
- 2004-08-10 23:38:56 871,160 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
+ 2006-10-18 19:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
+ 2002-08-29 12:00:00 2,736 -c--a-w C:\WINDOWS\system32\dllcache\wowdeb.exe
- 2006-06-26 17:40:34 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:39:48 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2004-08-04 07:57:17 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
+ 2008-02-20 05:33:54 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
- 2007-10-11 21:48:41 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2008-07-26 17:16:06 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
- 2007-06-04 13:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
+ 2008-04-29 09:19:50 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
- 2007-06-04 13:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
+ 2008-04-29 09:19:54 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
+ 2006-05-19 21:16:24 2,432 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
+ 2006-05-19 21:16:24 2,560 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
+ 2004-08-04 06:07:57 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
- 2004-08-04 06:00:56 181,248 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
+ 2007-12-18 09:51:35 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
+ 2001-08-17 13:00:04 2,944 ----a-w C:\WINDOWS\system32\drivers\msmpu401.sys
- 2007-06-04 13:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
+ 2008-04-29 09:20:00 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
+ 2002-08-29 12:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
- 2006-07-13 08:48:58 202,240 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
+ 2008-05-08 12:28:49 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
- 2007-05-24 18:54:59 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
+ 2008-05-25 19:29:32 21,248 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
+ 2006-10-18 19:47:22 671,232 ------w C:\WINDOWS\system32\drivers\UMDF\wpdmtpdr.dll
- 2004-08-10 20:05:50 18,944 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-10-18 18:00:00 38,528 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-09-28 16:55:50 77,568 ------w C:\WINDOWS\system32\drivers\WudfPf.sys
+ 2006-09-28 17:00:34 82,944 ------w C:\WINDOWS\system32\drivers\WudfRd.sys
+ 2006-10-18 18:00:46 249,856 ------w C:\WINDOWS\system32\drmupgds.exe
- 2004-08-10 23:36:58 527,360 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2006-10-18 19:47:10 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll
- 2006-10-17 10:58:06 346,624 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-23 04:16:29 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-10-10 23:46:47 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-23 04:16:29 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-10-10 23:46:47 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-23 04:16:29 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2007-04-15 07:27:05 226,408 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-06-15 09:31:08 235,960 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-06-19 13:31:19 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll
+ 2008-02-20 06:50:29 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
- 2007-10-10 23:46:47 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-04-23 04:16:29 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-10-10 10:59:01 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-04-22 07:39:48 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-10-10 23:46:47 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-04-23 04:16:29 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2007-10-10 23:46:47 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-04-23 04:16:29 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2007-10-10 05:46:55 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-10-10 23:46:47 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-04-23 04:16:29 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-10-10 23:46:47 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-23 04:16:29 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-10-10 23:46:49 6,065,664 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-04-23 04:16:30 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-10-10 23:46:49 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-04-23 04:16:30 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-10-10 23:46:49 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-04-23 04:16:30 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-10-10 10:59:40 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-06-09 23:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-09 23:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 00:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2007-10-10 23:46:49 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-23 04:16:30 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2002-08-29 12:00:00 2,000 ----a-w C:\WINDOWS\system32\keyboard.drv
+ 2002-08-29 12:00:00 226,064 ----a-w C:\WINDOWS\system32\lanman.drv
- 2004-08-10 20:07:06 6,656 ----a-w C:\WINDOWS\system32\laprxy.dll
+ 2006-10-18 19:47:14 11,264 ----a-w C:\WINDOWS\system32\LAPRXY.dll
- 2004-08-10 19:46:46 96,768 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2006-10-18 18:03:58 100,864 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2002-08-29 12:00:00 2,560 ----a-w C:\WINDOWS\system32\lz32.dll
- 2000-03-17 05:56:26 49,152 ----a-w C:\WINDOWS\system32\Macromed\Director\SwDir.dll
+ 2008-01-07 10:26:46 181,672 ----a-w C:\WINDOWS\system32\Macromed\Director\SwDir.dll
+ 2008-01-07 10:27:04 54,696 ----a-w C:\WINDOWS\system32\Macromed\Director\SwDnld.exe
+ 2007-11-20 15:52:00 2,884,992 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2007-11-20 15:52:00 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-03-14 21:29:22 581,632 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Control.dll
+ 2008-01-03 17:01:46 1,490,944 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\dirapi.dll
+ 2008-03-14 21:12:30 1,490,944 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\dirapiX.dll
+ 2008-03-14 21:29:58 24,576 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2008-01-03 17:39:06 1,113,600 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\gi.dll
+ 2008-01-03 16:46:46 52,288 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\gtapi.dll
+ 2008-03-14 21:10:06 606,208 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\iml32X.dll
+ 2008-03-14 21:28:48 339,968 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Plugin.dll
+ 2008-03-14 21:28:56 475,136 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\PluginPing.dll
+ 2008-03-14 21:21:52 180,224 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Proj.dll
+ 2008-01-07 10:26:28 390,568 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwHelper_1030024.exe
+ 2008-03-14 21:31:28 77,824 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
+ 2008-01-03 17:18:50 86,016 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwMenu.dll
+ 2008-03-15 09:38:08 86,016 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwMenuX.dll
+ 2008-03-14 21:31:28 98,304 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwOnce.dll
+ 2008-01-03 16:46:44 50,808 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SYMCCHECKER.DLL
+ 1999-06-25 09:55:30 149,504 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE
+ 2002-08-29 12:00:00 73,760 ----a-w C:\WINDOWS\system32\mciavi.drv
+ 2002-08-29 12:00:00 25,296 ----a-w C:\WINDOWS\system32\mciseq.drv
+ 2002-08-29 12:00:00 28,160 ----a-w C:\WINDOWS\system32\mciwave.drv
+ 2006-10-18 19:47:14 212,992 ------w C:\WINDOWS\system32\MFPLAT.dll
+ 2002-08-29 12:00:00 2,032 ----a-w C:\WINDOWS\system32\mouse.drv
+ 2006-10-18 19:47:14 259,072 ------w C:\WINDOWS\system32\MP43DECD.dll
- 2004-08-04 07:57:24 310,272 ----a-w C:\WINDOWS\system32\mp43dmod.dll
+ 2006-10-18 19:47:14 4,096 ----a-w C:\WINDOWS\system32\MP43DMOD.dll
+ 2006-10-18 19:47:14 317,440 ------w C:\WINDOWS\system32\MP4SDECD.dll
- 2004-08-04 07:57:24 384,512 ----a-w C:\WINDOWS\system32\mp4sdmod.dll
+ 2006-10-18 19:47:14 4,096 ----a-w C:\WINDOWS\system32\MP4SDMOD.dll
+ 2006-10-18 19:47:14 259,072 ------w C:\WINDOWS\system32\MPG4DECD.dll
- 2004-08-04 07:57:24 240,640 ----a-w C:\WINDOWS\system32\mpg4dmod.dll
+ 2006-10-18 19:47:14 4,096 ----a-w C:\WINDOWS\system32\MPG4DMOD.dll
- 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2002-08-29 12:00:00 20,992 ----a-w C:\WINDOWS\system32\msacm32.drv
- 2004-08-04 07:57:24 294,400 ----a-w C:\WINDOWS\system32\msctf.dll
+ 2008-02-26 11:59:49 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
+ 2006-10-02 13:28:42 312,128 ------w C:\WINDOWS\system32\msdelta.dll
- 2004-08-04 07:57:26 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2004-08-04 07:57:26 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
- 2007-10-10 23:46:49 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-04-23 04:16:30 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-10-10 23:46:49 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-04-23 04:16:30 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2004-08-04 07:58:25 192,512 ----a-w C:\WINDOWS\system32\msh261.drv
+ 2004-08-04 07:58:25 299,008 ----a-w C:\WINDOWS\system32\msh263.drv
- 2007-10-30 23:19:46 3,590,656 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-23 20:16:32 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-10-10 23:46:50 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-23 04:16:31 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-04 07:57:26 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2004-03-01 18:52:15 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2004-08-04 07:57:26 180,255 ----a-w C:\WINDOWS\system32\msjint40.dll
+ 2008-03-25 04:51:12 187,168 ----a-w C:\WINDOWS\system32\msjint40.dll
- 2004-08-04 07:57:26 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
- 2004-08-04 07:57:26 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2004-08-04 07:57:27 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
- 2004-08-10 23:36:42 141,312 ----a-w C:\WINDOWS\system32\msnetobj.dll
+ 2006-10-18 19:47:16 179,712 ----a-w C:\WINDOWS\system32\msnetobj.dll
- 2004-08-04 07:57:28 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2004-08-10 22:45:16 25,088 ----a-w C:\WINDOWS\system32\MsPMSNSv.dll
+ 2006-10-18 19:47:16 27,136 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
- 2004-08-10 22:45:16 169,472 ----a-w C:\WINDOWS\system32\MsPMSP.dll
+ 2006-10-18 19:47:16 175,616 ----a-w C:\WINDOWS\system32\mspmsp.dll
- 2007-10-10 23:46:50 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-23 04:16:31 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2004-08-04 07:57:28 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2004-08-04 07:57:28 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
- 2004-08-04 07:57:28 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
- 2004-08-10 23:38:46 360,176 ----a-w C:\WINDOWS\system32\MSSCP.dll
+ 2006-12-04 14:21:50 414,720 ----a-w C:\WINDOWS\system32\msscp.dll
- 2004-08-04 07:57:28 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
- 2007-10-10 23:46:51 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-23 04:16:31 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2004-08-04 07:57:28 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
- 2004-08-11 18:45:08 311,808 ----a-w C:\WINDOWS\system32\MSWMDM.dll
+ 2006-10-18 19:47:16 321,536 ----a-w C:\WINDOWS\system32\mswmdm.dll
- 2004-08-04 07:57:29 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll
+ 2008-03-25 04:51:12 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
- 2004-08-04 07:57:29 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
- 2007-10-10 23:46:51 102,400 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-04-23 04:16:31 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2007-05-17 11:28:50 549,376 ----a-w C:\WINDOWS\system32\oleaut32.dll
+ 2007-12-04 18:40:03 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
- 2007-10-28 08:22:16 63,610 ----a-w C:\WINDOWS\system32\perfc007.dat
+ 2008-05-17 10:30:54 63,610 ----a-w C:\WINDOWS\system32\perfc007.dat
- 2007-10-28 08:22:16 46,920 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-17 10:30:54 46,920 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-10-28 08:22:16 398,034 ----a-w C:\WINDOWS\system32\perfh007.dat
+ 2008-05-17 10:30:54 398,034 ----a-w C:\WINDOWS\system32\perfh007.dat
- 2007-10-28 08:22:16 366,510 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-17 10:30:54 366,510 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2006-10-17 10:58:08 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-23 04:16:31 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2006-10-18 19:47:18 284,160 ------w C:\WINDOWS\system32\PortableDeviceApi.dll
+ 2006-10-18 19:47:18 101,888 ------w C:\WINDOWS\system32\PortableDeviceClassExtension.dll
+ 2006-10-18 19:47:18 166,912 ------w C:\WINDOWS\system32\PortableDeviceTypes.dll
+ 2006-10-18 19:47:18 132,096 ------w C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
+ 2006-10-18 19:47:18 199,168 ------w C:\WINDOWS\system32\PortableDeviceWMDRM.dll
- 2007-03-07 23:51:00 547,576 ------w C:\WINDOWS\system32\px.dll
+ 2008-05-22 22:22:14 551,672 ------w C:\WINDOWS\system32\px.dll
- 2007-03-07 23:51:00 64,760 ------w C:\WINDOWS\system32\pxcpya64.exe
+ 2008-05-22 22:22:14 66,296 ------w C:\WINDOWS\system32\pxcpya64.exe
- 2007-03-07 23:51:00 510,712 ------w C:\WINDOWS\system32\pxdrv.dll
+ 2008-05-22 22:22:16 518,904 ------w C:\WINDOWS\system32\pxdrv.dll
- 2007-03-07 23:51:00 72,440 ------w C:\WINDOWS\system32\pxhpinst.exe
+ 2008-05-22 22:22:16 72,440 ------w C:\WINDOWS\system32\pxhpinst.exe
- 2007-03-07 23:51:00 64,760 ------w C:\WINDOWS\system32\pxinsa64.exe
+ 2008-05-22 22:22:14 64,760 ------w C:\WINDOWS\system32\pxinsa64.exe
- 2007-03-07 23:51:00 187,128 ------w C:\WINDOWS\system32\pxmas.dll
+ 2008-05-22 22:22:16 187,128 ------w C:\WINDOWS\system32\pxmas.dll
- 2007-03-07 23:51:00 1,628,920 ------w C:\WINDOWS\system32\pxsfs.dll
+ 2008-05-22 22:22:16 1,628,920 ------w C:\WINDOWS\system32\pxsfs.dll
- 2007-03-07 23:51:00 379,640 ------w C:\WINDOWS\system32\pxwave.dll
+ 2008-05-22 22:22:16 379,640 ------w C:\WINDOWS\system32\pxwave.dll
- 2004-08-10 22:45:18 221,184 ----a-w C:\WINDOWS\system32\qasf.dll
+ 2006-10-18 19:47:18 211,456 ----a-w C:\WINDOWS\system32\qasf.dll
+ 2002-08-29 12:00:00 1,744 ----a-w C:\WINDOWS\system32\sound.drv
- 2006-11-17 14:14:30 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:39:14 18,808 ------w C:\WINDOWS\system32\spmsg.dll
- 2005-06-28 08:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-09-25 15:58:48 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2002-08-29 12:00:00 3,360 ----a-w C:\WINDOWS\system32\system.drv
+ 2002-08-29 12:00:00 4,048 ----a-w C:\WINDOWS\system32\timer.drv
- 2007-10-10 23:46:51 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-04-23 04:16:31 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-10-10 23:46:52 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-23 04:16:31 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-10 20:05:20 47,104 ----a-w C:\WINDOWS\system32\uwdf.exe
+ 2006-10-18 19:58:00 8,704 ----a-w C:\WINDOWS\system32\uwdf.exe
+ 2002-08-29 12:00:00 2,176 ----a-w C:\WINDOWS\system32\vga.drv
- 2007-03-27 07:55:31 39,672 ------w C:\WINDOWS\system32\VXBLOCK.dll
+ 2008-05-22 22:22:14 88,824 ------w C:\WINDOWS\system32\VXBLOCK.dll
- 2004-08-10 20:05:12 15,872 ----a-w C:\WINDOWS\system32\wdfapi.dll
+ 2006-10-18 19:47:18 4,096 ----a-w C:\WINDOWS\system32\wdfapi.dll
- 2004-08-10 20:05:14 38,912 ----a-w C:\WINDOWS\system32\wdfmgr.exe
+ 2006-10-18 19:58:00 8,704 ----a-w C:\WINDOWS\system32\wdfmgr.exe
+ 2004-08-04 07:58:26 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv
- 2007-10-10 23:46:52 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-04-23 04:16:32 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2002-08-29 12:00:00 13,600 ----a-w C:\WINDOWS\system32\wfwnet.drv
- 2007-03-08 15:32:24 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys
+ 2008-03-20 08:03:19 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
- 2007-10-10 23:46:52 824,832 --s-a-w C:\WINDOWS\system32\wininet.dll
+ 2008-04-23 04:16:32 826,368 --s-a-w C:\WINDOWS\system32\wininet.dll
+ 2002-08-29 12:00:00 2,864 ----a-w C:\WINDOWS\system32\winsock.dll
+ 2004-08-04 07:58:26 146,944 ----a-w C:\WINDOWS\system32\winspool.drv
+ 2002-08-29 12:00:00 2,112 ----a-w C:\WINDOWS\system32\winspool.exe
- 2004-08-10 23:38:48 380,144 ----a-w C:\WINDOWS\system32\wmadmod.dll
+ 2006-10-18 19:47:18 757,248 ----a-w C:\WINDOWS\system32\WMADMOD.dll
- 2004-08-10 22:45:16 712,704 ----a-w C:\WINDOWS\system32\wmadmoe.dll
+ 2006-10-18 19:47:18 1,117,696 ----a-w C:\WINDOWS\system32\WMADMOE.dll
- 2007-10-20 05:01:32 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-25 07:28:30 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
- 2004-08-10 22:45:16 30,208 ----a-w C:\WINDOWS\system32\WMDMLOG.dll
+ 2006-10-18 19:47:18 33,792 ----a-w C:\WINDOWS\system32\wmdmlog.dll
- 2004-08-10 22:45:16 34,304 ----a-w C:\WINDOWS\system32\WMDMPS.dll
+ 2006-10-18 19:47:18 37,376 ----a-w C:\WINDOWS\system32\wmdmps.dll
- 2004-08-10 23:37:04 344,064 ----a-w C:\WINDOWS\system32\WMDRMdev.dll
+ 2006-10-18 19:47:18 429,056 ----a-w C:\WINDOWS\system32\wmdrmdev.dll
- 2004-08-10 23:37:06 290,816 ----a-w C:\WINDOWS\system32\WMDRMNet.dll
+ 2006-10-18 19:47:20 348,672 ----a-w C:\WINDOWS\system32\wmdrmnet.dll
+ 2006-10-18 19:47:20 535,040 ------w C:\WINDOWS\system32\wmdrmsdk.dll
- 2004-08-11 18:45:18 228,352 ----a-w C:\WINDOWS\system32\wmerror.dll
+ 2006-11-03 07:55:54 275,968 ----a-w C:\WINDOWS\system32\wmerror.dll
- 2004-08-10 20:07:06 150,016 ----a-w C:\WINDOWS\system32\wmidx.dll
+ 2006-10-18 19:47:20 157,184 ----a-w C:\WINDOWS\system32\wmidx.dll
- 2004-08-10 22:41:04 1,027,072 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
+ 2006-10-18 19:47:20 937,984 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
- 2007-04-30 06:20:24 5,537,792 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-06-11 21:51:12 10,834,944 ----a-w C:\WINDOWS\system32\wmp.dll
- 2004-08-10 22:45:16 135,168 ----a-w C:\WINDOWS\system32\wmpasf.dll
+ 2006-10-18 19:47:20 242,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
- 2004-08-10 22:45:16 282,624 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-18 19:47:20 314,880 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-18 19:47:20 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
- 2004-08-10 22:45:14 1,589,760 ----a-w C:\WINDOWS\system32\wmpencen.dll
+ 2006-10-18 19:47:20 1,661,440 ----a-w C:\WINDOWS\system32\wmpencen.dll
- 2004-08-11 18:45:12 3,407,872 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-11-03 08:02:58 8,282,112 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-18 19:47:20 613,376 ------w C:\WINDOWS\system32\wmpmde.dll
+ 2006-10-18 19:47:20 130,048 ------w C:\WINDOWS\system32\wmpps.dll
- 2004-08-11 18:45:12 86,016 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2006-11-03 07:56:20 99,840 ----a-w C:\WINDOWS\system32\wmpshell.dll
- 2004-08-10 22:45:14 175,104 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
+ 2006-10-18 19:47:20 204,288 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
- 2004-08-10 23:39:00 773,368 ----a-w C:\WINDOWS\system32\wmsdmod.dll
+ 2006-10-18 19:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmod.dll
- 2004-08-10 22:45:14 1,116,160 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
+ 2006-10-18 19:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
- 2004-08-10 23:38:52 531,192 ----a-w C:\WINDOWS\system32\wmspdmod.dll
+ 2006-10-18 19:47:22 603,648 ----a-w C:\WINDOWS\system32\WMSPDMOD.dll
- 2004-08-10 22:45:14 936,960 ----a-w C:\WINDOWS\system32\wmspdmoe.dll
+ 2006-10-18 19:47:22 1,329,152 ----a-w C:\WINDOWS\system32\WMSPDMOE.dll
- 2004-08-10 23:38:52 1,181,944 ----a-w C:\WINDOWS\system32\wmvadvd.dll
+ 2006-10-18 19:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVD.dll
- 2004-08-10 22:45:18 1,509,376 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
+ 2006-10-18 19:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
- 2006-12-07 06:40:49 2,362,184 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-18 19:47:22 2,450,944 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-18 19:47:22 1,543,680 ------w C:\WINDOWS\system32\WMVDECOD.dll
- 2004-08-10 23:38:56 871,160 ----a-w C:\WINDOWS\system32\wmvdmod.dll
+ 2006-10-18 19:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmod.dll
- 2004-08-10 22:45:14 999,424 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-18 19:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-18 19:47:22 1,574,912 ------w C:\WINDOWS\system32\WMVENCOD.dll
+ 2006-10-18 19:47:22 1,382,912 ------w C:\WINDOWS\system32\WMVSDECD.dll
+ 2006-10-18 19:47:22 767,488 ------w C:\WINDOWS\system32\WMVSENCD.dll
+ 2006-10-18 19:47:22 656,896 ------w C:\WINDOWS\system32\WMVXENCD.dll
+ 2002-08-29 12:00:00 2,736 ----a-w C:\WINDOWS\system32\wowdeb.exe
- 2004-08-10 20:05:56 38,912 ----a-w C:\WINDOWS\system32\wpd_ci.dll
+ 2006-10-18 19:47:22 629,760 ----a-w C:\WINDOWS\system32\wpd_ci.dll
- 2004-08-10 20:05:44 61,952 ----a-w C:\WINDOWS\system32\wpdconns.dll
+ 2006-10-18 19:47:22 35,840 ----a-w C:\WINDOWS\system32\wpdconns.dll
- 2004-08-10 20:05:46 114,176 ----a-w C:\WINDOWS\system32\wpdmtp.dll
+ 2006-10-18 19:47:22 154,624 ----a-w C:\WINDOWS\system32\wpdmtp.dll
- 2004-08-10 20:05:46 66,560 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-18 19:47:22 63,488 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-18 19:47:22 2,603,008 ------w C:\WINDOWS\system32\WpdShext.dll
+ 2006-10-18 18:00:14 17,408 ------w C:\WINDOWS\system32\wpdshextautoplay.exe
+ 2006-11-02 09:51:52 43,008 ------w C:\WINDOWS\system32\wpdshextres.dll
+ 2006-10-18 19:47:22 133,632 ------w C:\WINDOWS\system32\WPDShServiceObj.dll
- 2004-08-10 20:05:54 327,680 ----a-w C:\WINDOWS\system32\wpdsp.dll
+ 2006-10-18 19:47:22 356,352 ----a-w C:\WINDOWS\system32\wpdsp.dll
+ 2006-09-28 18:13:26 95,344 ------w C:\WINDOWS\system32\WUDFCoinstaller.dll
+ 2006-09-28 16:56:38 146,432 ------w C:\WINDOWS\system32\WudfHost.exe
+ 2006-09-28 16:56:16 165,376 ------w C:\WINDOWS\system32\WudfPlatform.dll
+ 2006-09-28 16:56:14 55,808 ------w C:\WINDOWS\system32\WudfSvc.dll
+ 2006-09-28 16:56:38 316,416 ------w C:\WINDOWS\system32\WUDFx.dll
+ 2000-08-31 06:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe
+ 2008-04-09 22:51:29 451,072 ----a-w C:\WINDOWS\WinAVI Video Converter 9.0\uninstall.exe
+ 2000-08-31 06:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 61,440 2003-02-11 11:02:48 C:\hp\KBD\bak\KBD.EXE

----a-w 245,248 2003-09-09 10:28:13 C:\Programme\0900 Alarm\bak\0900Alarm.exe

----a-r 313,472 2006-03-30 14:45:08 C:\Programme\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe

----a-w 88,064 2005-04-15 08:26:42 C:\Programme\Agnitum\Outpost Firewall 1.0\bak\outpost.exe

----a-w 249,896 2007-10-11 21:48:36 C:\Programme\AntiVir PersonalEdition Classic\bak\avgnt.exe
----a-w 266,497 2008-07-26 17:16:06 C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe

----a-w 598,528 2002-08-02 16:02:14 C:\Programme\Ashampoo\Ashampoo UnInstaller 2002-2003\bak\UIWatcher.exe

----a-w 310,272 2005-05-27 09:24:52 C:\Programme\FreePDF_XP\bak\fpassist.exe

----a-w 180,269 2005-11-18 22:08:02 C:\Programme\Gemeinsame Dateien\Real\Update_OB\bak\realsched.exe

----a-w 155,648 2003-02-12 23:01:00 C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\bak\sgtray.exe

----a-w 278,528 2006-02-23 13:45:20 C:\Programme\iTunes\bak\iTunesHelper.exe

----a-w 477,696 2004-09-23 12:19:52 C:\Programme\MSI\Live Update 3\bak\LMonitor.exe

----a-w 155,648 2006-05-09 07:08:48 C:\Programme\QuickTime\bak\qttask.exe

----a-w 590,336 2002-11-14 15:23:10 C:\Programme\SICHERHEIT\Trojancheck 6\bak\tcguard.exe

----a-w 81,920 2005-01-24 18:58:02 C:\Programme\Sony\SonicStage\bak\SsAAD.exe

----a-w 35,328 2007-05-14 22:22:22 C:\Programme\Winamp\bak\winampa.exe
----a-w 37,376 2008-01-15 22:54:54 C:\Programme\Winamp\winampa.exe

----a-w 116,736 2004-12-03 13:20:30 C:\WINDOWS\Plaxo\2.1.0.80\bak\InstallStub.exe

----a-w 15,360 2004-08-04 07:57:48 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 07:57:48 C:\WINDOWS\system32\ctfmon.exe

.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B904910-78A4-489D-A825-5111B883A5B2}]
2008-07-23 14:31 36352 --------- C:\WINDOWS\system32\wvUmjKaa.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:57 15360]
"Skype"="C:\Programme\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]
"0900 Alarm"="C:\Programme\0900 Alarm\bak\0900Alarm.exe" [2003-09-09 12:28 245248]
"UIWatcher"="C:\Programme\Ashampoo\Ashampoo UnInstaller 2002-2003\UIWatcher.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-28 15:19 4841472]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-26 19:16 266497]
"!AVG Anti-Spyware"="C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"WinampAgent"="C:\Programme\Winamp\winampa.exe" [2008-01-16 00:54 37376]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"nwiz"="nwiz.exe" [2003-07-28 15:19 323584 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2003-01-20 11:48 47104 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:57 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 11 (0xb)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{9B904910-78A4-489D-A825-5111B883A5B2}"= "C:\WINDOWS\system32\wvUmjKaa.dll" [2008-07-23 14:31 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUmjKaa]
2008-07-23 14:31 36352 C:\WINDOWS\system32\wvUmjKaa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programme\\WS_FTP Pro\\wsftppro.exe"=
"C:\\Programme\\iTunes\\iTunes.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=

R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2000-01-08 10:22]
R1 ewido security suite driver;ewido security suite driver;C:\Programme\ewido\security suite\guard.sys [2004-11-22 16:15]
R1 VFILT;Outpost Firewall Kernel Driver;C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\2000\FILTNT.SYS [2005-04-15 10:26]
S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\ADBLOCK.DLL [2005-04-15 10:26]
S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\CONTENT.DLL [2005-04-15 10:26]
S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\DNSCACHE.DLL [2005-04-15 10:26]
S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\FTPFILT.DLL [2005-04-15 10:26]
S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\HTMLFILT.DLL [2005-04-15 10:26]
S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\HTTPFILT.DLL [2005-04-15 10:26]
S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\IMAPFILT.DLL [2005-04-15 10:26]
S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\MAILFILT.DLL [2005-04-15 10:26]
S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\NNTPFILT.DLL [2005-04-15 10:26]
S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\POP3FILT.DLL [2005-04-15 10:26]
S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\PROTECT.DLL [2005-04-15 10:26]
.
Inhalt des "geplante Tasks" Ordners
2008-06-27 C:\WINDOWS\Tasks\1-Klick-Wartung.job - s !7C:\Programme\TuneUp Utilities 2006\SystemOptimizer.exe/schedulestartBoris3Startet die 1-Klick-Wartung zu festgelegten Zeiten0 []
2004-06-24 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1071339507.job - s !>C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I "#Hewlett-Packard#hp psc 2100 series#1071339507"Boris []
2004-06-05 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1077732969.job - s !>C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I "#Hewlett-Packard#hp psc 2100 series#1077732969"Boris []
2008-07-26 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1088034557.job - s !1>C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I "#Hewlett-Packard#hp psc 2100 series#1088034557"Boris01 []
2008-07-26 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Programme\Symantec\LiveUpdate\NDETECT.EXE [2005-01-27 15:39]
.
.
------- Zus„tzlicher Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
R0 -: HKLM-Main,Start Page = about:blank
R0 -: HKLM-Main,Window Title = Arcor AG & Co. KG
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O8 -: &Google-Suche - c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 -: &Ins Deutsche übersetzen - c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html
O8 -: &Winamp Toolbar Search - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 -: Im Cache gespeicherte Seite - c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 -: Verweisseiten - c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 -: Ähnliche Seiten - c:\programme\google\GoogleToolbar1.dll/cmsimilar.html

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} - hxxp://ahnlabdownload.nefficient.co.kr/plugin/myv3/myv3.cab
C:\WINDOWS\Downloaded Program Files\v3prox.inf
C:\WINDOWS\System32\mfc42.dll
C:\WINDOWS\Downloaded Program Files\V3X0804.nls
C:\WINDOWS\Downloaded Program Files\V3X0412.nls
C:\WINDOWS\Downloaded Program Files\V3X0411.nls
C:\WINDOWS\Downloaded Program Files\V3X0409.nls
C:\WINDOWS\Downloaded Program Files\logo_chs.bmp
C:\WINDOWS\Downloaded Program Files\logo_enu.bmp
C:\WINDOWS\Downloaded Program Files\logo_jpn.bmp
C:\WINDOWS\Downloaded Program Files\logo_kor.bmp
C:\WINDOWS\Downloaded Program Files\ahnupctl.dll
C:\WINDOWS\Downloaded Program Files\ahnup.dll
C:\WINDOWS\Downloaded Program Files\v3inet.dll
C:\WINDOWS\Downloaded Program Files\v3hunt.dll
C:\WINDOWS\Downloaded Program Files\v3back.dll
C:\WINDOWS\Downloaded Program Files\v3prox.ocx

O16 -: {87CCFDB0-C4BE-4BC2-A78C-9EAA7CF96667} - hxxp://ps.itv.mop.com/dn/files/vodupdate_1.0.0.8_20051009.cab
C:\WINDOWS\Downloaded Program Files\vodupdate.inf
C:\WINDOWS\Downloaded Program Files\vodupdate.dll

O16 -: {96512D57-F751-4088-A689-5778FCC77F7A} - hxxp://www.studivz.net/lib/photouploader/PhotoUploader.cab
C:\WINDOWS\Downloaded Program Files\PhotoUploader.inf
C:\WINDOWS\system32\unicows.dll
C:\WINDOWS\Downloaded Program Files\PhotoUploader.ocx

O16 -: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} - hxxp://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab
C:\WINDOWS\Downloaded Program Files\nsvplayx_vp6_aac.inf

O16 -: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp10.photoprintit.de/microsite/10551/defaults/activex/IPSUploader.cab
C:\WINDOWS\Downloaded Program Files\IPSUploader.inf
C:\WINDOWS\system32\unicows.dll
C:\WINDOWS\Downloaded Program Files\IPSUploader.ocx

O16 -: {DF6504AC-3EFE-4287-B259-FB299B069C95} - hxxps://img.web.de/v/fotoalbum/activex/upload_11110.cab
C:\WINDOWS\Downloaded Program Files\upload.inf
C:\WINDOWS\System32\msvcrt.dll
C:\WINDOWS\System32\mfc42.dll
C:\WINDOWS\System32\olepro32.dll
C:\WINDOWS\System32\msvcp60.dll
C:\WINDOWS\Downloaded Program Files\type.mgk
C:\WINDOWS\Downloaded Program Files\modules.mgk
C:\WINDOWS\Downloaded Program Files\magic.mgk
C:\WINDOWS\Downloaded Program Files\log.mgk
C:\WINDOWS\Downloaded Program Files\delegates.mgk
C:\WINDOWS\Downloaded Program Files\colors.mgk
C:\WINDOWS\Downloaded Program Files\IM_MOD_RL_png_.dll
C:\WINDOWS\Downloaded Program Files\IM_MOD_RL_wbmp_.dll
C:\WINDOWS\Downloaded Program Files\IM_MOD_RL_psd_.dll
C:\WINDOWS\Downloaded Program Files\IM_MOD_RL_pict_.dll
C:\WINDOWS\Downloaded Program Files\IM_MOD_RL_ttf_.dll
C:\WINDOWS\Downloaded Program Files\IM_MOD_RL_tiff_.dll
C:\WINDOWS\Downloaded Program Files\IM_MOD_RL_jpeg_.dll
C:\WINDOWS\Downloaded Program Files\IM_MOD_RL_jp2_.dll
C:\WINDOWS\Downloaded Program Files\IM_MOD_RL_gif_.dll
C:\WINDOWS\Downloaded Program Files\IM_MOD_RL_bmp_.dll
C:\WINDOWS\Downloaded Program Files\CORE_RL_zlib_.dll
C:\WINDOWS\Downloaded Program Files\CORE_RL_xlib_.dll
C:\WINDOWS\Downloaded Program Files\CORE_RL_ttf_.dll
C:\WINDOWS\Downloaded Program Files\CORE_RL_png_.dll
C:\WINDOWS\Downloaded Program Files\CORE_RL_tiff_.dll
C:\WINDOWS\Downloaded Program Files\CORE_RL_jpeg_.dll
C:\WINDOWS\Downloaded Program Files\CORE_RL_lcms_.dll
C:\WINDOWS\Downloaded Program Files\CORE_RL_bzlib_.dll
C:\WINDOWS\Downloaded Program Files\CORE_RL_Magick++_.dll
C:\WINDOWS\Downloaded Program Files\CORE_RL_magick_.dll
C:\WINDOWS\Downloaded Program Files\upload.ocx

O16 -: {ED5D2306-0FF4-11D2-B37C-0000C000D50D} - hxxp://www.3di.it/code/iw/iwfull.cab
C:\WINDOWS\Downloaded Program Files\IW.INF
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\Downloaded Program Files\pdftotext.txt
C:\WINDOWS\Downloaded Program Files\COPYING
C:\WINDOWS\Downloaded Program Files\README
C:\WINDOWS\Downloaded Program Files\pdf2text.exe
C:\WINDOWS\Downloaded Program Files\msconv.exe
C:\WINDOWS\Downloaded Program Files\iw.ocx


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-27 10:33:00
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

Prozess: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\wvUmjKaa.dll

Prozess: C:\WINDOWS\explorer.exe
-> C:\Programme\WS_FTP Pro\nsftpch.dll
.
------------------------ Weitere, laufende Prozesse ------------------------
.
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Sony\MD Simple Burner\NetMDSB.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-07-27 10:43:38 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2008-07-27 08:43:21
ComboFix2.txt 2008-02-10 11:01:31
ComboFix3.txt 2008-02-10 08:11:30
ComboFix4.txt 2008-01-27 11:39:25

Pre-Run: 9,577,988,096 Bytes frei
Post-Run: 9,503,010,816 Bytes frei

1378 --- E O F --- 2008-07-17 06:56:11

#4 Hallo boris77

0.
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit "Speichern unter" auf dem Desktop. Gebe bei Dateityp "Alle Dateien" an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "C:\WINDOWS\system32\temp" >>files.txt
notepad files.txt

--------------------------------------------------------------------

1.
Virustotal http://www.virustotal.com/flash/index_en.html

C:\WINDOWS\system32\NeroCheck.exe

Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> HIER KOMPLETT kopieren

----------------------------------------------------------------------

2.
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gib an "Alle Dateien" - Speichern

Zitat

KILLALL::

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B904910-78A4-489D-A825-5111B883A5B2}]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{9B904910-78A4-489D-A825-5111B883A5B2}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUmjKaa]

File::
C:\WINDOWS\system32\wvUmjKaa.dll
C:\WINDOWS\system32\dggkpsyu.ini

Man sollte jetzt auf dem Desktop diese Datei cfscript.txt finden.

cfscript.txt und mit der rechten Maustaste auf das Symbol von Combofix ziehen
Dann erscheint ein "öffnen mit" -bestätigen - und Combofix startet neu

«
poste das neue log von Combofix

««
dann scanne noch mal mit Malwarebytes, aber im abgesicherten Modus und lasse alles entfernen, was noch gefunden wird
__________
MfG Sabina

rund um die PC-Sicherheit

#5 Hier die einzelnen Reports & Logsfiles:




Datenträger in Laufwerk C: ist BOOT
Volumeseriennummer: 48AC-4ADA

Verzeichnis von C:\WINDOWS\system32\temp

2008-07-26 20:39 <DIR> .
2008-07-26 20:39 <DIR> ..
2008-07-26 20:39 61 aawfhriejlcmbvbhxjui.list
1 Datei(en) 61 Bytes
2 Verzeichnis(se), 9,642,467,328 Bytes frei
Datenträger in Laufwerk C: ist BOOT
Volumeseriennummer: 48AC-4ADA

Verzeichnis von C:\WINDOWS\system32\temp

2008-07-26 20:39 <DIR> .
2008-07-26 20:39 <DIR> ..
2008-07-26 20:39 61 aawfhriejlcmbvbhxjui.list
1 Datei(en) 61 Bytes
2 Verzeichnis(se), 9,642,102,784 Bytes frei










Datei NeroCheck.exe empfangen 2008.07.27 13:31:11 (CET)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt


Ergebnis: 0/35 (0%)
Laden der Serverinformationen...
Ihre Datei wartet momentan auf Position: 3.
Geschätzte Startzeit is zwischen 52 und 75 Sekunden.
Dieses Fenster bis zum Abschluss des Scans nicht schließen.
Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen.
Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut.
Ihre Datei wird momentan von VirusTotal überprüft,
Ergebnisse werden sofort nach der Generierung angezeigt.
Filter Drucken der Ergebnisse
Datei existiert nicht oder dessen Lebensdauer wurde überschritten
Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet.

SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist.
Email:


Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.7.26.0 2008.07.27 -
AntiVir 7.8.1.12 2008.07.26 -
Authentium 5.1.0.4 2008.07.27 -
Avast 4.8.1195.0 2008.07.26 -
AVG 8.0.0.130 2008.07.26 -
BitDefender 7.2 2008.07.27 -
CAT-QuickHeal 9.50 2008.07.25 -
ClamAV 0.93.1 2008.07.27 -
DrWeb 4.44.0.09170 2008.07.27 -
eSafe 7.0.17.0 2008.07.24 -
eTrust-Vet 31.6.5983 2008.07.26 -
Ewido 4.0 2008.07.27 -
F-Prot 4.4.4.56 2008.07.26 -
F-Secure 7.60.13501.0 2008.07.27 -
Fortinet 3.14.0.0 2008.07.26 -
GData 2.0.7306.1023 2008.07.27 -
Ikarus T3.1.1.34.0 2008.07.27 -
Kaspersky 7.0.0.125 2008.07.27 -
McAfee 5347 2008.07.25 -
Microsoft 1.3704 2008.07.27 -
NOD32v2 3301 2008.07.27 -
Norman 5.80.02 2008.07.25 -
Panda 9.0.0.4 2008.07.27 -
PCTools 4.4.2.0 2008.07.26 -
Prevx1 V2 2008.07.27 -
Rising 20.54.61.00 2008.07.27 -
Sophos 4.31.0 2008.07.27 -
Sunbelt 3.1.1536.1 2008.07.25 -
Symantec 10 2008.07.27 -
TheHacker 6.2.96.389 2008.07.25 -
TrendMicro 8.700.0.1004 2008.07.26 -
VBA32 3.12.8.1 2008.07.26 -
ViRobot 2008.7.26.1311 2008.07.26 -
VirusBuster 4.5.11.0 2008.07.26 -
Webwasher-Gateway 6.6.2 2008.07.27 -
weitere Informationen
File size: 155648 bytes
MD5...: 3e4c03cefad8de135263236b61a49c90
SHA1..: 02ff27df6bdaec02b455dc611ef2d090fb8271d4
SHA256: 243201b64f4b60d55cdb1a3bf4b9aa60bc22eb8aca88e95042ee48ac5df5f397
SHA512: efc87263536d74fcb3f2e083c3815f688bfa89a0dcac80cc1d817576570d378b
2c6be6be716e7693a5ea8c61eaa27616627bf4242580a218fcf474a5ff6231e7
PEiD..: Armadillo v1.71
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x404138
timedatestamp.....: 0x3b497e70 (Mon Jul 09 09:50:40 2001)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x18252 0x19000 6.50 cca7a34ce2f936b8aa89688e7b3b60c0
.rdata 0x1a000 0x51de 0x6000 4.14 6a8278884469a9fcc3601c666fc054ea
.data 0x20000 0x7b70 0x4000 2.27 d52a42e0e61eb136a27c50df01a62283
.rsrc 0x28000 0x1038 0x2000 1.99 1458e8ef0834532911bb7b345177d3c7

( 6 imports )
> KERNEL32.dll: GetFullPathNameW, RtlUnwind, GetStartupInfoA, TerminateProcess, HeapFree, HeapAlloc, GetTimeZoneInformation, RaiseException, HeapReAlloc, HeapSize, Sleep, UnhandledExceptionFilter, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, FlushFileBuffers, ExitProcess, SetHandleCount, GetCommandLineA, ReadFile, GetModuleHandleA, WritePrivateProfileStringW, HeapDestroy, HeapCreate, VirtualFree, LCMapStringA, LCMapStringW, VirtualAlloc, IsBadWritePtr, SetUnhandledExceptionFilter, GetCPInfo, IsBadReadPtr, IsBadCodePtr, GetACP, GetOEMCP, GetDriveTypeA, GetStringTypeA, GetStringTypeW, SetStdHandle, CompareStringA, CompareStringW, SetEnvironmentVariableA, lstrlenA, lstrlenW, InterlockedDecrement, InterlockedIncrement, FindNextFileW, lstrcpyW, FindFirstFileW, GetLastError, SetLastError, FindClose, GetCommandLineW, SetFilePointer, WriteFile, GetCurrentProcess, FreeLibrary, GetProcessVersion, LoadLibraryA, GetVersion, GlobalAddAtomW, GlobalFindAtomW, GetStdHandle, GetCurrentDirectoryW, GetProcAddress, ExpandEnvironmentStringsW, GetModuleHandleW, GetFileType, GetWindowsDirectoryW, GlobalFlags, lstrcmpiW, TlsGetValue, LocalReAlloc, TlsSetValue, GlobalReAlloc, GlobalHandle, GlobalUnlock, GlobalFree, TlsAlloc, LocalAlloc, CloseHandle, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, FileTimeToLocalFileTime, FileTimeToSystemTime, lstrcpynW, lstrcatW, SetErrorMode, GetModuleFileNameW, GlobalLock, lstrcmpW, GlobalAlloc, GlobalDeleteAtom, GetCurrentThread, GetCurrentThreadId, LocalFree, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentVariableA, GetVersionExA, GetEnvironmentStrings, GetEnvironmentStringsW, GetVersionExW, InterlockedExchange
> USER32.dll: GetCapture, GetTopWindow, WinHelpW, CopyRect, GetClientRect, AdjustWindowRectEx, SetFocus, GetSysColor, MapWindowPoints, LoadIconW, ShowWindow, LoadCursorW, GetSysColorBrush, DestroyMenu, GetMenuItemID, GetDlgItem, DefWindowProcW, DestroyWindow, CreateWindowExW, SetPropW, GetPropW, CallWindowProcW, RegisterClassW, GetClassInfoW, GetMessagePos, GetForegroundWindow, SetForegroundWindow, SetWindowLongW, GetSubMenu, RegisterWindowMessageW, SystemParametersInfoW, IsIconic, GetWindowPlacement, GetSystemMetrics, GrayStringW, DrawTextW, TabbedTextOutW, ReleaseDC, GetDC, GetMenuItemCount, UnhookWindowsHookEx, GetWindowTextW, SetWindowTextW, ClientToScreen, GetWindow, GetDlgCtrlID, GetWindowRect, PtInRect, GetClassNameW, LoadBitmapW, GetMenuState, CheckMenuItem, EnableMenuItem, GetFocus, GetNextDlgTabItem, SetCursor, GetMessageW, TranslateMessage, DispatchMessageW, GetActiveWindow, GetKeyState, CallNextHookEx, ValidateRect, IsWindowVisible, PeekMessageW, GetCursorPos, SetWindowsHookExW, GetMenu, wsprintfW, LoadStringW, RemovePropW, GetMessageTime, SetWindowPos, GetParent, GetLastActivePopup, IsWindowEnabled, GetWindowLongW, SendMessageW, MessageBoxW, EnableWindow, PostMessageW, PostQuitMessage, SetMenuItemBitmaps, ModifyMenuW, GetMenuCheckMarkDimensions
> GDI32.dll: DeleteObject, SaveDC, RestoreDC, SelectObject, GetStockObject, SetBkColor, SetTextColor, SetMapMode, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, GetClipBox, GetDeviceCaps, RectVisible, TextOutW, PtVisible, Escape, ExtTextOutW, GetObjectW, DeleteDC, CreateBitmap
> WINSPOOL.DRV: OpenPrinterW, DocumentPropertiesW, ClosePrinter
> ADVAPI32.dll: RegOpenKeyExW, RegSetValueExW, RegCloseKey, RegQueryValueExW, RegisterEventSourceW, DeregisterEventSource, ReportEventW, RegCreateKeyExW
> COMCTL32.dll: -

( 0 exports )






ComboFix 08-07-26.1 - Boris 2008-07-27 13:38:21.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.258 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Boris\Desktop\Sicherheits Tools\ComboFix.exe
Command switches used :: C:\Dokumente und Einstellungen\Boris\Desktop\cfscript.txt
* Neuer Wiederherstellungspunkt wurde erstellt

[color=red]Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !![/color]

FILE ::
C:\WINDOWS\system32\dggkpsyu.ini
C:\WINDOWS\system32\wvUmjKaa.dll
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\dggkpsyu.ini
C:\WINDOWS\system32\eMWHRBeg.ini
C:\WINDOWS\system32\eMWHRBeg.ini2
C:\WINDOWS\system32\geBRHWMe.dll
C:\WINDOWS\system32\pwovkxwj.dll
C:\WINDOWS\system32\qoueuuxq.dll
C:\WINDOWS\system32\tbeedxsy.dll
C:\WINDOWS\system32\wvUmjKaa.dll
C:\WINDOWS\system32\ysxdeebt.ini

.
((((((((((((((((((((((( Dateien erstellt von 2008-06-27 bis 2008-07-27 ))))))))))))))))))))))))))))))
.

2008-07-27 12:36 . 2008-07-27 13:21 111,596 --a------ C:\WINDOWS\BM4b9f79e9.xml
2008-07-26 22:46 . 2008-07-26 22:46 <DIR> d-------- C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\Malwarebytes
2008-07-26 22:45 . 2008-07-26 22:45 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-07-26 22:45 . 2008-07-26 22:45 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-07-26 22:45 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-26 22:45 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-26 21:00 . 2008-07-26 21:00 <DIR> d-------- C:\!Submit
2008-07-26 20:39 . 2008-07-26 20:39 <DIR> d-------- C:\WINDOWS\system32\temp
2008-07-26 19:21 . 2008-07-26 19:21 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\AdobeUM
2008-07-23 14:50 . 2008-07-23 14:50 <DIR> d-------- C:\Programme\Gemeinsame Dateien\LightScribe
2008-07-23 14:48 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-07-23 14:48 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-07-23 14:48 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-07-23 14:48 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-07-23 14:48 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-07-23 14:48 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-07-23 14:47 . 2008-07-23 14:48 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Ahead
2008-07-23 14:47 . 2008-07-23 14:48 <DIR> d-------- C:\Programme\Ahead

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 11:45 --------- d-----w C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\Skype
2008-07-27 06:21 --------- d-----w C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\skypePM
2008-07-27 00:07 --------- d-----w C:\Programme\IrfanView
2008-07-26 17:18 --------- d-----w C:\Programme\TuneUp Utilities 2004
2008-07-26 17:09 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
2008-07-26 17:08 --------- d-----w C:\Programme\Lavasoft
2008-07-26 17:07 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-07-23 13:32 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-07-23 13:31 --------- d-----w C:\Programme\ElsterFormular2005
2008-07-23 13:30 --------- d-----w C:\Programme\Spiele
2008-07-23 13:06 --------- d-----w C:\Programme\Winamp
2008-07-23 13:04 --------- d-----w C:\Programme\ANNO1602
2008-07-23 12:59 --------- d-----w C:\Programme\ShiftN
2008-07-21 17:51 --------- d-----w C:\Programme\Java
2008-07-17 06:51 --------- d-----w C:\Programme\Burn4Free Toolbar
2008-07-02 08:45 --------- d-----w C:\Programme\Gemeinsame Dateien\Adobe
2008-06-22 12:57 --------- d-----w C:\Programme\DivX
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-18 14:24 --------- d-----w C:\Programme\Burn4Free
2008-06-18 14:22 232,075 ----a-w C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_8421.exe
2008-06-14 17:57 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 12:36 --------- d-----w C:\Programme\TVAnts
2008-06-11 13:30 --------- d-----w C:\Programme\WS_FTP Pro
2008-06-11 11:46 47,360 ----a-w C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\pcouffin.sys
2008-06-11 11:46 --------- d-----w C:\Programme\vso
2008-06-11 11:46 --------- d-----w C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\Vso
2008-06-08 07:02 --------- d-----w C:\Programme\iTunes
2008-06-01 23:14 --------- d-----w C:\Programme\Gemeinsame Dateien\Java
2007-05-09 17:02 87,608 ----a-w C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\ezpinst.exe
2004-03-15 10:11 868 ---ha-w C:\Programme\hpothb07.dat
2004-03-15 10:11 169 ---ha-w C:\Dokumente und Einstellungen\All Users\hpothb07.dat
2004-03-15 10:11 161 ---ha-w C:\Dokumente und Einstellungen\Boris\hpothb07.dat
2004-03-15 10:11 1,507 ---ha-w C:\Programme\hpothb07.tif
2003-12-13 22:15 168 ----a-w C:\Programme\_DEISREG.ISR
2003-12-13 22:15 1,862 ----a-w C:\Programme\DeIsL1.isu
1999-12-02 12:54 91,648 ------w C:\Programme\xcacls.exe
1998-04-20 19:14 1,182,208 ----a-w C:\Programme\Digibib.exe
1998-04-19 21:59 48,655 ----a-w C:\Programme\babylon.ini
1997-04-23 02:16 40,960 ----a-w C:\Programme\_ISREG32.DLL
2004-05-22 19:39 157 --sha-w C:\WINDOWS\it.bat
2007-04-02 21:57 10,022 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 61,440 2003-02-11 11:02:48 C:\hp\KBD\bak\KBD.EXE

----a-w 245,248 2003-09-09 10:28:13 C:\Programme\0900 Alarm\bak\0900Alarm.exe

----a-r 313,472 2006-03-30 14:45:08 C:\Programme\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe

----a-w 88,064 2005-04-15 08:26:42 C:\Programme\Agnitum\Outpost Firewall 1.0\bak\outpost.exe

----a-w 249,896 2007-10-11 21:48:36 C:\Programme\AntiVir PersonalEdition Classic\bak\avgnt.exe
----a-w 266,497 2008-07-26 17:16:06 C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe

----a-w 598,528 2002-08-02 16:02:14 C:\Programme\Ashampoo\Ashampoo UnInstaller 2002-2003\bak\UIWatcher.exe

----a-w 310,272 2005-05-27 09:24:52 C:\Programme\FreePDF_XP\bak\fpassist.exe

----a-w 180,269 2005-11-18 22:08:02 C:\Programme\Gemeinsame Dateien\Real\Update_OB\bak\realsched.exe

----a-w 155,648 2003-02-12 23:01:00 C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\bak\sgtray.exe

----a-w 278,528 2006-02-23 13:45:20 C:\Programme\iTunes\bak\iTunesHelper.exe

----a-w 477,696 2004-09-23 12:19:52 C:\Programme\MSI\Live Update 3\bak\LMonitor.exe

----a-w 155,648 2006-05-09 07:08:48 C:\Programme\QuickTime\bak\qttask.exe

----a-w 590,336 2002-11-14 15:23:10 C:\Programme\SICHERHEIT\Trojancheck 6\bak\tcguard.exe

----a-w 81,920 2005-01-24 18:58:02 C:\Programme\Sony\SonicStage\bak\SsAAD.exe

----a-w 35,328 2007-05-14 22:22:22 C:\Programme\Winamp\bak\winampa.exe
----a-w 37,376 2008-01-15 22:54:54 C:\Programme\Winamp\winampa.exe

----a-w 116,736 2004-12-03 13:20:30 C:\WINDOWS\Plaxo\2.1.0.80\bak\InstallStub.exe

----a-w 15,360 2004-08-04 07:57:48 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 07:57:48 C:\WINDOWS\system32\ctfmon.exe

.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:57 15360]
"Skype"="C:\Programme\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]
"0900 Alarm"="C:\Programme\0900 Alarm\bak\0900Alarm.exe" [2003-09-09 12:28 245248]
"UIWatcher"="C:\Programme\Ashampoo\Ashampoo UnInstaller 2002-2003\UIWatcher.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-28 15:19 4841472]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-26 19:16 266497]
"!AVG Anti-Spyware"="C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"WinampAgent"="C:\Programme\Winamp\winampa.exe" [2008-01-16 00:54 37376]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"BM4b9f79e9"="C:\WINDOWS\system32\pwovkxwj.dll" [N/A]
"48ac4a75"="C:\WINDOWS\system32\tbeedxsy.dll" [N/A]
"nwiz"="nwiz.exe" [2003-07-28 15:19 323584 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2003-01-20 11:48 47104 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:57 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 11 (0xb)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programme\\WS_FTP Pro\\wsftppro.exe"=
"C:\\Programme\\iTunes\\iTunes.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=

R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2000-01-08 10:22]
R1 ewido security suite driver;ewido security suite driver;C:\Programme\ewido\security suite\guard.sys [2004-11-22 16:15]
R1 VFILT;Outpost Firewall Kernel Driver;C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\2000\FILTNT.SYS [2005-04-15 10:26]
S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\ADBLOCK.DLL [2005-04-15 10:26]
S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\CONTENT.DLL [2005-04-15 10:26]
S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\DNSCACHE.DLL [2005-04-15 10:26]
S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\FTPFILT.DLL [2005-04-15 10:26]
S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\HTMLFILT.DLL [2005-04-15 10:26]
S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\HTTPFILT.DLL [2005-04-15 10:26]
S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\IMAPFILT.DLL [2005-04-15 10:26]
S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\MAILFILT.DLL [2005-04-15 10:26]
S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\NNTPFILT.DLL [2005-04-15 10:26]
S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\POP3FILT.DLL [2005-04-15 10:26]
S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\PROTECT.DLL [2005-04-15 10:26]
.
Inhalt des "geplante Tasks" Ordners
2008-06-27 C:\WINDOWS\Tasks\1-Klick-Wartung.job - s !7C:\Programme\TuneUp Utilities 2006\SystemOptimizer.exe/schedulestartBoris3Startet die 1-Klick-Wartung zu festgelegten Zeiten0 []
2004-06-24 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1071339507.job - s !>C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I "#Hewlett-Packard#hp psc 2100 series#1071339507"Boris []
2004-06-05 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1077732969.job - s !>C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I "#Hewlett-Packard#hp psc 2100 series#1077732969"Boris []
2008-07-26 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1088034557.job - s !1>C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I "#Hewlett-Packard#hp psc 2100 series#1088034557"Boris01 []
2008-07-27 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Programme\Symantec\LiveUpdate\NDETECT.EXE [2005-01-27 15:39]
.
- - - - Entfernte verwaiste Registrierungseintr„ge - - - -

BHO-{480a4c2b-7f1c-4637-94ba-33317061e0d2} - C:\WINDOWS\system32\xtujac.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-27 13:45:00
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
------------------------ Weitere, laufende Prozesse ------------------------
.
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-07-27 13:54:27 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2008-07-27 11:54:22
ComboFix2.txt 2008-07-27 08:43:40
ComboFix3.txt 2008-02-10 11:01:31
ComboFix4.txt 2008-02-10 08:11:30
ComboFix5.txt 2008-07-27 11:36:24

Pre-Run: 9,601,482,752 Bytes frei
Post-Run: 9,590,312,960 Bytes frei

205 --- E O F --- 2008-07-17 06:56:11





Malwarebytes' Anti-Malware 1.23
Datenbank Version: 985
Windows 5.1.2600 Service Pack 2

07:35:06 2008-07-29
mbam-log-7-29-2008 (07-35-01).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|)
Durchsuchte Objekte: 250462
Laufzeit: 5 hour(s), 49 minute(s), 38 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\QooBox\Quarantine\C\WINDOWS\system32\ssqRJyWQ.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\wvUmjKaa.dll.vir (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP831\A0197259.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP833\A0197358.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM4b9f79e9.xml (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM4b9f79e9.txt (Trojan.Vundo) -> No action taken.

#6 Scanne nochmal mit MBAM (erst Updaten)und entferne was gefunden wird
Wenn am Ende infizierungen gefunden werden,anhaacken und entfernen lassen

Starte Malwarebytes’Anti-Malware,wähle Reiter " Weitere Programme "
Klicke "Programm ausführen " unter FileASSASSIN
Suche C:\!Submit und klicke OK
Jetzt wird C:\!Submit entgültig entfernt
__________
MfG Argus

#7 OK... alles gemacht wie oben beschrieben... auch den Ordner "!Submit" gelöscht...

Malwarebytes' Anti-Malware 1.23
Datenbank Version: 1007
Windows 5.1.2600 Service Pack 2

07:11:49 2008-07-30
mbam-log-7-30-2008 (07-11-49).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|)
Durchsuchte Objekte: 251210
Laufzeit: 5 hour(s), 51 minute(s), 13 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 8

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\QooBox\Quarantine\C\WINDOWS\system32\geBRHWMe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\kofhmsco.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\pwovkxwj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\tbeedxsy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP831\A0197257.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP833\A0197359.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP833\A0197360.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP833\A0197362.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

#8 CombiFix entfernen
Start > Ausführen>Kopiere rein ComboFix /U OK

Malwarebytes Anti-Malware darfst du behalten
__________
MfG Argus

#9 Can some one help me get rid of this thing...... Its driving me crazy and I dont know much.......cvaldez86@yahoo.com

Logfile of HijackThis v1.99.1
Scan saved at 12:35:51 PM, on 8/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ActivIdentity\ActivClient\acachsrv.exe
C:\Program Files\ActivIdentity\ActivClient\acautoup.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Bluetooth\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\sokscmnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SCARDS32.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
C:\WINDOWS\vsnpmi03.exe
C:\Program Files\iRiver\HSeries\iHPDetect.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\sokscmpn.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\Bluetooth\Bluetooth Software\BTTray.exe
C:\Program Files\Analog Devices\Teledat 300 USB Driver\DSLMON.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPC32.EXE
H:\My Documents\{Apps} IP Hider (Hide your IP address).exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
H:\My Downloads\HijackThis Analyzer\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing)
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
O4 - HKLM\..\Run: [SNPMI03] C:\WINDOWS\vsnpmi03.exe
O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\HSeries\iHPDetect.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\system32\LVCOMS.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WFIPS] C:\Documents and Settings\Chris\My Documents\My Downloads\{Apps} IP Hider (Hide your IP address).exe -autoboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.5\masqform.exe -RunOnce
O4 - HKLM\..\Run: [CHIPDRIVEPinManager] C:\WINDOWS\system32\sokscmpn.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\WebCam Control\CAMTRAY.EXE
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [AprvRemoveLegacyExcelKeys] "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn
O4 - HKLM\..\Run: [AprvRemoveLegacyWordKeys] "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [260b05f8] rundll32.exe "C:\WINDOWS\system32\jbeeqbeh.dll",b
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Analog Devices\Teledat 300 USB Driver\DSLMON.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?ba81a6be150f4be8af9d3ea74587cac1
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?ba81a6be150f4be8af9d3ea74587cac1
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128833761939
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147862090687
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/eng/poker_2_0_0_39.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/html - (no CLSID) - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ActivClient Authentication Service (acachsrv) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\acachsrv.exe
O23 - Service: ActivClient Auto-Update Service (acautoup) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\acautoup.exe
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Bluetooth\Bluetooth Software\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: CHIPDRIVE Smartcard Office Kernel (SCM_Smart_Card_Office_Kernel) - SCM Microsystems - C:\WINDOWS\system32\sokscmnt.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: CHIPDRIVE SCARD Service (TWKSCARDSRV) - SCM Microsystems - C:\WINDOWS\SCARDS32.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#10 Hi Slomo86

«
wende cleaner an + lösche die temp-Dateien
http://www.ccleaner.de/?protecus.de

«
mit dem HijackThis löschen ("fixen")
Klicke: "Do a system scan only"
Setze ein Häckchen in das Kästchen vor den genannten Eintrag
und wähle fix checked. + starte den Rechner neu.

Zitat

R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)

O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)

O4 - HKLM\..\Run: [WFIPS] C:\Documents and Settings\Chris\My Documents\My Downloads\{Apps} IP Hider (Hide your IP address).exe -autoboot

O4 - HKLM\..\Run: [260b05f8] rundll32.exe "C:\WINDOWS\system32\jbeeqbeh.dll",b

scannen + poste den report
http://virus-protect.org/artikel/tools/malwarebytes.html

«
wende combofix an , warnmeldung wegklicken + poste hier den report
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit