Home » Viren, Trojaner & Malware Forum » Backdoor und Hack Verdacht » Themenansicht

Backdoor und Hack Verdacht
#0
31.03.2009, 15:11
allesroger
Member

Beiträge: 19
#1 Bitte um Hilfe. Kann mich zwar ins Netz einwählen.Jedoch wird keine Seite aufgebaut. Zudem ist Avira Antivir deaktiviert unbd läßt sich nicht aktivieren.

Hier die Logs :

Dr.Web
A0078787.dll C:\System Volume Information\_restore{DE1DDD68-E2C6-4515-85F7-5B11D447570E}\RP126 Adware.Msearch
A0079656.dll C:\System Volume Information\_restore{DE1DDD68-E2C6-4515-85F7-5B11D447570E}\RP128 Adware.Msearch
A0080135.dll C:\System Volume Information\_restore{DE1DDD68-E2C6-4515-85F7-5B11D447570E}\RP129 Adware.Msearch
A0080633.dll C:\System Volume Information\_restore{DE1DDD68-E2C6-4515-85F7-5B11D447570E}\RP130 Adware.Msearch
A0090920.bat C:\System Volume Information\_restore{DE1DDD68-E2C6-4515-85F7-5B11D447570E}\RP153 Wahrscheinlich BATCH.Virus Nicht desinfizierbar.Gelöscht.
servpw.exe J:\Programme\ophcrack\pwdump Trojan.Fakealert.3417 Gelöscht.
ophcrack-win32-installer-3.1.0.exe\data014 J:\Setups\ophcrack-win32-installer-3.1.0.exe Trojan.Fakealert.3417
ophcrack-win32-installer-3.1.0.exe J:\Setups Archiv enthält infizierte Objekte Verschoben.
Pronde Printing System 1.0.0.3.exe/Pronde.msi/stream000\PO1_D2DFCB2BB15F4E9CA258634504935498_1ECF00EC0760447BA7A131A75390060C J:\Setups\Pronde Printing System 1.0.0.3.exe/Pronde.msi/stream000 Wahrscheinlich BACKDOOR.Trojan
stream000 J:\Setups Archiv enthält infizierte Objekte
Pronde.msi J:\Setups Archiv enthält infizierte Objekte
Pronde Printing System 1.0.0.3.exe J:\Setups Archiv enthält infizierte Objekte Verschoben.
RockXP4.exe\pwdump2\pwdump2.exe J:\Setups\RockXP4.exe Tool.Pwdump
RockXP4.exe\pwdump2\samdump.dll J:\Setups\RockXP4.exe Tool.Pwdump
RockXP4.exe J:\Setups Archiv enthält infizierte Objekte Verschoben.
setup.exe\data002 J:\Setups\cracks\setup.exe Wahrscheinlich BACKDOOR.Trojan
setup.exe J:\Setups\cracks Archiv enthält infizierte Objekte Verschoben.
A0091010.exe J:\System Volume Information\_restore{DE1DDD68-E2C6-4515-85F7-5B11D447570E}\RP153 Trojan.Fakealert.3417 Gelöscht.
A0091011.exe\data014 J:\System Volume Information\_restore{DE1DDD68-E2C6-4515-85F7-5B11D447570E}\RP153\A0091011.exe Trojan.Fakealert.3417
A0091011.exe J:\System Volume Information\_restore{DE1DDD68-E2C6-4515-85F7-5B11D447570E}\RP153 Archiv enthält infizierte Objekte Verschoben.
A0091012.exe/Pronde.msi/stream000\PO1_D2DFCB2BB15F4E9CA258634504935498_1ECF00EC0760447BA7A131A75390060C J:\System Volume Information\_restore{DE1DDD68-E2C6-4515-85F7-5B11D447570E}\RP153\A0091012.exe/Pronde.msi/stream000 Wahrscheinlich BACKDOOR.Trojan
stream000 J:\System Volume Information\_restore{DE1DDD68-E2C6-4515-85F7-5B11D447570E}\RP153 Archiv enthält infizierte Objekte
Pronde.msi J:\System Volume Information\_restore{DE1DDD68-E2C6-4515-85F7-5B11D447570E}\RP153 Archiv enthält infizierte Objekte
A0091012.exe J:\System Volume Information\_restore{DE1DDD68-E2C6-4515-85F7-5B11D447570E}\RP153 Archiv enthält infizierte Objekte Verschoben.
A0091013.exe\pwdump2\pwdump2.exe J:\System Volume Information\_restore{DE1DDD68-E2C6-4515-85F7-5B11D447570E}\RP153\A0091013.exe Tool.Pwdump
A0091013.exe\pwdump2\samdump.dll J:\System Volume Information\_restore{DE1DDD68-E2C6-4515-85F7-5B11D447570E}\RP153\A0091013.exe Tool.Pwdump
A0091013.exe J:\System Volume Information\_restore{DE1DDD68-E2C6-4515-85F7-5B11D447570E}\RP153 Archiv enthält infizierte Objekte Verschoben.
A0091014.exe\data002 J:\System Volume Information\_restore{DE1DDD68-E2C6-4515-85F7-5B11D447570E}\RP153\A0091014.exe Wahrscheinlich BACKDOOR.Trojan
A0091014.exe J:\System Volume Information\_restore{DE1DDD68-E2C6-4515-85F7-5B11D447570E}\RP153 Archiv enthält infizierte Objekte Verschoben.

Combifix
ComboFix 09-03-29.04 - Graf 2009-03-30 21:15:21.3 - NTFSx86
ausgeführt von:: G:\ComboFix.exe
.

((((((((((((((((((((((( Dateien erstellt von 2009-02-28 bis 2009-03-30 ))))))))))))))))))))))))))))))
.

2009-03-30 19:03 . 2009-03-30 19:03 <DIR> d-------- c:\dokumente und einstellungen\Graf\Anwendungsdaten\SAD
2009-03-30 18:56 . 2009-03-30 19:03 <DIR> d-------- c:\programme\Poladroid
2009-03-22 14:43 . 2009-03-22 14:43 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\ElsterFormular
2009-03-22 14:30 . 2009-03-22 14:30 <DIR> d-------- c:\dokumente und einstellungen\Graf\ElsterFormular
2009-03-18 20:03 . 2009-03-19 20:58 <DIR> d-------- c:\dokumente und einstellungen\Graf\Anwendungsdaten\Vso
2009-03-03 17:24 . 2009-03-03 17:24 <DIR> d-------- C:\Banking
2009-02-17 21:17 . 2009-02-17 21:17 <DIR> d-------- c:\programme\QuickTime
2009-02-13 15:21 . 2009-02-13 15:21 <DIR> d-------- c:\dokumente und einstellungen\Graf\Anwendungsdaten\Media Player Classic
2009-02-11 16:53 . 2009-03-30 21:13 <DIR> d-------- c:\windows\system32\NtmsData
2009-02-11 16:45 . 2009-02-11 16:45 <DIR> d-------- c:\windows\system32\de-de
2009-02-11 15:23 . 2009-02-11 15:23 <DIR> d--h----- c:\windows\$hf_mig$
2009-02-11 14:53 . 2009-02-11 14:53 <DIR> d-------- c:\programme\IEPro
2009-02-11 14:53 . 2009-02-11 14:55 <DIR> d-------- c:\dokumente und einstellungen\Graf\Anwendungsdaten\IEPro
2009-02-06 21:12 . 2009-02-06 21:13 <DIR> d-------- c:\dokumente und einstellungen\Graf\Anwendungsdaten\AdobeUM
2009-02-02 20:59 . 2009-03-24 13:44 <DIR> d-------- c:\dokumente und einstellungen\Graf\Anwendungsdaten\Pic2Pic
2009-02-02 19:34 . 2009-02-02 19:34 159,220 --a------ c:\windows\Pic2Pic Uninstaller.exe

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 18:33 --------- d-----w c:\windows\system32\config\systemprofile\Anwendungsdaten\SmartSurfer
2009-03-30 18:33 --------- d-----w c:\dokumente und einstellungen\Graf\Anwendungsdaten\SmartSurfer
2009-03-30 09:51 --------- d-----w c:\dokumente und einstellungen\Graf\Anwendungsdaten\FileZilla
2009-03-29 12:01 --------- d-----w c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\SmartSurfer
2009-03-25 18:03 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\PhotoStitch
2009-03-07 16:32 --------- d-----w c:\dokumente und einstellungen\Graf\Anwendungsdaten\GMX
2009-03-07 16:32 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\GMX
2009-02-12 13:16 --------- d---a-w c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2009-02-06 19:11 --------- d-----w c:\programme\Gemeinsame Dateien\Adobe
2009-01-30 17:50 --------- d-----w c:\programme\BangolfArena
2009-01-29 18:31 --------- d-----w c:\programme\Gemeinsame Dateien\SWF Studio
2008-12-22 11:52 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-12-22 11:52 348,160 ----a-w c:\windows\system32\msvcr71.dll
.

------- Sigcheck -------

2002-08-29 02:58 332928 244a2f9816bc9b593957281ef577d976 c:\windows\$NtServicePackUninstall$\tcpip.sys
2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\ServicePackFiles\i386\tcpip.sys
2004-08-04 00:14 359040 6a603809f598332dbedd535bdbce313e c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2008-12-08_15.48.42,60 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-03 11:44:23 68,608 ----a-w c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-01-03 11:44:31 72,192 ----a-w c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-01-03 11:44:32 4,308,992 ----a-w c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-01-03 11:44:33 482,304 ----a-w c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-01-03 11:44:29 2,878,976 ----a-w c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-01-03 11:44:19 258,048 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-01-03 11:44:19 114,176 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-01-03 11:44:37 260,096 ----a-w c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-01-03 11:44:25 5,025,792 ----a-w c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-01-03 11:44:22 10,752 ----a-w c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-01-03 11:49:47 315,392 ----a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt.resources\2.0.0.0_de_b03f5f7f11d50a3a\aspnetmmcext.resources.dll
+ 2009-01-03 11:44:19 503,808 ----a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-01-03 11:44:20 13,312 ----a-w c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-01-03 11:44:30 8,192 ----a-w c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-01-03 11:44:31 36,864 ----a-w c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-01-03 11:44:31 5,632 ----a-w c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-01-03 11:49:54 53,248 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\2.0.0.0_de_b03f5f7f11d50a3a\Microsoft.Build.Engine.resources.dll
+ 2009-01-03 11:44:21 413,696 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-01-03 11:44:21 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-01-03 11:49:54 139,264 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources\2.0.0.0_de_b03f5f7f11d50a3a\Microsoft.Build.Tasks.resources.dll
+ 2009-01-03 11:44:21 647,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-01-03 11:49:54 10,240 ----a-w c:\windows\assembly\GAC_MSIL\microsoft.build.utilities.resources\2.0.0.0_de_b03f5f7f11d50a3a\Microsoft.Build.Utilities.Resources.dll
+ 2009-01-03 11:44:22 73,728 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-01-03 11:49:48 45,056 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Jscript.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.JScript.Resources.dll
+ 2009-01-03 11:44:20 745,472 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-01-03 11:49:59 9,216 ----a-w c:\windows\assembly\GAC_MSIL\MICROSOFT.VISUALBASIC.COMPATIBILITY.DATA.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.resources.dll
+ 2009-01-03 11:44:39 110,592 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-01-03 11:49:59 9,728 ----a-w c:\windows\assembly\GAC_MSIL\MICROSOFT.VISUALBASIC.COMPATIBILITY.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.resources.dll
+ 2009-01-03 11:44:39 372,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-01-03 11:49:59 61,440 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
+ 2009-01-03 11:44:17 28,672 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-01-03 11:44:38 667,648 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-01-03 11:44:40 5,632 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-01-03 11:44:18 12,800 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-01-03 11:44:18 32,768 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-01-03 11:44:18 7,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-01-03 11:49:55 311,296 ----a-w c:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
+ 2009-01-03 11:49:58 10,752 ----a-w c:\windows\assembly\GAC_MSIL\sysglobl.resources\2.0.0.0_de_b03f5f7f11d50a3a\sysglobl.resources.dll
+ 2009-01-03 11:44:35 110,592 ----a-w c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-01-03 11:49:55 28,672 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Configuration.Install.Resources.dll
+ 2009-01-03 11:44:23 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-01-03 11:49:58 49,152 ----a-w c:\windows\assembly\GAC_MSIL\SYSTEM.CONFIGURATION.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Configuration.resources.dll
+ 2009-01-03 11:44:35 389,120 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-01-03 11:49:56 110,592 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.OracleClient.resources\2.0.0.0_de_b77a5c561934e089\System.Data.OracleClient.resources.dll
+ 2009-01-03 11:49:52 335,872 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_de_b77a5c561934e089\System.Data.Resources.dll
+ 2009-01-03 11:49:56 36,864 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml.resources\2.0.0.0_de_b77a5c561934e089\system.data.sqlxml.resources.dll
+ 2009-01-03 11:44:33 716,800 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-01-03 11:49:48 385,024 ----a-w c:\windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll
+ 2009-01-03 11:44:19 884,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-01-03 11:49:52 544,768 ----a-w c:\windows\assembly\GAC_MSIL\System.Design.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Design.Resources.dll
+ 2009-01-03 11:44:29 5,050,368 ----a-w c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-01-03 11:49:49 28,672 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.DirectoryServices.Protocols.resources.dll
+ 2009-01-03 11:44:24 188,416 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-01-03 11:49:49 40,960 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.DirectoryServices.Resources.dll
+ 2009-01-03 11:44:23 397,312 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-01-03 11:49:56 6,144 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Drawing.Design.Resources.dll
+ 2009-01-03 11:44:24 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-01-03 11:49:53 24,576 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Drawing.Resources.dll
+ 2009-01-03 11:44:36 700,416 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-01-03 11:49:48 32,768 ----a-w c:\windows\assembly\GAC_MSIL\System.EnterpriseServices.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.EnterpriseServices.Resources.dll
+ 2009-01-03 11:49:56 13,824 ----a-w c:\windows\assembly\GAC_MSIL\system.management.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Management.Resources.dll
+ 2009-01-03 11:44:34 368,640 ----a-w c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-01-03 11:49:53 61,440 ----a-w c:\windows\assembly\GAC_MSIL\System.Messaging.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Messaging.Resources.dll
+ 2009-01-03 11:44:37 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-01-03 11:49:53 208,896 ----a-w c:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\system.resources.dll
+ 2009-01-03 11:49:57 32,768 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.Resources.dll
+ 2009-01-03 11:44:34 299,008 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-01-03 11:49:57 11,776 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.Resources.dll
+ 2009-01-03 11:44:35 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-01-03 11:49:49 28,672 ----a-w c:\windows\assembly\GAC_MSIL\System.Security.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Security.Resources.dll
+ 2009-01-03 11:44:22 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-01-03 11:49:50 40,960 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.Resources.dll
+ 2009-01-03 11:44:25 114,688 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-01-03 11:49:57 28,672 ----a-w c:\windows\assembly\GAC_MSIL\System.Transactions.resources\2.0.0.0_de_b77a5c561934e089\System.Transactions.resources.dll
+ 2009-01-03 11:49:58 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Web.Mobile.resources.dll
+ 2009-01-03 11:44:38 835,584 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-01-03 11:44:26 86,016 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-01-03 11:49:50 614,400 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Web.Resources.dll
+ 2009-01-03 11:49:51 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Services.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Web.Services.Resources.dll
+ 2009-01-03 11:44:26 823,296 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-01-03 11:49:51 430,080 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.Resources.dll
+ 2009-01-03 11:44:27 5,316,608 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-01-03 11:49:51 163,840 ----a-w c:\windows\assembly\GAC_MSIL\System.XML.resources\2.0.0.0_de_b77a5c561934e089\System.xml.Resources.dll
+ 2009-01-03 11:44:28 2,035,712 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-01-03 11:44:36 3,018,752 ----a-w c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-01-03 12:17:55 26,624 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bfb2da9bdbd48f4d941d9f6a2a8d6bee\Accessibility.ni.dll
+ 2009-01-03 12:17:57 860,160 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\64912fe7295de743aeba40abffebf89c\AspNetMMCExt.ni.dll
+ 2009-01-03 12:17:58 237,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\ca75ffa387ed5f4d90eac3b444d99a72\CustomMarshalers.ni.dll
+ 2009-01-03 12:17:57 15,360 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\d1fc751defcb2347b7b5d20a5e948963\dfsvc.ni.exe
+ 2009-01-03 12:18:01 880,640 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\7362e498614fef45927956a4c00a9ac5\Microsoft.Build.Engine.ni.dll
+ 2009-01-03 12:18:02 81,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\99608426ead7e7449cb83088b5873c98\Microsoft.Build.Framework.ni.dll
+ 2009-01-03 12:18:08 1,691,648 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\ac5293b7e624e34d96c12d3b605ddde5\Microsoft.Build.Tasks.ni.dll
+ 2009-01-03 12:18:09 163,840 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\49888239d20c224aa9958fdf68362ed5\Microsoft.Build.Utilities.ni.dll
+ 2009-01-03 12:18:15 1,724,416 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\772b6e596b78ad489b4858f19eff81ca\Microsoft.VisualBasic.ni.dll
+ 2009-01-03 11:45:33 11,415,552 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\dad34db2d702e347ab01df0a0360dd36\mscorlib.ni.dll
+ 2009-01-03 12:18:18 962,560 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96090104b54deb49b9225ef248d1d94a\System.Configuration.ni.dll
+ 2009-01-03 11:47:33 6,688,768 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\18092d9624b2174fa938f3c1bfea83a4\System.Data.ni.dll
+ 2009-01-03 12:18:22 1,712,128 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\6631e893d7246549960802fa4e0b67c0\System.Deployment.ni.dll
+ 2009-01-03 11:48:06 10,723,328 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\932d8cd39849cc4a912d2252169081a9\System.Design.ni.dll
+ 2009-01-03 12:18:30 512,000 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\244c774da378614699211f770b9d655d\System.DirectoryServices.Protocols.ni.dll
+ 2009-01-03 12:18:27 1,220,608 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\5c8a6a5b0336f744af5fab8d24251afb\System.DirectoryServices.ni.dll
+ 2009-01-03 11:46:08 229,376 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b9e1f2e65fd082469473ec1f0700e0bc\System.Drawing.Design.ni.dll
+ 2009-01-03 11:46:16 1,626,112 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e6002639d2719344a46c2804e15d2e12\System.Drawing.ni.dll
+ 2009-01-03 12:18:33 659,456 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\09c7a5508a7bdf4498597f47e87dbeab\System.EnterpriseServices.ni.dll
+ 2009-01-03 12:18:33 294,912 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\09c7a5508a7bdf4498597f47e87dbeab\System.EnterpriseServices.Wrapper.dll
+ 2009-01-03 12:18:37 729,088 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\e1d806f1c620c74889170d48788db298\System.Security.ni.dll
+ 2009-01-03 12:18:41 684,032 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\c7070241d7b2e24186e3f1b158867d55\System.Transactions.ni.dll
+ 2009-01-03 12:19:40 2,310,144 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\36966f35822e3947abe633bcac43e4c3\System.Web.Mobile.ni.dll
+ 2009-01-03 12:19:41 237,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\8d1e36a85a4f764cb3cfb8f4ceb8c84d\System.Web.RegularExpressions.ni.dll
+ 2009-01-03 12:19:47 1,945,600 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\b0d8d9fa6e67f44f974f98952983a4f4\System.Web.Services.ni.dll
+ 2009-01-03 12:19:28 11,808,768 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\9b1edb0ed9acac45bf3c8504e86e234d\System.Web.ni.dll
+ 2009-01-03 11:46:53 13,107,200 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ec207eddbc64ee43a97f7b4d3c4720da\System.Windows.Forms.ni.dll
+ 2009-01-03 11:47:11 5,640,192 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25ede489768fc54bbecde15d98d2eaed\System.Xml.ni.dll
+ 2009-01-03 11:46:06 8,093,696 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System\8c3485a694b9ce419b85b826d87ad936\System.ni.dll
+ 2002-07-25 16:13:18 24,576 ----a-w c:\windows\Downloaded Program Files\dwusplay.dll
+ 2002-07-25 16:13:12 196,608 ----a-w c:\windows\Downloaded Program Files\dwusplay.exe
+ 2002-07-25 16:05:32 172,032 ----a-w c:\windows\Downloaded Program Files\isusweb.dll
- 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2004-08-03 23:57:16 61,440 -c----w c:\windows\ie7\admparse.dll
+ 2004-08-03 23:57:16 102,400 -c----w c:\windows\ie7\advpack.dll
+ 2004-08-03 23:57:16 1,016,832 -c----w c:\windows\ie7\browseui.dll
+ 2004-08-03 23:57:18 35,328 -c----w c:\windows\ie7\corpol.dll
+ 2004-05-11 23:18:58 28,672 -c----w c:\windows\ie7\custsat.dll
+ 2004-08-03 23:57:18 357,888 -c----w c:\windows\ie7\dxtmsft.dll
+ 2004-08-03 23:57:18 201,728 -c----w c:\windows\ie7\dxtrans.dll
+ 2004-08-03 23:57:20 55,808 -c----w c:\windows\ie7\extmgr.dll
+ 2004-08-03 23:57:22 38,912 -c----w c:\windows\ie7\hmmapi.dll
+ 2004-08-03 23:57:58 34,304 -c----w c:\windows\ie7\ie4uinit.exe
+ 2004-08-03 23:57:22 139,264 -c----w c:\windows\ie7\ieakeng.dll
+ 2004-08-03 23:57:22 220,672 -c----w c:\windows\ie7\ieaksie.dll
+ 2001-08-23 13:00:00 237,568 -c----w c:\windows\ie7\ieakui.dll
+ 2004-08-03 23:57:22 323,584 -c----w c:\windows\ie7\iedkcs32.dll
+ 2004-08-03 23:57:58 18,432 -c----w c:\windows\ie7\iedw.exe
+ 2004-08-03 23:57:22 81,920 -c----w c:\windows\ie7\ieencode.dll
+ 2004-08-03 23:57:22 249,344 -c----w c:\windows\ie7\iepeers.dll
+ 2004-08-03 23:57:22 49,152 -c----w c:\windows\ie7\iernonce.dll
+ 2004-08-03 23:57:22 64,000 -c----w c:\windows\ie7\iesetup.dll
+ 2004-08-03 23:57:58 93,184 -c----w c:\windows\ie7\iexplore.exe
+ 2004-08-03 23:57:22 35,840 -c----w c:\windows\ie7\imgutil.dll
+ 2004-08-03 23:57:22 96,768 -c----w c:\windows\ie7\inseng.dll
+ 2004-08-03 23:57:24 450,560 -c----w c:\windows\ie7\jscript.dll
+ 2004-08-03 23:57:24 15,872 -c----w c:\windows\ie7\jsproxy.dll
+ 2004-08-03 23:57:24 22,016 -c----w c:\windows\ie7\licmgr10.dll
+ 2004-08-03 23:58:06 29,184 -c----w c:\windows\ie7\mshta.exe
+ 2004-08-03 23:57:28 3,003,392 -c----w c:\windows\ie7\mshtml.dll
+ 2004-08-03 23:57:28 448,512 -c----w c:\windows\ie7\mshtmled.dll
+ 2004-08-03 23:55:32 57,344 -c----w c:\windows\ie7\mshtmler.dll
+ 2001-08-23 13:00:00 146,432 -c----w c:\windows\ie7\msls31.dll
+ 2004-08-03 23:57:30 146,432 -c----w c:\windows\ie7\msrating.dll
+ 2004-08-03 23:57:30 530,432 -c----w c:\windows\ie7\mstime.dll
+ 2004-08-03 23:57:32 97,792 -c----w c:\windows\ie7\occache.dll
+ 2004-08-03 23:57:34 39,424 -c----w c:\windows\ie7\pngfilt.dll
+ 2004-08-03 23:57:34 1,483,776 -c----w c:\windows\ie7\shdocvw.dll
+ 2004-08-03 23:57:34 474,112 -c----w c:\windows\ie7\shlwapi.dll
+ 2007-09-26 17:08:50 33,472 -c----w c:\windows\ie7\spuninst\iecustom.dll
+ 2007-09-26 17:06:42 66,048 -c--a-w c:\windows\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 16:42:32 217,312 -c----w c:\windows\ie7\spuninst\spuninst.exe
+ 2006-09-06 16:42:34 377,568 -c----w c:\windows\ie7\spuninst\updspapi.dll
+ 2004-08-03 23:57:38 37,888 -c----w c:\windows\ie7\url.dll
+ 2004-08-03 23:57:38 603,136 -c----w c:\windows\ie7\urlmon.dll
+ 2004-08-03 23:57:38 417,792 -c----w c:\windows\ie7\vbscript.dll
+ 2004-08-03 23:57:38 848,384 -c----w c:\windows\ie7\vgx.dll
+ 2004-08-03 23:57:38 281,088 -c----w c:\windows\ie7\webcheck.dll
+ 2004-08-03 23:57:38 662,016 -c----w c:\windows\ie7\wininet.dll
+ 2008-12-09 17:40:50 32,768 ----a-r c:\windows\Installer\{90AF0407-6000-11D3-8CFE-0150048383C9}\ppvwicon.exe
+ 2009-03-09 08:08:37 23,558 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000001}\ARPPRODUCTICON.exe
+ 2001-07-01 16:30:00 112,640 ----a-w c:\windows\lsb_un20.exe
- 2003-02-20 18:09:46 57,344 ----a-w c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2005-09-23 06:28:52 72,704 ----a-w c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
- 2003-02-20 18:09:32 5,120 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2005-09-23 06:28:52 7,680 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2005-09-23 06:28:56 7,680 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2005-09-23 06:28:58 7,680 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2005-09-23 06:28:56 7,680 ----a-w c:\windows\Microsoft.NET\Framework\SharedReg12.dll
- 2003-02-20 17:43:50 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2005-09-23 06:28:52 86,528 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2005-12-09 16:53:12 21,504 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1031\alinkui.dll
+ 2005-12-09 16:53:12 160,256 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1031\cscompui.dll
+ 2005-12-09 16:53:14 5,120 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1031\CvtResUI.dll
+ 2005-12-09 16:53:20 214,016 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1031\vbc7ui.dll
+ 2005-12-09 16:53:08 246,784 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1031\Vsavb7rtUI.dll
+ 2005-09-23 06:28:36 18,944 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2005-09-23 06:28:42 136,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2005-09-23 06:28:44 4,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2005-09-23 06:29:04 183,808 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2005-09-23 06:28:28 208,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2005-09-23 06:28:56 10,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2005-09-23 06:28:58 138,240 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2005-09-23 06:28:36 87,552 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2005-09-23 06:28:58 55,488 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2005-09-23 06:28:32 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2005-09-23 06:28:32 10,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2005-09-23 06:28:32 8,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2005-09-23 06:28:32 23,552 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2005-09-23 06:28:32 70,656 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2005-09-23 06:28:32 13,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2005-09-23 06:28:32 26,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2005-09-23 06:28:32 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2005-09-23 06:28:32 29,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2005-09-23 06:28:32 29,888 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2005-09-23 06:28:32 503,808 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2005-09-23 06:28:56 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2005-09-23 06:28:56 88,576 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2005-09-23 06:28:42 76,984 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2005-09-23 06:28:42 1,144,832 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2005-09-23 06:28:42 13,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2005-09-23 06:28:58 17,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2005-09-23 06:28:56 68,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2005-09-23 06:28:44 31,936 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2005-12-09 16:53:10 8,704 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\aspnet_compiler.resources.dll
+ 2005-12-09 16:53:10 79,872 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\aspnet_rc.dll
+ 2005-12-09 16:53:10 5,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\aspnet_regbrowsers.resources.dll
+ 2005-12-09 16:53:10 40,960 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\aspnet_regsql.resources.dll
+ 2005-12-09 16:53:10 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\aspnetmmcext.resources.dll
+ 2005-12-09 16:53:18 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\caspol.resources.dll
+ 2005-12-09 16:53:18 4,096 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\InstallUtil.resources.dll
+ 2005-12-09 16:53:16 6,656 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\JSC.Resources.dll
+ 2005-12-09 16:53:18 53,248 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\Microsoft.Build.Engine.resources.dll
+ 2005-12-09 16:53:18 139,264 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\Microsoft.Build.Tasks.resources.dll
+ 2005-12-09 16:53:18 10,240 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\Microsoft.Build.Utilities.Resources.dll
+ 2005-12-09 16:53:16 45,056 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\Microsoft.JScript.Resources.dll
+ 2005-12-09 16:53:20 61,440 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\Microsoft.VisualBasic.resources.dll
+ 2005-12-09 16:53:18 13,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\MSBuild.resources.dll
+ 2005-12-09 16:53:18 311,296 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\mscorlib.resources.dll
+ 2005-12-09 16:53:18 408,064 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\mscorrc.dll
+ 2005-12-09 16:53:18 11,264 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\Regasm.resources.dll
+ 2005-12-09 16:53:18 86,528 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\ShFusRes.dll
+ 2005-12-09 16:53:18 10,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\sysglobl.resources.dll
+ 2005-12-09 16:53:18 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Configuration.Install.Resources.dll
+ 2005-12-09 16:53:18 49,152 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Configuration.resources.dll
+ 2005-12-09 16:53:18 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Data.OracleClient.resources.dll
+ 2005-12-09 16:53:18 335,872 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Data.Resources.dll
+ 2005-12-09 16:53:18 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\system.data.sqlxml.resources.dll
+ 2005-12-09 16:53:12 385,024 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Deployment.resources.dll
+ 2005-12-09 16:53:18 544,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Design.Resources.dll
+ 2005-12-09 16:53:18 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.DirectoryServices.Protocols.resources.dll
+ 2005-12-09 16:53:18 40,960 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.DirectoryServices.Resources.dll
+ 2005-12-09 16:53:18 6,144 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Drawing.Design.Resources.dll
+ 2005-12-09 16:53:18 24,576 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Drawing.Resources.dll
+ 2005-12-09 16:53:18 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.EnterpriseServices.Resources.dll
+ 2005-12-09 16:53:18 13,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Management.Resources.dll
+ 2005-12-09 16:53:18 61,440 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Messaging.Resources.dll
+ 2005-12-09 16:53:18 208,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\system.resources.dll
+ 2005-12-09 16:53:18 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Runtime.Remoting.Resources.dll
+ 2005-12-09 16:53:18 11,776 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Runtime.Serialization.Formatters.Soap.Resources.dll
+ 2005-12-09 16:53:18 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Security.Resources.dll
+ 2005-12-09 16:53:18 40,960 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.ServiceProcess.Resources.dll
+ 2005-12-09 16:53:18 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Transactions.resources.dll
+ 2005-12-09 16:53:18 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Web.Mobile.resources.dll
+ 2005-12-09 16:53:18 614,400 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Web.Resources.dll
+ 2005-12-09 16:53:18 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Web.Services.Resources.dll
+ 2005-12-09 16:53:18 430,080 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Windows.Forms.Resources.dll
+ 2005-12-09 16:53:18 163,840 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.xml.Resources.dll
+ 2005-09-23 06:28:38 52,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2005-09-23 06:28:38 4,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2005-09-23 06:29:12 547,840 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2005-09-23 06:28:56 788,992 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2005-09-23 06:28:50 9,216 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2005-12-09 16:53:22 9,216 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC\de\Microsoft.VisualBasic.Compatibility.Data.resources.dll
+ 2005-12-09 16:53:22 9,728 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC\de\Microsoft.VisualBasic.Compatibility.resources.dll
+ 2005-09-23 06:28:56 9,728 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2005-09-23 06:28:56 8,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2005-09-23 06:28:56 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2005-09-23 06:28:56 5,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2005-09-23 06:28:56 224,952 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2005-09-23 06:28:56 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2005-09-23 06:28:56 55,296 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2005-09-23 06:28:56 72,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2005-09-23 06:28:48 40,960 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2005-12-09 09:46:32 609,472 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - DEU\install.exe
+ 2005-12-09 09:46:32 85,504 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - DEU\install.res.1031.dll
+ 2005-12-09 11:26:10 245,408 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - DEU\unicows.dll
+ 2005-09-23 06:01:16 609,472 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
+ 2005-09-23 05:29:48 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1025.dll
+ 2005-09-23 05:32:24 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1028.dll
+ 2005-09-23 05:34:10 82,944 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1029.dll
+ 2005-09-23 05:34:12 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1030.dll
+ 2005-09-23 05:34:44 85,504 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1031.dll
+ 2005-09-23 05:36:24 87,552 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1032.dll
+ 2005-09-23 02:46:14 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1033.dll
+ 2005-09-23 05:38:26 81,408 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1035.dll
+ 2005-09-23 05:38:52 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1036.dll
+ 2005-09-23 05:40:30 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1037.dll
+ 2005-09-23 05:40:32 83,968 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1038.dll
+ 2005-09-23 05:40:56 84,480 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1040.dll
+ 2005-09-23 05:42:58 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1041.dll
+ 2005-09-23 05:44:58 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1042.dll
+ 2005-09-23 05:46:38 83,456 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1043.dll
+ 2005-09-23 05:46:38 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1044.dll
+ 2005-09-23 05:46:40 83,456 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1045.dll
+ 2005-09-23 05:47:04 82,432 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1046.dll
+ 2005-09-23 05:47:30 82,432 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1049.dll
+ 2005-09-23 05:47:32 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1053.dll
+ 2005-09-23 05:47:32 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1055.dll
+ 2005-09-23 05:30:18 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2052.dll
+ 2005-09-23 05:47:06 84,480 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2070.dll
+ 2005-09-23 05:29:50 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3076.dll
+ 2005-09-23 05:36:48 85,504 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3082.dll
+ 2005-09-23 06:57:06 245,408 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\unicows.dll
+ 2005-09-23 06:28:48 413,696 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2005-09-23 06:28:48 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2005-09-23 06:28:48 647,168 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2005-09-23 06:28:48 73,728 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2005-09-23 06:28:48 745,472 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2005-09-23 06:29:10 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2005-09-23 06:29:10 372,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2005-09-23 06:29:08 667,648 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2005-09-23 06:28:30 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2005-09-23 06:29:10 5,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2005-09-23 06:28:30 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2005-09-23 06:28:30 12,800 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2005-09-23 06:28:30 7,168 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2005-09-23 06:28:32 87,552 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2005-09-23 06:28:48 69,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2005-09-23 06:28:56 800,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2005-09-23 06:28:56 73,216 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2005-09-23 06:28:56 288,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2005-09-23 06:28:56 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2005-09-23 06:28:56 326,144 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2005-09-23 06:28:56 81,408 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2005-09-23 06:28:56 4,308,992 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2005-09-23 06:28:56 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2005-09-23 06:29:00 330,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2005-09-23 06:28:56 67,072 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2005-09-23 06:28:50 9,216 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2005-09-23 06:28:56 226,816 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2005-09-23 06:28:56 66,240 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2005-09-23 06:28:56 10,240 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2005-09-23 06:28:50 5,615,616 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2005-12-09 16:53:18 23,552 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0407\mscorsecr.dll
+ 2005-09-23 06:29:00 22,528 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2005-09-23 06:28:56 96,440 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2005-09-23 06:28:56 14,848 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2005-09-23 06:28:56 78,336 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2005-09-23 06:28:50 136,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2005-09-23 06:28:56 53,248 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2005-09-23 06:28:56 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2005-09-23 06:29:02 59,072 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2005-09-23 06:28:58 7,680 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2005-09-23 06:28:56 107,520 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2005-09-23 06:29:00 85,504 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2005-09-23 06:28:56 377,344 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2005-09-23 06:28:56 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2005-09-23 06:28:58 389,120 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2005-09-23 06:28:56 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2005-09-23 06:28:56 2,878,976 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2005-09-23 06:28:56 482,304 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2005-09-23 06:28:56 716,800 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2005-09-23 06:28:38 884,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2005-09-23 06:28:56 5,050,368 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2005-09-23 06:28:56 397,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2005-09-23 06:28:56 188,416 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2005-09-23 06:28:56 3,018,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2005-09-23 06:28:56 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2005-09-23 06:28:56 700,416 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2005-09-23 06:28:56 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2005-09-23 06:28:56 47,616 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2005-09-23 06:28:56 114,176 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2005-09-23 06:28:56 368,640 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2005-09-23 06:28:56 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2005-09-23 06:28:56 299,008 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2005-09-23 06:28:56 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2005-09-23 06:28:56 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2005-09-23 06:28:56 114,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2005-09-23 06:28:56 260,096 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2005-09-23 06:28:56 5,025,792 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2005-09-23 06:28:56 835,584 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2005-09-23 06:28:56 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2005-09-23 06:28:56 823,296 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2005-09-23 06:28:56 5,316,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2005-09-23 06:28:56 2,035,712 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2005-09-23 06:28:56 71,680 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2005-09-23 06:29:06 1,140,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2005-09-23 06:28:30 1,306,624 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2005-09-23 06:28:32 298,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2005-09-23 06:28:56 28,160 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
- 2000-08-31 07:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 06:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 06:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2004-08-03 23:57:16 61,440 ----a-w c:\windows\system32\admparse.dll
+ 2007-08-13 17:39:20 71,680 ----a-w c:\windows\system32\admparse.dll
+ 2003-05-15 00:32:58 21,099 ----a-w c:\windows\system32\AdobePDF.dll
- 2004-08-03 23:57:16 102,400 ----a-w c:\windows\system32\advpack.dll
+ 2007-08-13 17:39:00 123,904 ----a-w c:\windows\system32\advpack.dll
+ 2000-01-31 04:00:00 25,600 ----a-w c:\windows\system32\borlndmm.dll
- 2004-08-03 23:57:16 1,016,832 ----a-w c:\windows\system32\browseui.dll
+ 2006-09-23 12:12:36 1,022,976 ----a-w c:\windows\system32\browseui.dll
+ 2000-01-31 04:00:00 1,496,064 ----a-w c:\windows\system32\cc3250mt.dll
- 2004-08-03 23:57:18 35,328 ----a-w c:\windows\system32\corpol.dll
+ 2007-08-13 17:42:54 17,408 ----a-w c:\windows\system32\corpol.dll
+ 2005-12-05 17:09:18 2,323,664 ----a-w c:\windows\system32\d3dx9_28.dll
+ 2006-03-31 11:40:58 2,388,176 ----a-w c:\windows\system32\d3dx9_30.dll
+ 2005-09-23 06:28:38 83,456 ----a-w c:\windows\system32\dfshim.dll
+ 2007-08-13 17:39:20 71,680 -c----w c:\windows\system32\dllcache\admparse.dll
+ 2007-08-13 17:39:00 123,904 -c----w c:\windows\system32\dllcache\advpack.dll
+ 2006-09-23 12:12:36 1,022,976 -c----w c:\windows\system32\dllcache\browseui.dll
+ 2007-08-13 17:42:54 17,408 -c----w c:\windows\system32\dllcache\corpol.dll
- 2004-05-11 23:18:58 28,672 -c--a-w c:\windows\system32\dllcache\custsat.dll
+ 2007-08-13 17:54:10 33,792 -c--a-w c:\windows\system32\dllcache\custsat.dll
+ 2007-08-13 17:35:46 346,624 -c----w c:\windows\system32\dllcache\dxtmsft.dll
+ 2007-08-13 17:35:38 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
+ 2007-08-13 17:54:10 131,584 -c----w c:\windows\system32\dllcache\extmgr.dll
+ 2007-08-13 17:18:02 60,416 -c----w c:\windows\system32\dllcache\hmmapi.dll
+ 2007-08-13 17:39:06 54,784 -c----w c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-13 17:39:26 152,064 -c----w c:\windows\system32\dllcache\ieakeng.dll
+ 2007-08-13 17:39:54 229,376 -c----w c:\windows\system32\dllcache\ieaksie.dll
- 2001-08-23 13:00:00 237,568 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2007-08-13 16:56:54 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2007-08-13 17:39:50 382,976 -c----w c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-13 17:44:02 69,120 -c----w c:\windows\system32\dllcache\iedw.exe
+ 2007-08-13 17:45:18 78,336 -c----w c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-13 17:54:10 191,488 -c----w c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-13 17:39:10 43,008 -c----w c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-13 17:39:12 55,296 -c----w c:\windows\system32\dllcache\iesetup.dll
+ 2007-08-13 17:43:56 622,080 -c----w c:\windows\system32\dllcache\iexplore.exe
+ 2007-08-13 17:36:06 36,352 -c----w c:\windows\system32\dllcache\imgutil.dll
+ 2007-08-13 17:39:02 92,672 -c----w c:\windows\system32\dllcache\inseng.dll
+ 2007-08-13 17:38:04 491,520 -c----w c:\windows\system32\dllcache\jscript.dll
+ 2007-08-13 17:54:10 27,136 -c----w c:\windows\system32\dllcache\jsproxy.dll
+ 2007-08-13 17:44:18 40,960 -c----w c:\windows\system32\dllcache\licmgr10.dll
+ 2007-08-13 17:32:30 45,568 -c----w c:\windows\system32\dllcache\mshta.exe
+ 2007-08-13 17:54:12 3,578,368 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2007-08-13 17:54:10 475,648 -c----w c:\windows\system32\dllcache\mshtmled.dll
+ 2007-08-13 17:01:12 48,128 -c----w c:\windows\system32\dllcache\mshtmler.dll
- 2001-08-23 13:00:00 146,432 -c--a-w c:\windows\system32\dllcache\msls31.dll
+ 2007-08-13 17:54:10 156,160 -c--a-w c:\windows\system32\dllcache\msls31.dll
+ 2007-08-13 17:44:26 192,000 -c----w c:\windows\system32\dllcache\msrating.dll
+ 2007-08-13 17:54:10 670,720 -c----w c:\windows\system32\dllcache\mstime.dll
+ 2007-08-13 17:44:06 101,376 -c----w c:\windows\system32\dllcache\occache.dll
+ 2007-08-13 17:36:12 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
+ 2006-09-23 12:12:38 1,497,088 -c----w c:\windows\system32\dllcache\shdocvw.dll
+ 2006-09-23 12:12:38 474,624 -c----w c:\windows\system32\dllcache\shlwapi.dll
+ 2007-08-13 17:44:30 105,984 -c----w c:\windows\system32\dllcache\url.dll
+ 2007-08-13 17:54:10 1,162,240 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2007-08-13 17:54:10 413,696 -c----w c:\windows\system32\dllcache\vbscript.dll
+ 2007-08-13 17:54:10 765,952 -c----w c:\windows\system32\dllcache\VGX.dll
+ 2007-08-13 17:54:10 231,424 -c----w c:\windows\system32\dllcache\webcheck.dll
+ 2007-08-13 17:54:10 818,688 -c----w c:\windows\system32\dllcache\wininet.dll
- 2008-06-27 14:03:52 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys
+ 2008-12-17 09:26:38 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys
- 2004-08-03 23:57:18 357,888 ----a-w c:\windows\system32\dxtmsft.dll
+ 2007-08-13 17:35:46 346,624 ----a-w c:\windows\system32\dxtmsft.dll
- 2004-08-03 23:57:18 201,728 ----a-w c:\windows\system32\dxtrans.dll
+ 2007-08-13 17:35:38 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2004-08-03 23:57:20 55,808 ------w c:\windows\system32\extmgr.dll
+ 2007-08-13 17:54:10 131,584 ----a-w c:\windows\system32\extmgr.dll
+ 2006-08-23 11:33:46 6,144 ----a-w c:\windows\system32\ff_vfw.dll
- 2008-12-05 15:45:25 139,648 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-09 14:44:34 209,696 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2002-08-29 19:00:00 1,703,936 ----a-w c:\windows\system32\gdiplus.dll
+ 2003-12-11 10:15:48 626,960 ----a-r c:\windows\system32\hpvaut32.dll
+ 2003-12-11 10:15:48 487,424 ----a-r c:\windows\system32\hpvcp70.dll
+ 2003-12-11 10:15:48 344,064 ----a-r c:\windows\system32\hpvcr70.dll
+ 2007-08-13 17:36:26 61,952 ------w c:\windows\system32\icardie.dll
+ 2006-06-29 07:05:44 26,112 ------w c:\windows\system32\idndl.dll
- 2004-08-03 23:57:58 34,304 ----a-w c:\windows\system32\ie4uinit.exe
+ 2007-08-13 17:39:06 54,784 ----a-w c:\windows\system32\ie4uinit.exe
- 2004-08-03 23:57:22 139,264 ----a-w c:\windows\system32\ieakeng.dll
+ 2007-08-13 17:39:26 152,064 ----a-w c:\windows\system32\ieakeng.dll
- 2004-08-03 23:57:22 220,672 ----a-w c:\windows\system32\ieaksie.dll
+ 2007-08-13 17:39:54 229,376 ----a-w c:\windows\system32\ieaksie.dll
- 2001-08-23 13:00:00 237,568 ----a-w c:\windows\system32\ieakui.dll
+ 2007-08-13 16:56:54 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2007-02-12 15:10:12 2,451,312 ------w c:\windows\system32\ieapfltr.dat
+ 2007-07-11 11:27:48 383,488 ------w c:\windows\system32\ieapfltr.dll
- 2004-08-03 23:57:22 323,584 ----a-w c:\windows\system32\iedkcs32.dll
+ 2007-08-13 17:39:50 382,976 ----a-w c:\windows\system32\iedkcs32.dll
- 2004-08-03 23:57:22 81,920 ------w c:\windows\system32\ieencode.dll
+ 2007-08-13 17:45:18 78,336 ----a-w c:\windows\system32\ieencode.dll
+ 2007-08-13 17:54:10 6,049,280 ------w c:\windows\system32\ieframe.dll
- 2004-08-03 23:57:22 249,344 ----a-w c:\windows\system32\iepeers.dll
+ 2007-08-13 17:54:10 191,488 ----a-w c:\windows\system32\iepeers.dll
- 2004-08-03 23:57:22 49,152 ----a-w c:\windows\system32\iernonce.dll
+ 2007-08-13 17:39:10 43,008 ----a-w c:\windows\system32\iernonce.dll
+ 2007-08-13 17:34:04 266,752 ------w c:\windows\system32\iertutil.dll
- 2004-08-03 23:57:22 64,000 ----a-w c:\windows\system32\iesetup.dll
+ 2007-08-13 17:39:12 55,296 ----a-w c:\windows\system32\iesetup.dll
+ 2007-08-13 17:39:10 13,312 ----a-w c:\windows\system32\ieudinit.exe
+ 2007-08-13 17:54:10 180,736 ------w c:\windows\system32\ieui.dll
- 2004-07-26 16:16:10 1,568,768 ----a-w c:\windows\system32\imagX7.dll
+ 2006-03-17 11:45:52 1,757,184 ----a-w c:\windows\system32\imagX7.dll
- 2004-07-26 16:16:10 476,320 ----a-w c:\windows\system32\imagXpr7.dll
+ 2006-03-17 11:45:54 497,296 ----a-w c:\windows\system32\imagXpr7.dll
- 2004-07-26 16:16:10 262,144 ----a-w c:\windows\system32\imagXR7.dll
+ 2006-03-17 11:45:54 258,048 ----a-w c:\windows\system32\imagXR7.dll
- 2004-07-26 16:16:10 471,040 ----a-w c:\windows\system32\imagXRA7.dll
+ 2006-03-17 11:45:54 802,816 ----a-w c:\windows\system32\imagXRA7.dll
- 2004-08-03 23:57:22 35,840 ----a-w c:\windows\system32\imgutil.dll
+ 2007-08-13 17:36:06 36,352 ----a-w c:\windows\system32\imgutil.dll
+ 2006-07-22 18:37:54 49,152 ------w c:\windows\system32\INETWH32.dll
- 2004-08-03 23:57:22 96,768 ----a-w c:\windows\system32\inseng.dll
+ 2007-08-13 17:39:02 92,672 ----a-w c:\windows\system32\inseng.dll
+ 2006-12-19 09:30:26 81,920 ----a-w c:\windows\system32\IoctlSvc.exe
- 2004-08-03 23:57:24 450,560 ----a-w c:\windows\system32\jscript.dll
+ 2007-08-13 17:38:04 491,520 ----a-w c:\windows\system32\jscript.dll
- 2004-08-03 23:57:24 15,872 ----a-w c:\windows\system32\jsproxy.dll
+ 2007-08-13 17:54:10 27,136 ----a-w c:\windows\system32\jsproxy.dll
+ 2006-11-06 14:30:38 262,144 ----a-w c:\windows\system32\lame_enc.dll
- 2004-08-03 23:57:24 22,016 ----a-w c:\windows\system32\licmgr10.dll
+ 2007-08-13 17:44:18 40,960 ----a-w c:\windows\system32\licmgr10.dll
+ 2003-03-19 05:19:59 1,060,864 ----a-w c:\windows\system32\MFC71.dll
- 2004-07-14 23:24:50 155,648 ----a-w c:\windows\system32\mscoree.dll
+ 2005-09-23 06:28:52 270,848 ----a-w c:\windows\system32\mscoree.dll
- 2004-07-14 22:34:06 16,896 ----a-w c:\windows\system32\mscorier.dll
+ 2005-09-23 06:28:52 150,016 ----a-w c:\windows\system32\mscorier.dll
- 2003-02-20 18:09:14 106,496 ----a-w c:\windows\system32\mscories.dll
+ 2005-09-23 06:28:52 74,240 ----a-w c:\windows\system32\mscories.dll
+ 2007-08-13 17:54:10 458,752 ------w c:\windows\system32\msfeeds.dll
+ 2007-08-13 17:54:10 50,688 ------w c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 17:36:40 12,288 ------w c:\windows\system32\msfeedssync.exe
- 2004-08-03 23:58:06 29,184 ----a-w c:\windows\system32\mshta.exe
+ 2007-08-13 17:32:30 45,568 ----a-w c:\windows\system32\mshta.exe
- 2004-08-03 23:57:28 3,003,392 ----a-w c:\windows\system32\mshtml.dll
+ 2007-08-13 17:54:12 3,578,368 ----a-w c:\windows\system32\mshtml.dll
- 2004-08-03 23:57:28 448,512 ----a-w c:\windows\system32\mshtmled.dll
+ 2007-08-13 17:54:10 475,648 ----a-w c:\windows\system32\mshtmled.dll
- 2004-08-03 23:55:32 57,344 ----a-w c:\windows\system32\mshtmler.dll
+ 2007-08-13 17:01:12 48,128 ----a-w c:\windows\system32\mshtmler.dll
- 2001-08-23 13:00:00 146,432 ----a-w c:\windows\system32\msls31.dll
+ 2007-08-13 17:54:10 156,160 ----a-w c:\windows\system32\msls31.dll
- 2004-08-03 23:57:30 146,432 ----a-w c:\windows\system32\msrating.dll
+ 2007-08-13 17:44:26 192,000 ----a-w c:\windows\system32\msrating.dll
- 2004-08-03 23:57:30 530,432 ----a-w c:\windows\system32\mstime.dll
+ 2007-08-13 17:54:10 670,720 ----a-w c:\windows\system32\mstime.dll
- 2004-08-03 23:57:30 1,392,671 ----a-w c:\windows\system32\msvbvm60.dll
+ 2004-02-23 19:42:40 1,386,496 ----a-w c:\windows\system32\msvbvm60.dll
+ 2004-01-01 07:34:06 24,576 ----a-w c:\windows\system32\msxml3a.dll
+ 2005-12-09 16:53:18 7,168 ----a-w c:\windows\system32\mui\0407\mscorees.dll
+ 2005-09-23 06:29:00 6,144 ----a-w c:\windows\system32\mui\0409\mscorees.dll
- 2005-02-16 14:18:04 90,184 ----a-w c:\windows\system32\NeroCo.dll
+ 2008-02-18 16:04:04 95,600 ----a-w c:\windows\system32\NeroCo.dll
+ 2006-06-28 16:59:26 24,576 ------w c:\windows\system32\nlsdl.dll
+ 2006-06-29 07:05:44 23,552 ------w c:\windows\system32\normaliz.dll
+ 2004-03-24 02:12:34 17,280 ----a-w c:\windows\system32\nsndis5.sys
+ 2004-03-24 02:49:36 94,208 ----a-w c:\windows\system32\nsndis50.dll
- 2004-08-03 23:57:32 97,792 ----a-w c:\windows\system32\occache.dll
+ 2007-08-13 17:44:06 101,376 ----a-w c:\windows\system32\occache.dll
- 2008-11-13 17:24:15 63,778 ----a-w c:\windows\system32\perfc007.dat
+ 2009-01-03 11:48:16 75,194 ----a-w c:\windows\system32\perfc007.dat
- 2008-11-13 17:24:15 52,900 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-03 11:48:16 62,480 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-13 17:24:15 391,330 ----a-w c:\windows\system32\perfh007.dat
+ 2009-01-03 11:48:16 415,800 ----a-w c:\windows\system32\perfh007.dat
- 2008-11-13 17:24:16 380,486 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-03 11:48:16 401,200 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-22 11:52:45 278,528 ----a-w c:\windows\system32\pncrt.dll
+ 2008-12-22 11:52:46 6,656 ----a-w c:\windows\system32\pndx5016.dll
+ 2008-12-22 11:52:46 5,632 ----a-w c:\windows\system32\pndx5032.dll
- 2004-08-03 23:57:34 39,424 ----a-w c:\windows\system32\pngfilt.dll
+ 2007-08-13 17:36:12 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2008-12-01 18:48:59 405,280 ----a-w c:\windows\system32\Restore\rstrlog.dat
+ 2009-03-30 17:04:17 1,011,632 ----a-w c:\windows\system32\Restore\rstrlog.dat
+ 2008-12-22 11:52:52 185,920 ----a-w c:\windows\system32\rmoc3260.dll
+ 1999-10-15 11:50:10 1,056,768 ------w c:\windows\system32\ROBOEX32.DLL
- 2004-08-03 23:57:34 1,483,776 ----a-w c:\windows\system32\shdocvw.dll
+ 2006-09-23 12:12:38 1,497,088 ----a-w c:\windows\system32\shdocvw.dll
- 2004-08-03 23:57:34 474,112 ----a-w c:\windows\system32\shlwapi.dll
+ 2006-09-23 12:12:38 474,624 ----a-w c:\windows\system32\shlwapi.dll
- 2004-07-17 21:55:24 8,704 ------w c:\windows\system32\spmsg.dll
+ 2006-09-06 16:42:32 15,584 ------w c:\windows\system32\spmsg.dll
+ 2006-12-21 09:42:58 5,632 ----a-w c:\windows\system32\spool\drivers\w32x86\2\wpedrvnt.dll
+ 2006-12-21 09:42:58 172,032 ----a-w c:\windows\system32\spool\drivers\w32x86\2\wpedrvui.dll
+ 2003-05-15 00:02:40 10,809 ----a-w c:\windows\system32\spool\drivers\w32x86\3\AD2KREGP.DLL
+ 2003-11-03 22:25:12 114,688 ----a-w c:\windows\system32\spool\drivers\w32x86\3\AD2KUIGP.DLL
+ 2006-12-21 09:42:58 4,608 ----a-w c:\windows\system32\spool\drivers\w32x86\3\wpedrvnt.dll
+ 2006-12-21 09:42:58 172,032 ----a-w c:\windows\system32\spool\drivers\w32x86\3\wpedrvui.dll
+ 2003-05-15 00:02:40 10,809 ----a-w c:\windows\system32\spool\drivers\w32x86\ad2kregp.dll
+ 2003-11-03 22:25:12 114,688 ----a-w c:\windows\system32\spool\drivers\w32x86\ad2kuigp.dll
+ 2002-10-06 17:11:52 130,560 ----a-w c:\windows\system32\spool\drivers\w32x86\ps5ui.dll
+ 2002-10-06 17:11:54 455,168 ----a-w c:\windows\system32\spool\drivers\w32x86\pscript5.dll
+ 2006-12-21 09:42:58 188,416 ----a-w c:\windows\system32\spool\prtprocs\w32x86\wpeproc.dll
- 2004-08-03 21:42:32 15,872 ----a-w c:\windows\system32\spupdsvc.exe
+ 2006-09-06 16:42:32 22,752 ----a-w c:\windows\system32\spupdsvc.exe
+ 2006-10-04 08:22:02 40,960 ----a-w c:\windows\system32\SSubTmr6.dll
- 2004-07-09 08:43:56 364,544 ----a-w c:\windows\system32\TwnLib4.dll
+ 2006-03-17 14:49:46 368,640 ----a-w c:\windows\system32\TwnLib4.dll
+ 2007-09-04 16:56:10 164,352 ----a-w c:\windows\system32\unrar.dll
- 2004-08-03 23:57:38 37,888 ----a-w c:\windows\system32\url.dll
+ 2007-08-13 17:44:30 105,984 ----a-w c:\windows\system32\url.dll
- 2004-08-03 23:57:38 603,136 ----a-w c:\windows\system32\urlmon.dll
+ 2007-08-13 17:54:10 1,162,240 ----a-w c:\windows\system32\urlmon.dll
- 2004-08-03 23:57:38 417,792 ----a-w c:\windows\system32\vbscript.dll
+ 2007-08-13 17:54:10 413,696 ----a-w c:\windows\system32\vbscript.dll
+ 2006-12-06 11:59:20 94,208 ----a-w c:\windows\system32\viscomaudiodata.dll
+ 2006-12-05 15:19:56 110,592 ----a-w c:\windows\system32\viscomaudioencoder.dll
+ 2006-05-04 00:24:00 90,112 ----a-w c:\windows\system32\viscomframe.dll
+ 2006-12-11 13:08:44 598,016 ----a-w c:\windows\system32\viscomqtde.dll
+ 2006-01-17 02:59:06 147,456 ----a-w c:\windows\system32\viscomqtenc.dll
+ 2006-05-02 21:16:52 98,304 ----a-w c:\windows\system32\viscomtran.dll
+ 2003-08-19 03:31:28 81,920 ----a-w c:\windows\system32\viscomwave.dll
- 2004-08-03 23:57:38 281,088 ----a-w c:\windows\system32\webcheck.dll
+ 2007-08-13 17:54:10 231,424 ----a-w c:\windows\system32\webcheck.dll
+ 2007-08-13 17:45:16 206,336 ------w c:\windows\system32\WinFXDocObj.exe
- 2004-08-03 23:57:38 662,016 ----a-w c:\windows\system32\wininet.dll
+ 2007-08-13 17:54:10 818,688 ----a-w c:\windows\system32\wininet.dll
+ 2006-07-14 15:51:51 121,856 ------w c:\windows\system32\xmllite.dll
+ 2009-03-30 17:05:19 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5d8.dat
- 2005-09-12 15:13:46 233,472 ----a-w c:\windows\UNNeroBackItUp.exe
+ 2007-03-20 20:22:04 972,336 ----a-w c:\windows\UNNeroBackItUp.exe
- 2005-09-12 15:13:46 233,472 ----a-w c:\windows\UNNeroMediaHome.exe
+ 2008-02-28 17:38:48 972,072 ----a-w c:\windows\UNNeroMediaHome.exe
- 2005-09-12 15:13:46 233,472 ----a-w c:\windows\UNNeroShowTime.exe
+ 2007-02-28 15:41:02 972,336 ----a-w c:\windows\UNNeroShowTime.exe
- 2005-09-12 15:13:46 233,472 ----a-w c:\windows\UNNeroVision.exe
+ 2007-03-21 20:02:12 972,336 ----a-w c:\windows\UNNeroVision.exe
- 2005-09-12 15:13:46 233,472 ----a-w c:\windows\UNRecode.exe
+ 2008-03-20 16:56:18 972,072 ----a-w c:\windows\UNRecode.exe
+ 2009-01-21 10:58:36 1,233,920 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
+ 2009-01-21 10:58:36 82,432 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2006-12-01 21:56:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-01 23:25:52 1,101,824 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-01 23:25:56 1,093,120 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-01 23:25:58 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-01 23:26:00 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-01 23:08:00 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-01 23:08:00 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-01 23:08:00 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-01 23:08:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-01 23:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-01 23:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-01 23:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-01 23:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-01 23:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-01 23:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2009-01-03 11:44:19 258,048 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-01-03 11:44:19 114,176 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISDN SpeedManager"="c:\progra~1\T-Online\ISDNSP~1\tomcat.exe" [2005-09-22 1097728]
"Ulead AutoDetector v2"="c:\programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe" [2006-11-29 90112]
"TrISDNLine"="d:\dokumente und einstellungen\graf\Desktop\Progs\TriLine\TrISDNLine\trisdnline.exe" [2004-07-21 732672]
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2008-12-22 185872]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2008-11-11 136600]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2007-10-23 524288]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2004-03-03 46080]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-03-03 2904064]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2008-03-25 570664]
"NBKeyScan"="c:\programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"HP Component Manager"="c:\programme\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2007-06-26 312320]
"avgnt"="c:\programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Adobe Reader Speed Launcher"="j:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"a-squared Anti-Dialer"="j:\programme\a-squared Anti-Dialer\a2adguard.exe" [2008-06-03 1497744]
"nwiz"="nwiz.exe" [2004-03-03 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Acrobat Assistant.lnk - j:\programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]
ISDNWatch.lnk - j:\programme\Fritz!\IWatch.exe [2008-11-11 274432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"wmsncs.exe"= wmsncs.exe:SYSTEM
"j:\\Programme\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Programme\\IEPro\\MiniDM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3751:TCP"= 3751:TCP:FD
"1960:TCP"= 1960:TCP:FD
"1200:TCP"= 1200:TCP:FD
"1280:TCP"= 1280:TCP:FD
"2839:TCP"= 2839:TCP:FD
"1390:TCP"= 1390:TCP:FD
"2036:TCP"= 2036:TCP:FD
"1877:TCP"= 1877:TCP:FD
"1361:TCP"= 1361:TCP:FD
"3918:TCP"= 3918:TCP:FD
"4023:TCP"= 4023:TCP:FD
"1013:TCP"= 1013:TCP:BS
"8080:TCP"= 8080:TCP:pORT1
"8081:TCP"= 8081:TCP:pORT2
"4089:TCP"= 4089:TCP:FD
"1476:TCP"= 1476:TCP:FD
"3108:TCP"= 3108:TCP:FD
"5029:TCP"= 5029:TCP:FD
"3576:TCP"= 3576:TCP:FD
"2183:TCP"= 2183:TCP:FD
"1951:TCP"= 1951:TCP:FD
"4114:TCP"= 4114:TCP:FD
"5016:TCP"= 5016:TCP:FD
"4479:TCP"= 4479:TCP:FD
"2015:TCP"= 2015:TCP:FD
"2527:TCP"= 2527:TCP:FD
"1825:TCP"= 1825:TCP:FD
"4574:TCP"= 4574:TCP:FD
"3915:TCP"= 3915:TCP:FD
"2284:TCP"= 2284:TCP:FD
"2532:TCP"= 2532:TCP:FD
"3577:TCP"= 3577:TCP:FD
"3610:TCP"= 3610:TCP:FD
"4684:TCP"= 4684:TCP:FD
"1464:TCP"= 1464:TCP:FD
"1544:TCP"= 1544:TCP:FD
"4347:TCP"= 4347:TCP:FD
"4181:TCP"= 4181:TCP:FD
"2387:TCP"= 2387:TCP:FD
"3973:TCP"= 3973:TCP:FD
"2187:TCP"= 2187:TCP:FD
"2618:TCP"= 2618:TCP:FD
"4156:TCP"= 4156:TCP:FD

R2 a2AntiDialer;a-squared Anti-Dialer Service;j:\programme\a-squared Anti-Dialer\a2service.exe [2008-11-14 419448]
R2 AVMPORT;AVMPORT;c:\windows\system32\drivers\avmport.sys [2008-11-11 59520]
R2 SmartSurferManager;SmartSurfer Manager;j:\programme\GMX\GMX SmartSurfer\SmurfService.exe [2008-09-04 132544]
R3 AVMWAN;NDIS WAN CAPI Treiber;c:\windows\system32\drivers\avmwan.sys [2002-11-14 38608]
R3 FXUSBASE;1&1 NetXXL (WinXP/2000);c:\windows\system32\drivers\fxusbase.sys [2002-11-14 503600]
R3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2008-11-12 17536]
R3 TOMCATWAN;T-Online DynamicISDN (WDM);c:\windows\system32\drivers\WTOMCAT.sys [2008-11-12 173334]
S2 SSPORT;SSPORT;\??\c:\windows\System32\Drivers\SSPORT.sys --> c:\windows\System32\Drivers\SSPORT.sys [?]
S3 MIINPazX;MIINPazX NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS [2008-11-12 17152]
S3 WPEServ;WPEServ;c:\programme\Gemeinsame Dateien\wpe\wpeserv.exe [2009-01-25 323584]

--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - DwShield00007D02
*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{103L3C30-C3B3-4130-9363-E59E1375PERM}]
c:\windows\Fonts\wmsncs.exe
.
Inhalt des "geplante Tasks" Ordners

2009-03-30 c:\windows\Tasks\RegCure Program Check.job
- c:\programme\RegCure\RegCure.exe [2008-11-27 20:55]

2009-03-29 c:\windows\Tasks\RegCure.job
- c:\programme\RegCure\RegCure.exe [2008-11-27 20:55]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.web.de/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\programme\IEPro\iepro.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\dokumente und einstellungen\Graf\Anwendungsdaten\Mozilla\Firefox\Profiles\61xby2nx.default\
FF - prefs.js: browser.startup.homepage - www.web.de
FF - component: c:\dokumente und einstellungen\Graf\Anwendungsdaten\Mozilla\Firefox\Profiles\61xby2nx.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: j:\programme\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: j:\programme\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: j:\programme\VideoLAN\VLC\npvlc.dll

---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-30 21:16:48
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2009-03-30 21:18:33
ComboFix-quarantined-files.txt 2009-03-30 19:18:24
ComboFix2.txt 2008-12-08 14:49:30
ComboFix3.txt 2008-12-04 23:20:23

Vor Suchlauf: 7.724.793.856 Bytes frei
Nach Suchlauf: 7,753,056,256 Bytes frei

822

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:29:08, on 30.03.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
J:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
J:\Programme\a-squared Anti-Dialer\a2service.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
J:\Programme\GMX\GMX SmartSurfer\SmurfService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programme\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\PROGRA~1\T-Online\ISDNSP~1\tomcat.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
D:\Dokumente und Einstellungen\graf\Desktop\Progs\TriLine\TrISDNLine\trisdnline.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
J:\Programme\a-squared Anti-Dialer\a2adguard.exe
J:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
J:\Programme\Fritz!\IWatch.exe
J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe
G:\cureit.exe
C:\DOKUME~1\Graf\LOKALE~1\Temp\RarSFX0\_start.exe
C:\Dokumente und Einstellungen\Graf\Desktop\Progs\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programme\IEPro\iepro.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - J:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - J:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - J:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ISDN SpeedManager] "C:\PROGRA~1\T-Online\ISDNSP~1\tomcat.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [TrISDNLine] D:\Dokumente und Einstellungen\graf\Desktop\Progs\TriLine\TrISDNLine\trisdnline.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "J:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "J:\Programme\a-squared Anti-Dialer\a2adguard.exe" /d=60
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = J:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: ISDNWatch.lnk = J:\Programme\Fritz!\IWatch.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Programme\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Programme\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\iepro.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - J:\Programme\a-squared Anti-Dialer\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - J:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SmartSurfer Manager (SmartSurferManager) - United Internet AG - J:\Programme\GMX\GMX SmartSurfer\SmurfService.exe
O23 - Service: WPEServ - soft Xpansion - C:\Programme\Gemeinsame Dateien\WPE\wpeserv.exe

--
End of file - 8185 bytes

gmer
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-03-30 18:29:34
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT F7ECE22C ZwCreateThread
SSDT F7ECE218 ZwOpenProcess
SSDT F7ECE21D ZwOpenThread
SSDT F7ECE227 ZwTerminateProcess
SSDT F7ECE222 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\ctfmon.exe[1132] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[1132] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[1132] ntdll.dll!NtOpenProcess 7C91DD7B 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[1132] ntdll.dll!NtOpenProcess + 4 7C91DD7F 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[1132] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[1132] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 2F, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[1132] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[1132] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[1132] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[1132] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[1132] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 43, 84 ]
.text C:\WINDOWS\system32\ctfmon.exe[1132] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\ctfmon.exe[1132] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\ctfmon.exe[1132] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[1132] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[1132] USER32.dll!PostMessageW 77D18CA3 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\ctfmon.exe[1132] USER32.dll!SendMessageW 77D1B762 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\ctfmon.exe[1132] USER32.dll!SendInput 77D1C454 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[1132] USER32.dll!SendInput + 4 77D1C458 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[1132] USER32.dll!PostMessageA 77D1DB62 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\ctfmon.exe[1132] USER32.dll!SendMessageA 77D1E2AE 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\ctfmon.exe[1132] USER32.dll!mouse_event 77D66321 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[1132] USER32.dll!keybd_event 77D66365 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\ctfmon.exe[1132] SHELL32.dll!Shell_NotifyIconW 7CA47CE1 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\Explorer.EXE[1156] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1156] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 2F, 5F ]
.text C:\WINDOWS\Explorer.EXE[1156] ntdll.dll!NtOpenProcess 7C91DD7B 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1156] ntdll.dll!NtOpenProcess + 4 7C91DD7F 2 Bytes [ 32, 5F ]
.text C:\WINDOWS\Explorer.EXE[1156] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1156] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 35, 5F ]
.text C:\WINDOWS\Explorer.EXE[1156] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1156] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\Explorer.EXE[1156] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1156] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\Explorer.EXE[1156] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 47, 84 ]
.text C:\WINDOWS\Explorer.EXE[1156] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Explorer.EXE[1156] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\Explorer.EXE[1156] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1156] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\Explorer.EXE[1156] USER32.dll!PostMessageW 77D18CA3 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\Explorer.EXE[1156] USER32.dll!SendMessageW 77D1B762 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\Explorer.EXE[1156] USER32.dll!SendInput 77D1C454 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1156] USER32.dll!SendInput + 4 77D1C458 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\Explorer.EXE[1156] USER32.dll!PostMessageA 77D1DB62 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\Explorer.EXE[1156] USER32.dll!SendMessageA 77D1E2AE 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\Explorer.EXE[1156] USER32.dll!mouse_event 77D66321 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Explorer.EXE[1156] USER32.dll!keybd_event 77D66365 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\Explorer.EXE[1156] SHELL32.dll!Shell_NotifyIconW 7CA47CE1 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\Explorer.EXE[1156] WS2_32.dll!connect 71A1406A 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Explorer.EXE[1156] WS2_32.dll!listen 71A188D3 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[1444] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[1444] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 29, 5F ]
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[1444] ntdll.dll!NtOpenProcess 7C91DD7B 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[1444] ntdll.dll!NtOpenProcess + 4 7C91DD7F 2 Bytes [ 2C, 5F ]
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[1444] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[1444] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 2F, 5F ]
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[1444] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[1444] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 26, 5F ]
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[1444] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[1444] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 23, 5F ]
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[1444] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 7E, 84 ]
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[1444] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F070F5A
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[1444] USER32.dll!PostMessageW 77D18CA3 6 Bytes JMP 5F340F5A
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[1444] USER32.dll!SendMessageW 77D1B762 6 Bytes JMP 5F310F5A
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[1444] USER32.dll!SendInput 77D1C454 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[1444] USER32.dll!SendInput + 4 77D1C458 2 Bytes [ 11, 5F ]
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[1444] USER32.dll!PostMessageA 77D1DB62 6 Bytes JMP 5F160F5A
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[1444] USER32.dll!SendMessageA 77D1E2AE 6 Bytes JMP 5F130F5A
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[1444] USER32.dll!mouse_event 77D66321 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[1444] USER32.dll!keybd_event 77D66365 6 Bytes JMP 5F0D0F5A
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[1444] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F190F5A
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[1444] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[1444] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1D, 5F ]
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[1444] shell32.dll!Shell_NotifyIconW 7CA47CE1 6 Bytes JMP 5F1F0F5A
.text D:\Dokumente und Einstellungen\graf\Desktop\Progs\TriLine\TrISDNLine\trisdnline.exe[1488] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text D:\Dokumente und Einstellungen\graf\Desktop\Progs\TriLine\TrISDNLine\trisdnline.exe[1488] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 37, 5F ]
.text D:\Dokumente und Einstellungen\graf\Desktop\Progs\TriLine\TrISDNLine\trisdnline.exe[1488] ntdll.dll!NtOpenProcess 7C91DD7B 3 Bytes [ FF, 25, 1E ]
.text D:\Dokumente und Einstellungen\graf\Desktop\Progs\TriLine\TrISDNLine\trisdnline.exe[1488] ntdll.dll!NtOpenProcess + 4 7C91DD7F 2 Bytes [ 3A, 5F ]
.text D:\Dokumente und Einstellungen\graf\Desktop\Progs\TriLine\TrISDNLine\trisdnline.exe[1488] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text D:\Dokumente und Einstellungen\graf\Desktop\Progs\TriLine\TrISDNLine\trisdnline.exe[1488] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 3D, 5F ]
.text D:\Dokumente und Einstellungen\graf\Desktop\Progs\TriLine\TrISDNLine\trisdnline.exe[1488] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text D:\Dokumente und Einstellungen\graf\Desktop\Progs\TriLine\TrISDNLine\trisdnline.exe[1488] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 34, 5F ]
.text D:\Dokumente und Einstellungen\graf\Desktop\Progs\TriLine\TrISDNLine\trisdnline.exe[1488] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text D:\Dokumente und Einstellungen\graf\Desktop\Progs\TriLine\TrISDNLine\trisdnline.exe[1488] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 31, 5F ]
.text D:\Dokumente und Einstellungen\graf\Desktop\Progs\TriLine\TrISDNLine\trisdnline.exe[1488] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 7E, 84 ]
.text D:\Dokumente und Einstellungen\graf\Desktop\Progs\TriLine\TrISDNLine\trisdnline.exe[1488] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A
.text D:\Dokumente und Einstellungen\graf\Desktop\Progs\TriLine\TrISDNLine\trisdnline.exe[1488] advapi32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F270F5A
.text D:\Dokumente und Einstellungen\graf\Desktop\Progs\TriLine\TrISDNLine\trisdnline.exe[1488] advapi32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ]
.text D:\Dokumente und Einstellungen\graf\Desktop\Progs\TriLine\TrISDNLine\trisdnline.exe[1488] advapi32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 2B, 5F ]
.text D:\Dokumente und Einstellungen\graf\Desktop\Progs\TriLine\TrISDNLine\trisdnline.exe[1488] USER32.dll!PostMessageW 77D18CA3 6 Bytes JMP 5F420F5A
.text D:\Dokumente und Einstellungen\graf\Desktop\Progs\TriLine\TrISDNLine\trisdnline.exe[1488] USER32.dll!SendMessageW 77D1B762 6 Bytes JMP 5F3F0F5A
.text D:\Dokumente und Einstellungen\graf\Desktop\Progs\TriLine\TrISDNLine\trisdnline.exe[1488] USER32.dll!SendInput 77D1C454 3 Bytes [ FF, 25, 1E ]
.text D:\Dokumente und Einstellungen\graf\Desktop\Progs\TriLine\TrISDNLine\trisdnline.exe[1488] USER32.dll!SendInput + 4 77D1C458 2 Bytes [ 1C, 5F ]
.text D:\Dokumente und Einstellungen\graf\Desktop\Progs\TriLine\TrISDNLine\trisdnline.exe[1488] USER32.dll!PostMessageA 77D1DB62 6 Bytes JMP 5F210F5A
.text D:\Dokumente und Einstellungen\graf\Desktop\Progs\TriLine\TrISDNLine\trisdnline.exe[1488] USER32.dll!SendMessageA 77D1E2AE 6 Bytes JMP 5F1E0F5A
.text D:\Dokumente und Einstellungen\graf\Desktop\Progs\TriLine\TrISDNLine\trisdnline.exe[1488] USER32.dll!mouse_event 77D66321 6 Bytes JMP 5F130F5A
.text D:\Dokumente und Einstellungen\graf\Desktop\Progs\TriLine\TrISDNLine\trisdnline.exe[1488] USER32.dll!keybd_event 77D66365 6 Bytes JMP 5F160F5A
.text D:\Dokumente und Einstellungen\graf\Desktop\Progs\TriLine\TrISDNLine\trisdnline.exe[1488] SHELL32.dll!Shell_NotifyIconW 7CA47CE1 6 Bytes JMP 5F2D0F5A
.text D:\Dokumente und Einstellungen\graf\Desktop\Progs\TriLine\TrISDNLine\trisdnline.exe[1488] WS2_32.dll!connect 71A1406A 6 Bytes JMP 5F0A0F5A
.text D:\Dokumente und Einstellungen\graf\Desktop\Progs\TriLine\TrISDNLine\trisdnline.exe[1488] WS2_32.dll!listen 71A188D3 6 Bytes JMP 5F0D0F5A
.text C:\PROGRA~1\T-Online\ISDNSP~1\tomcat.exe[1788] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\T-Online\ISDNSP~1\tomcat.exe[1788] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 32, 5F ]
.text C:\PROGRA~1\T-Online\ISDNSP~1\tomcat.exe[1788] ntdll.dll!NtOpenProcess 7C91DD7B 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\T-Online\ISDNSP~1\tomcat.exe[1788] ntdll.dll!NtOpenProcess + 4 7C91DD7F 2 Bytes [ 35, 5F ]
.text C:\PROGRA~1\T-Online\ISDNSP~1\tomcat.exe[1788] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\T-Online\ISDNSP~1\tomcat.exe[1788] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 38, 5F ]
.text C:\PROGRA~1\T-Online\ISDNSP~1\tomcat.exe[1788] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\T-Online\ISDNSP~1\tomcat.exe[1788] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 2F, 5F ]
.text C:\PROGRA~1\T-Online\ISDNSP~1\tomcat.exe[1788] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\T-Online\ISDNSP~1\tomcat.exe[1788] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 2C, 5F ]
.text C:\PROGRA~1\T-Online\ISDNSP~1\tomcat.exe[1788] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, A8, 84 ]
.text C:\PROGRA~1\T-Online\ISDNSP~1\tomcat.exe[1788] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F0D0F5A
.text C:\PROGRA~1\T-Online\ISDNSP~1\tomcat.exe[1788] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F220F5A
.text C:\PROGRA~1\T-Online\ISDNSP~1\tomcat.exe[1788] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\T-Online\ISDNSP~1\tomcat.exe[1788] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 26, 5F ]
.text C:\PROGRA~1\T-Online\ISDNSP~1\tomcat.exe[1788] USER32.dll!PostMessageW 77D18CA3 6 Bytes JMP 5F3D0F5A
.text C:\PROGRA~1\T-Online\ISDNSP~1\tomcat.exe[1788] USER32.dll!SendMessageW 77D1B762 6 Bytes JMP 5F3A0F5A
.text C:\PROGRA~1\T-Online\ISDNSP~1\tomcat.exe[1788] USER32.dll!SendInput 77D1C454 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\T-Online\ISDNSP~1\tomcat.exe[1788] USER32.dll!SendInput + 4 77D1C458 2 Bytes [ 17, 5F ]
.text C:\PROGRA~1\T-Online\ISDNSP~1\tomcat.exe[1788] USER32.dll!PostMessageA 77D1DB62 6 Bytes JMP 5F1C0F5A
.text C:\PROGRA~1\T-Online\ISDNSP~1\tomcat.exe[1788] USER32.dll!SendMessageA 77D1E2AE 6 Bytes JMP 5F190F5A
.text C:\PROGRA~1\T-Online\ISDNSP~1\tomcat.exe[1788] USER32.dll!mouse_event 77D66321 6 Bytes JMP 5F100F5A
.text C:\PROGRA~1\T-Online\ISDNSP~1\tomcat.exe[1788] USER32.dll!keybd_event 77D66365 6 Bytes JMP 5F130F5A
.text C:\PROGRA~1\T-Online\ISDNSP~1\tomcat.exe[1788] SHELL32.dll!Shell_NotifyIconW 7CA47CE1 6 Bytes JMP 5F280F5A
.text C:\PROGRA~1\T-Online\ISDNSP~1\tomcat.exe[1788] WS2_32.dll!connect 71A1406A 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\T-Online\ISDNSP~1\tomcat.exe[1788] WS2_32.dll!listen 71A188D3 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe[1796] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe[1796] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 29, 5F ]
.text C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe[1796] ntdll.dll!NtOpenProcess 7C91DD7B 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe[1796] ntdll.dll!NtOpenProcess + 4 7C91DD7F 2 Bytes [ 2C, 5F ]
.text C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe[1796] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe[1796] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 2F, 5F ]
.text C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe[1796] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe[1796] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 26, 5F ]
.text C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe[1796] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe[1796] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 23, 5F ]
.text C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe[1796] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 41, 84 ]
.text C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe[1796] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F070F5A
.text C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe[1796] USER32.dll!PostMessageW 77D18CA3 6 Bytes JMP 5F340F5A
.text C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe[1796] USER32.dll!SendMessageW 77D1B762 6 Bytes JMP 5F310F5A
.text C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe[1796] USER32.dll!SendInput 77D1C454 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe[1796] USER32.dll!SendInput + 4 77D1C458 2 Bytes [ 11, 5F ]
.text C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe[1796] USER32.dll!PostMessageA 77D1DB62 6 Bytes JMP 5F160F5A
.text C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe[1796] USER32.dll!SendMessageA 77D1E2AE 6 Bytes JMP 5F130F5A
.text C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe[1796] USER32.dll!mouse_event 77D66321 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe[1796] USER32.dll!keybd_event 77D66365 6 Bytes JMP 5F0D0F5A
.text C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe[1796] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F190F5A
.text C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe[1796] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe[1796] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1D, 5F ]
.text C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe[1796] SHELL32.dll!Shell_NotifyIconW 7CA47CE1 6 Bytes JMP 5F1F0F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[2080] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Java\jre6\bin\jusched.exe[2080] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 29, 5F ]
.text C:\Programme\Java\jre6\bin\jusched.exe[2080] ntdll.dll!NtOpenProcess 7C91DD7B 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Java\jre6\bin\jusched.exe[2080] ntdll.dll!NtOpenProcess + 4 7C91DD7F 2 Bytes [ 2C, 5F ]
.text C:\Programme\Java\jre6\bin\jusched.exe[2080] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Java\jre6\bin\jusched.exe[2080] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 2F, 5F ]
.text C:\Programme\Java\jre6\bin\jusched.exe[2080] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Java\jre6\bin\jusched.exe[2080] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 26, 5F ]
.text C:\Programme\Java\jre6\bin\jusched.exe[2080] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Java\jre6\bin\jusched.exe[2080] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 23, 5F ]
.text C:\Programme\Java\jre6\bin\jusched.exe[2080] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, BE, 83 ]
.text C:\Programme\Java\jre6\bin\jusched.exe[2080] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F070F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[2080] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F190F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[2080] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Java\jre6\bin\jusched.exe[2080] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1D, 5F ]
.text C:\Programme\Java\jre6\bin\jusched.exe[2080] USER32.dll!PostMessageW 77D18CA3 6 Bytes JMP 5F340F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[2080] USER32.dll!SendMessageW 77D1B762 6 Bytes JMP 5F310F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[2080] USER32.dll!SendInput 77D1C454 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Java\jre6\bin\jusched.exe[2080] USER32.dll!SendInput + 4 77D1C458 2 Bytes [ 11, 5F ]
.text C:\Programme\Java\jre6\bin\jusched.exe[2080] USER32.dll!PostMessageA 77D1DB62 6 Bytes JMP 5F160F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[2080] USER32.dll!SendMessageA 77D1E2AE 6 Bytes JMP 5F130F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[2080] USER32.dll!mouse_event 77D66321 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[2080] USER32.dll!keybd_event 77D66365 6 Bytes JMP 5F0D0F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[2080] SHELL32.dll!Shell_NotifyIconW 7CA47CE1 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe[2104] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe[2104] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 31, 5F ]
.text C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe[2104] ntdll.dll!NtOpenProcess 7C91DD7B 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe[2104] ntdll.dll!NtOpenProcess + 4 7C91DD7F 2 Bytes [ 34, 5F ]
.text C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe[2104] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe[2104] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 37, 5F ]
.text C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe[2104] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe[2104] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 2E, 5F ]
.text C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe[2104] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe[2104] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 2B, 5F ]
.text C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe[2104] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 79, 84 ]
.text C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe[2104] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe[2104] WS2_32.dll!connect 71A1406A 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe[2104] WS2_32.dll!listen 71A188D3 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe[2104] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F210F5A
.text C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe[2104] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe[2104] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 25, 5F ]
.text C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe[2104] USER32.dll!PostMessageW 77D18CA3 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe[2104] USER32.dll!SendMessageW 77D1B762 6 Bytes JMP 5F390F5A
.text C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe[2104] USER32.dll!SendInput 77D1C454 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe[2104] USER32.dll!SendInput + 4 77D1C458 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe[2104] USER32.dll!PostMessageA 77D1DB62 6 Bytes JMP 5F1E0F5A
.text C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe[2104] USER32.dll!SendMessageA 77D1E2AE 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe[2104] USER32.dll!mouse_event 77D66321 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe[2104] USER32.dll!keybd_event 77D66365 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe[2104] SHELL32.dll!Shell_NotifyIconW 7CA47CE1 6 Bytes JMP 5F270F5A
.text C:\Programme\HP\hpcoretech\hpcmpmgr.exe[2176] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\HP\hpcoretech\hpcmpmgr.exe[2176] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 2F, 5F ]
.text C:\Programme\HP\hpcoretech\hpcmpmgr.exe[2176] ntdll.dll!NtOpenProcess 7C91DD7B 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\HP\hpcoretech\hpcmpmgr.exe[2176] ntdll.dll!NtOpenProcess + 4 7C91DD7F 2 Bytes [ 32, 5F ]
.text C:\Programme\HP\hpcoretech\hpcmpmgr.exe[2176] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\HP\hpcoretech\hpcmpmgr.exe[2176] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 35, 5F ]
.text C:\Programme\HP\hpcoretech\hpcmpmgr.exe[2176] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\HP\hpcoretech\hpcmpmgr.exe[2176] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 2C, 5F ]
.text C:\Programme\HP\hpcoretech\hpcmpmgr.exe[2176] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\HP\hpcoretech\hpcmpmgr.exe[2176] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 29, 5F ]
.text C:\Programme\HP\hpcoretech\hpcmpmgr.exe[2176] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 87, 84 ]
.text C:\Programme\HP\hpcoretech\hpcmpmgr.exe[2176] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F0D0F5A
.text C:\Programme\HP\hpcoretech\hpcmpmgr.exe[2176] USER32.dll!PostMessageW 77D18CA3 6 Bytes JMP 5F3A0F5A
.text C:\Programme\HP\hpcoretech\hpcmpmgr.exe[2176] USER32.dll!SendMessageW 77D1B762 6 Bytes JMP 5F370F5A
.text C:\Programme\HP\hpcoretech\hpcmpmgr.exe[2176] USER32.dll!SendInput 77D1C454 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\HP\hpcoretech\hpcmpmgr.exe[2176] USER32.dll!SendInput + 4 77D1C458 2 Bytes [ 17, 5F ]
.text C:\Programme\HP\hpcoretech\hpcmpmgr.exe[2176] USER32.dll!PostMessageA 77D1DB62 6 Bytes JMP 5F1C0F5A
.text C:\Programme\HP\hpcoretech\hpcmpmgr.exe[2176] USER32.dll!SendMessageA 77D1E2AE 6 Bytes JMP 5F190F5A
.text C:\Programme\HP\hpcoretech\hpcmpmgr.exe[2176] USER32.dll!mouse_event 77D66321 6 Bytes JMP 5F100F5A
.text C:\Programme\HP\hpcoretech\hpcmpmgr.exe[2176] USER32.dll!keybd_event 77D66365 6 Bytes JMP 5F130F5A
.text C:\Programme\HP\hpcoretech\hpcmpmgr.exe[2176] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F1F0F5A
.text C:\Programme\HP\hpcoretech\hpcmpmgr.exe[2176] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\HP\hpcoretech\hpcmpmgr.exe[2176] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 23, 5F ]
.text C:\Programme\HP\hpcoretech\hpcmpmgr.exe[2176] SHELL32.dll!Shell_NotifyIconW 7CA47CE1 6 Bytes JMP 5F250F5A
.text C:\Programme\HP\hpcoretech\hpcmpmgr.exe[2176] ws2_32.dll!connect 71A1406A 6 Bytes JMP 5F070F5A
.text C:\Programme\HP\hpcoretech\hpcmpmgr.exe[2176] ws2_32.dll!listen 71A188D3 6 Bytes JMP 5F0A0F5A
.text C:\Programme\FreePDF_XP\fpassist.exe[2188] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\FreePDF_XP\fpassist.exe[2188] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 29, 5F ]
.text C:\Programme\FreePDF_XP\fpassist.exe[2188] ntdll.dll!NtOpenProcess 7C91DD7B 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\FreePDF_XP\fpassist.exe[2188] ntdll.dll!NtOpenProcess + 4 7C91DD7F 2 Bytes [ 2C, 5F ]
.text C:\Programme\FreePDF_XP\fpassist.exe[2188] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\FreePDF_XP\fpassist.exe[2188] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 2F, 5F ]
.text C:\Programme\FreePDF_XP\fpassist.exe[2188] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\FreePDF_XP\fpassist.exe[2188] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 26, 5F ]
.text C:\Programme\FreePDF_XP\fpassist.exe[2188] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\FreePDF_XP\fpassist.exe[2188] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 23, 5F ]
.text C:\Programme\FreePDF_XP\fpassist.exe[2188] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 93, 84 ]
.text C:\Programme\FreePDF_XP\fpassist.exe[2188] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F070F5A
.text C:\Programme\FreePDF_XP\fpassist.exe[2188] USER32.dll!PostMessageW 77D18CA3 6 Bytes JMP 5F340F5A
.text C:\Programme\FreePDF_XP\fpassist.exe[2188] USER32.dll!SendMessageW 77D1B762 6 Bytes JMP 5F310F5A
.text C:\Programme\FreePDF_XP\fpassist.exe[2188] USER32.dll!SendInput 77D1C454 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\FreePDF_XP\fpassist.exe[2188] USER32.dll!SendInput + 4 77D1C458 2 Bytes [ 11, 5F ]
.text C:\Programme\FreePDF_XP\fpassist.exe[2188] USER32.dll!PostMessageA 77D1DB62 6 Bytes JMP 5F160F5A
.text C:\Programme\FreePDF_XP\fpassist.exe[2188] USER32.dll!SendMessageA 77D1E2AE 6 Bytes JMP 5F130F5A
.text C:\Programme\FreePDF_XP\fpassist.exe[2188] USER32.dll!mouse_event 77D66321 6 Bytes JMP 5F0A0F5A
.text C:\Programme\FreePDF_XP\fpassist.exe[2188] USER32.dll!keybd_event 77D66365 6 Bytes JMP 5F0D0F5A
.text C:\Programme\FreePDF_XP\fpassist.exe[2188] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F190F5A
.text C:\Programme\FreePDF_XP\fpassist.exe[2188] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\FreePDF_XP\fpassist.exe[2188] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1D, 5F ]
.text C:\Programme\FreePDF_XP\fpassist.exe[2188] shell32.dll!Shell_NotifyIconW 7CA47CE1 6 Bytes JMP 5F1F0F5A
.text C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2212] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2212] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 29, 5F ]
.text C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2212] ntdll.dll!NtOpenProcess 7C91DD7B 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2212] ntdll.dll!NtOpenProcess + 4 7C91DD7F 2 Bytes [ 2C, 5F ]
.text C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2212] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2212] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 2F, 5F ]
.text C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2212] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2212] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 26, 5F ]
.text C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2212] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2212] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 23, 5F ]
.text C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2212] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 8D, 84 ]
.text C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2212] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F070F5A
.text C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2212] USER32.dll!PostMessageW 77D18CA3 6 Bytes JMP 5F340F5A
.text C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2212] USER32.dll!SendMessageW 77D1B762 6 Bytes JMP 5F310F5A
.text C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2212] USER32.dll!SendInput 77D1C454 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2212] USER32.dll!SendInput + 4 77D1C458 2 Bytes [ 11, 5F ]
.text C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2212] USER32.dll!PostMessageA 77D1DB62 6 Bytes JMP 5F160F5A
.text C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2212] USER32.dll!SendMessageA 77D1E2AE 6 Bytes JMP 5F130F5A
.text C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2212] USER32.dll!mouse_event 77D66321 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2212] USER32.dll!keybd_event 77D66365 6 Bytes JMP 5F0D0F5A
.text C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2212] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F190F5A
.text C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2212] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2212] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1D, 5F ]
.text C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2212] SHELL32.dll!Shell_NotifyIconW 7CA47CE1 6 Bytes JMP 5F1F0F5A
.text J:\Programme\a-squared Anti-Dialer\a2adguard.exe[2268] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text J:\Programme\a-squared Anti-Dialer\a2adguard.exe[2268] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 2F, 5F ]
.text J:\Programme\a-squared Anti-Dialer\a2adguard.exe[2268] ntdll.dll!NtOpenProcess 7C91DD7B 3 Bytes [ FF, 25, 1E ]
.text J:\Programme\a-squared Anti-Dialer\a2adguard.exe[2268] ntdll.dll!NtOpenProcess + 4 7C91DD7F 2 Bytes [ 32, 5F ]
.text J:\Programme\a-squared Anti-Dialer\a2adguard.exe[2268] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text J:\Programme\a-squared Anti-Dialer\a2adguard.exe[2268] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 35, 5F ]
.text J:\Programme\a-squared Anti-Dialer\a2adguard.exe[2268] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text J:\Programme\a-squared Anti-Dialer\a2adguard.exe[2268] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 2C, 5F ]
.text J:\Programme\a-squared Anti-Dialer\a2adguard.exe[2268] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text J:\Programme\a-squared Anti-Dialer\a2adguard.exe[2268] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 29, 5F ]
.text J:\Programme\a-squared Anti-Dialer\a2adguard.exe[2268] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, DC, 85 ]
.text J:\Programme\a-squared Anti-Dialer\a2adguard.exe[2268] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F0D0F5A
.text J:\Programme\a-squared Anti-Dialer\a2adguard.exe[2268] kernel32.dll!CreateThread + 1A 7C810849 4 Bytes [ F3, F4, C3, 83 ]
.text J:\Programme\a-squared Anti-Dialer\a2adguard.exe[2268] USER32.dll!PostMessageW 77D18CA3 6 Bytes JMP 5F3A0F5A
.text J:\Programme\a-squared Anti-Dialer\a2adguard.exe[2268] USER32.dll!SendMessageW 77D1B762 6 Bytes JMP 5F370F5A
.text J:\Programme\a-squared Anti-Dialer\a2adguard.exe[2268] USER32.dll!SendInput 77D1C454 3 Bytes [ FF, 25, 1E ]
.text J:\Programme\a-squared Anti-Dialer\a2adguard.exe[2268] USER32.dll!SendInput + 4 77D1C458 2 Bytes [ 17, 5F ]
.text J:\Programme\a-squared Anti-Dialer\a2adguard.exe[2268] USER32.dll!PostMessageA 77D1DB62 6 Bytes JMP 5F1C0F5A
.text J:\Programme\a-squared Anti-Dialer\a2adguard.exe[2268] USER32.dll!SendMessageA 77D1E2AE 6 Bytes JMP 5F190F5A
.text J:\Programme\a-squared Anti-Dialer\a2adguard.exe[2268] USER32.dll!mouse_event 77D66321 6 Bytes JMP 5F100F5A
.text J:\Programme\a-squared Anti-Dialer\a2adguard.exe[2268] USER32.dll!keybd_event 77D66365 6 Bytes JMP 5F130F5A
.text J:\Programme\a-squared Anti-Dialer\a2adguard.exe[2268] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F1F0F5A
.text J:\Programme\a-squared Anti-Dialer\a2adguard.exe[2268] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ]
.text J:\Programme\a-squared Anti-Dialer\a2adguard.exe[2268] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 23, 5F ]
.text J:\Programme\a-squared Anti-Dialer\a2adguard.exe[2268] WS2_32.dll!connect 71A1406A 6 Bytes JMP 5F070F5A
.text J:\Programme\a-squared Anti-Dialer\a2adguard.exe[2268] WS2_32.dll!listen 71A188D3 6 Bytes JMP 5F0A0F5A
.text J:\Programme\a-squared Anti-Dialer\a2adguard.exe[2268] shell32.dll!Shell_NotifyIconW 7CA47CE1 6 Bytes JMP 5F250F5A
.text J:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2336] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text J:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2336] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 29, 5F ]
.text J:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2336] ntdll.dll!NtOpenProcess 7C91DD7B 3 Bytes [ FF, 25, 1E ]
.text J:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2336] ntdll.dll!NtOpenProcess + 4 7C91DD7F 2 Bytes [ 2C, 5F ]
.text J:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2336] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text J:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2336] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 2F, 5F ]
.text J:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2336] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text J:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2336] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 26, 5F ]
.text J:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2336] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text J:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2336] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 23, 5F ]
.text J:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2336] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 3B, 84 ]
.text J:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2336] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F070F5A
.text J:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2336] USER32.dll!PostMessageW 77D18CA3 6 Bytes JMP 5F340F5A
.text J:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2336] USER32.dll!SendMessageW 77D1B762 6 Bytes JMP 5F310F5A
.text J:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2336] USER32.dll!SendInput 77D1C454 3 Bytes [ FF, 25, 1E ]
.text J:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2336] USER32.dll!SendInput + 4 77D1C458 2 Bytes [ 11, 5F ]
.text J:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2336] USER32.dll!PostMessageA 77D1DB62 6 Bytes JMP 5F160F5A
.text J:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2336] USER32.dll!SendMessageA 77D1E2AE 6 Bytes JMP 5F130F5A
.text J:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2336] USER32.dll!mouse_event 77D66321 6 Bytes JMP 5F0A0F5A
.text J:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2336] USER32.dll!keybd_event 77D66365 6 Bytes JMP 5F0D0F5A
.text J:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2336] SHELL32.dll!Shell_NotifyIconW 7CA47CE1 6 Bytes JMP 5F1F0F5A
.text J:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2336] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F190F5A
.text J:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2336] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ]
.text J:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2336] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1D, 5F ]
.text J:\Programme\Fritz!\IWatch.exe[2404] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text J:\Programme\Fritz!\IWatch.exe[2404] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 29, 5F ]
.text J:\Programme\Fritz!\IWatch.exe[2404] ntdll.dll!NtOpenProcess 7C91DD7B 3 Bytes [ FF, 25, 1E ]
.text J:\Programme\Fritz!\IWatch.exe[2404] ntdll.dll!NtOpenProcess + 4 7C91DD7F 2 Bytes [ 2C, 5F ]
.text J:\Programme\Fritz!\IWatch.exe[2404] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text J:\Programme\Fritz!\IWatch.exe[2404] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 2F, 5F ]
.text J:\Programme\Fritz!\IWatch.exe[2404] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text J:\Programme\Fritz!\IWatch.exe[2404] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 26, 5F ]
.text J:\Programme\Fritz!\IWatch.exe[2404] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text J:\Programme\Fritz!\IWatch.exe[2404] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 23, 5F ]
.text J:\Programme\Fritz!\IWatch.exe[2404] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 2F, 84 ]
.text J:\Programme\Fritz!\IWatch.exe[2404] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F070F5A
.text J:\Programme\Fritz!\IWatch.exe[2404] USER32.dll!PostMessageW 77D18CA3 6 Bytes JMP 5F340F5A
.text J:\Programme\Fritz!\IWatch.exe[2404] USER32.dll!SendMessageW 77D1B762 6 Bytes JMP 5F310F5A
.text J:\Programme\Fritz!\IWatch.exe[2404] USER32.dll!SendInput 77D1C454 3 Bytes [ FF, 25, 1E ]
.text J:\Programme\Fritz!\IWatch.exe[2404] USER32.dll!SendInput + 4 77D1C458 2 Bytes [ 11, 5F ]
.text J:\Programme\Fritz!\IWatch.exe[2404] USER32.dll!PostMessageA 77D1DB62 6 Bytes JMP 5F160F5A
.text J:\Programme\Fritz!\IWatch.exe[2404] USER32.dll!SendMessageA 77D1E2AE 6 Bytes JMP 5F130F5A
.text J:\Programme\Fritz!\IWatch.exe[2404] USER32.dll!mouse_event 77D66321 6 Bytes JMP 5F0A0F5A
.text J:\Programme\Fritz!\IWatch.exe[2404] USER32.dll!keybd_event 77D66365 6 Bytes JMP 5F0D0F5A
.text J:\Programme\Fritz!\IWatch.exe[2404] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F190F5A
.text J:\Programme\Fritz!\IWatch.exe[2404] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ]
.text J:\Programme\Fritz!\IWatch.exe[2404] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1D, 5F ]
.text J:\Programme\Fritz!\IWatch.exe[2404] SHELL32.dll!Shell_NotifyIconW 7CA47CE1 6 Bytes JMP 5F1F0F5A
.text C:\Programme\HP\hpcoretech\comp\hptskmgr.exe[2440] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\HP\hpcoretech\comp\hptskmgr.exe[2440] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 2F, 5F ]
.text C:\Programme\HP\hpcoretech\comp\hptskmgr.exe[2440] ntdll.dll!NtOpenProcess 7C91DD7B 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\HP\hpcoretech\comp\hptskmgr.exe[2440] ntdll.dll!NtOpenProcess + 4 7C91DD7F 2 Bytes [ 32, 5F ]
.text C:\Programme\HP\hpcoretech\comp\hptskmgr.exe[2440] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\HP\hpcoretech\comp\hptskmgr.exe[2440] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 35, 5F ]
.text C:\Programme\HP\hpcoretech\comp\hptskmgr.exe[2440] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\HP\hpcoretech\comp\hptskmgr.exe[2440] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 2C, 5F ]
.text C:\Programme\HP\hpcoretech\comp\hptskmgr.exe[2440] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\HP\hpcoretech\comp\hptskmgr.exe[2440] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 29, 5F ]
.text C:\Programme\HP\hpcoretech\comp\hptskmgr.exe[2440] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 47, 85 ]
.text C:\Programme\HP\hpcoretech\comp\hptskmgr.exe[2440] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F0D0F5A
.text C:\Programme\HP\hpcoretech\comp\hptskmgr.exe[2440] USER32.dll!PostMessageW 77D18CA3 6 Bytes JMP 5F3A0F5A
.text C:\Programme\HP\hpcoretech\comp\hptskmgr.exe[2440] USER32.dll!SendMessageW 77D1B762 6 Bytes JMP 5F370F5A
.text C:\Programme\HP\hpcoretech\comp\hptskmgr.exe[2440] USER32.dll!SendInput 77D1C454 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\HP\hpcoretech\comp\hptskmgr.exe[2440] USER32.dll!SendInput + 4 77D1C458 2 Bytes [ 17, 5F ]
.text C:\Programme\HP\hpcoretech\comp\hptskmgr.exe[2440] USER32.dll!PostMessageA 77D1DB62 6 Bytes JMP 5F1C0F5A
.text C:\Programme\HP\hpcoretech\comp\hptskmgr.exe[2440] USER32.dll!SendMessageA 77D1E2AE 6 Bytes JMP 5F190F5A
.text C:\Programme\HP\hpcoretech\comp\hptskmgr.exe[2440] USER32.dll!mouse_event 77D66321 6 Bytes JMP 5F100F5A
.text C:\Programme\HP\hpcoretech\comp\hptskmgr.exe[2440] USER32.dll!keybd_event 77D66365 6 Bytes JMP 5F130F5A
.text C:\Programme\HP\hpcoretech\comp\hptskmgr.exe[2440] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F1F0F5A
.text C:\Programme\HP\hpcoretech\comp\hptskmgr.exe[2440] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\HP\hpcoretech\comp\hptskmgr.exe[2440] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 23, 5F ]
.text C:\Programme\HP\hpcoretech\comp\hptskmgr.exe[2440] SHELL32.dll!Shell_NotifyIconW 7CA47CE1 6 Bytes JMP 5F250F5A
.text C:\Programme\HP\hpcoretech\comp\hptskmgr.exe[2440] ws2_32.dll!connect 71A1406A 6 Bytes JMP 5F070F5A
.text C:\Programme\HP\hpcoretech\comp\hptskmgr.exe[2440] ws2_32.dll!listen 71A188D3 6 Bytes JMP 5F0A0F5A
.text C:\Dokumente und Einstellungen\Graf\Desktop\Sicherheit\gmer.exe[2836] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Dokumente und Einstellungen\Graf\Desktop\Sicherheit\gmer.exe[2836] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 26, 5F ]
.text C:\Dokumente und Einstellungen\Graf\Desktop\Sicherheit\gmer.exe[2836] ntdll.dll!NtOpenProcess 7C91DD7B 3 Bytes [ FF, 25, 1E ]
.text C:\Dokumente und Einstellungen\Graf\Desktop\Sicherheit\gmer.exe[2836] ntdll.dll!NtOpenProcess + 4 7C91DD7F 2 Bytes [ 29, 5F ]
.text C:\Dokumente und Einstellungen\Graf\Desktop\Sicherheit\gmer.exe[2836] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Dokumente und Einstellungen\Graf\Desktop\Sicherheit\gmer.exe[2836] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 2C, 5F ]
.text C:\Dokumente und Einstellungen\Graf\Desktop\Sicherheit\gmer.exe[2836] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Dokumente und Einstellungen\Graf\Desktop\Sicherheit\gmer.exe[2836] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 23, 5F ]
.text C:\Dokumente und Einstellungen\Graf\Desktop\Sicherheit\gmer.exe[2836] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Dokumente und Einstellungen\Graf\Desktop\Sicherheit\gmer.exe[2836] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 20, 5F ]
.text C:\Dokumente und Einstellungen\Graf\Desktop\Sicherheit\gmer.exe[2836] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, B9, 83 ]
.text C:\Dokumente und Einstellungen\Graf\Desktop\Sicherheit\gmer.exe[2836] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F070F5A
.text C:\Dokumente und Einstellungen\Graf\Desktop\Sicherheit\gmer.exe[2836] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, EF, F4 ]
.text C:\Dokumente und Einstellungen\Graf\Desktop\Sicherheit\gmer.exe[2836] USER32.dll!PostMessageW 77D18CA3 6 Bytes JMP 5F310F5A
.text C:\Dokumente und Einstellungen\Graf\Desktop\Sicherheit\gmer.exe[2836] USER32.dll!SendMessageW 77D1B762 6 Bytes JMP 5F2E0F5A
.text C:\Dokumente und Einstellungen\Graf\Desktop\Sicherheit\gmer.exe[2836] USER32.dll!SendInput 77D1C454 3 Bytes [ FF, 25, 1E ]
.text C:\Dokumente und Einstellungen\Graf\Desktop\Sicherheit\gmer.exe[2836] USER32.dll!SendInput + 4 77D1C458 2 Bytes [ 11, 5F ]
.text C:\Dokumente und Einstellungen\Graf\Desktop\Sicherheit\gmer.exe[2836] USER32.dll!PostMessageA 77D1DB62 6 Bytes JMP 5F160F5A
.text C:\Dokumente und Einstellungen\Graf\Desktop\Sicherheit\gmer.exe[2836] USER32.dll!SendMessageA 77D1E2AE 6 Bytes JMP 5F130F5A
.text C:\Dokumente und Einstellungen\Graf\Desktop\Sicherheit\gmer.exe[2836] USER32.dll!mouse_event 77D66321 6 Bytes JMP 5F0A0F5A
.text C:\Dokumente und Einstellungen\Graf\Desktop\Sicherheit\gmer.exe[2836] USER32.dll!keybd_event 77D66365 6 Bytes JMP 5F0D0F5A
.text C:\Dokumente und Einstellungen\Graf\Desktop\Sicherheit\gmer.exe[2836] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F190F5A
.text C:\Dokumente und Einstellungen\Graf\Desktop\Sicherheit\gmer.exe[2836] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ]
.text C:\Dokumente und Einstellungen\Graf\Desktop\Sicherheit\gmer.exe[2836] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1D, 5F ]
.text J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe[3172] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ]
.text J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe[3172] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 2F, 5F ]
.text J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe[3172] ntdll.dll!NtOpenProcess 7C91DD7B 3 Bytes [ FF, 25, 1E ]
.text J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe[3172] ntdll.dll!NtOpenProcess + 4 7C91DD7F 2 Bytes [ 32, 5F ]
.text J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe[3172] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ]
.text J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe[3172] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 35, 5F ]
.text J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe[3172] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ]
.text J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe[3172] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 2C, 5F ]
.text J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe[3172] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ]
.text J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe[3172] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 29, 5F ]
.text J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe[3172] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, B6, 84 ]
.text J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe[3172] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F0D0F5A
.text J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe[3172] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, EF, F4 ]
.text J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe[3172] USER32.dll!PostMessageW 77D18CA3 6 Bytes JMP 5F3A0F5A
.text J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe[3172] USER32.dll!GetSysColor 77D18E50 5 Bytes JMP 100274C2 J:\Programme\GMX\GMX SmartSurfer\SkinMagic.dll (SkinMagic Toolkit/Appspeed Inc.)
.text J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe[3172] USER32.dll!GetSysColorBrush 77D18E83 5 Bytes JMP 10027501 J:\Programme\GMX\GMX SmartSurfer\SkinMagic.dll (SkinMagic Toolkit/Appspeed Inc.)
.text J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe[3172] USER32.dll!SetScrollInfo 77D1902C 7 Bytes JMP 10027456 J:\Programme\GMX\GMX SmartSurfer\SkinMagic.dll (SkinMagic Toolkit/Appspeed Inc.)
.text J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe[3172] USER32.dll!SendMessageW 77D1B762 6 Bytes JMP 5F370F5A
.text J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe[3172] USER32.dll!SendInput 77D1C454 3 Bytes [ FF, 25, 1E ]
.text J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe[3172] USER32.dll!SendInput + 4 77D1C458 2 Bytes [ 17, 5F ]
.text J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe[3172] USER32.dll!PostMessageA 77D1DB62 6 Bytes JMP 5F1C0F5A
.text J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe[3172] USER32.dll!SendMessageA 77D1E2AE 6 Bytes JMP 5F190F5A
.text J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe[3172] USER32.dll!GetScrollPos 77D1F66F 5 Bytes JMP 10027420 J:\Programme\GMX\GMX SmartSurfer\SkinMagic.dll (SkinMagic Toolkit/Appspeed Inc.)
.text J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe[3172] USER32.dll!SetScrollRange 77D1F6BB 5 Bytes JMP 1002748C J:\Programme\GMX\GMX SmartSurfer\SkinMagic.dll (SkinMagic Toolkit/Appspeed Inc.)
.text J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe[3172] USER32.dll!SetScrollPos 77D1F780 5 Bytes JMP 10027471 J:\Programme\GMX\GMX SmartSurfer\SkinMagic.dll (SkinMagic Toolkit/Appspeed Inc.)
.text J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe[3172] USER32.dll!GetScrollRange 77D1F7B7 5 Bytes JMP 1002743B J:\Programme\GMX\GMX SmartSurfer\SkinMagic.dll (SkinMagic Toolkit/Appspeed Inc.)
.text J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe[3172] USER32.dll!ShowScrollBar 77D20142 5 Bytes JMP 100274A7 J:\Programme\GMX\GMX SmartSurfer\SkinMagic.dll (SkinMagic Toolkit/Appspeed Inc.)
.text J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe[3172] USER32.dll!GetScrollInfo 77D23A2F 7 Bytes JMP 10027405 J:\Programme\GMX\GMX SmartSurfer\SkinMagic.dll (SkinMagic Toolkit/Appspeed Inc.)
.text J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe[3172] USER32.dll!mouse_event 77D66321 6 Bytes JMP 5F100F5A
.text J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe[3172] USER32.dll!keybd_event 77D66365 6 Bytes JMP 5F130F5A
.text J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe[3172] USER32.dll!EnableScrollBar 77D67BAD 7 Bytes JMP 100273EA J:\Programme\GMX\GMX SmartSurfer\SkinMagic.dll (SkinMagic Toolkit/Appspeed Inc.)
.text J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe[3172] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F1F0F5A
.text J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe[3172] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ]
.text J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe[3172] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 23, 5F ]
.text J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe[3172] SHELL32.dll!Shell_NotifyIconW 7CA47CE1 6 Bytes JMP 5F250F5A
.text J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe[3172] WS2_32.dll!connect 71A1406A 6 Bytes JMP 5F070F5A
.text J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe[3172] WS2_32.dll!listen 71A188D3 6 Bytes JMP 5F0A0F5A

---- EOF - GMER 1.0.14 ----

mbam totalscan zeigte keine Infizierungungen, dafür aber Dr.Web.

Herzlichen Dank für die Hilfe
Seitenanfang Seitenende
31.03.2009, 17:19
Swisstreasure
Moderator

Beiträge: 5694
#2 Scheintsich um eine VIRUT Infektion zu handeln, oder hattest eine solche drauf.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{103L3C30-C3B3-4130-9363-E59E1375PERM}]
c:\windows\Fonts\wmsncs.exe

>>
Lasse folgende Datei bei www.VIRUSTOTAL.com/de prüfen und poste das Ergebnis:

c:\windows\Fonts\wmsncs.exe

Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> hier kopieren

>>
http://virus-protect.org/artikel/tools/sdfix.html
lade sdfix , im normalmodus anwenden
RunThis.bat doppelt klicken
schreibe : A
es wird ein report erstellt - poste diesen

>>
Lade Dir Registry Search by Bobbi Flekman

und doppelklicken, um zu starten.
in das Feld: "Enter search strings" (reinschreiben oder reinkopieren)

103L3C30-C3B3-4130-9363-E59E1375PERM

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.


>>
Stelle Dein Avira Antivir so ein wie hier beschrieben. Zusätzlich Rootkitsuche anwählen. UPDATE dein Antivir und scanne all deine Festplatten, funde in Quarantäne verschieben lassen. Poste das Log.
(Nach dem scanen, Einstellungen wieder zurücksetzen)
http://board.protecus.de/t23979.htm

Gruss Swiss
Seitenanfang Seitenende
31.03.2009, 18:23
allesroger
Member

Themenstarter

Beiträge: 19
#3

Zitat

Tonstudio postete
Scheintsich um eine VIRUT Infektion zu handeln, oder hattest eine solche drauf.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{103L3C30-C3B3-4130-9363-E59E1375PERM}]
c:\windows\Fonts\wmsncs.exe

>>Hatte ich schon mal. Ist aber nicht mehr da.
Lasse folgende Datei bei www.VIRUSTOTAL.com/de prüfen und poste das Ergebnis:

c:\windows\Fonts\wmsncs.exe

Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> hier kopieren

>>kann hier mit copy und paste nichts eingeben.
http://virus-protect.org/artikel/tools/sdfix.html
lade sdfix , im normalmodus anwenden
RunThis.bat doppelt klicken
schreibe : A
es wird ein report erstellt - poste diesen

>>Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 31.03.2009 18:07:00 for strings:
; '103l3c30-c3b3-4130-9363-e59e1375perm'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_USERS\.DEFAULT\Software\Microsoft\Active Setup\Installed Components\{103L3C30-C3B3-4130-9363-E59E1375PERM}]

[HKEY_USERS\S-1-5-21-484763869-1965331169-725345543-1003\Software\Microsoft\Active Setup\Installed Components\{103L3C30-C3B3-4130-9363-E59E1375PERM}]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Active Setup\Installed Components\{103L3C30-C3B3-4130-9363-E59E1375PERM}]

; End Of The Log...
Lade Dir Registry Search by Bobbi Flekman

und doppelklicken, um zu starten.
in das Feld: "Enter search strings" (reinschreiben oder reinkopieren)

103L3C30-C3B3-4130-9363-E59E1375PERM

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.


>>
System Report
*************

Run on 31.03.2009 at 18:10

Microsoft Windows XP [Version 5.1.2600]

Current user is an administrator

Running Processes:

\SystemRoot\System32\smss.exe [336]
\??\C:\WINDOWS\system32\csrss.exe [392]
\??\C:\WINDOWS\system32\winlogon.exe [416]
C:\WINDOWS\system32\services.exe [460]
C:\WINDOWS\system32\lsass.exe [472]
C:\WINDOWS\system32\svchost.exe [620]
C:\WINDOWS\system32\svchost.exe [680]
C:\WINDOWS\System32\svchost.exe [720]
C:\WINDOWS\System32\svchost.exe [764]
C:\WINDOWS\system32\svchost.exe [812]
J:\Programme\Lavasoft\Ad-Aware\aawservice.exe [1024]
C:\WINDOWS\Explorer.EXE [1028]
C:\WINDOWS\system32\spoolsv.exe [1156]
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe [1204]
J:\Programme\a-squared Anti-Dialer\a2service.exe [1392]
J:\Programme\a-squared Anti-Malware\a2service.exe [1428]
C:\Programme\Java\jre6\bin\jqs.exe [1508]
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe [1556]
C:\WINDOWS\System32\nvsvc32.exe [1628]
C:\WINDOWS\system32\IoctlSvc.exe [1656]
J:\Programme\GMX\GMX SmartSurfer\SmurfService.exe [1760]
C:\WINDOWS\System32\svchost.exe [1884]
C:\WINDOWS\system32\wdfmgr.exe [1900]
C:\Programme\Canon\CAL\CALMAIN.exe [208]
C:\WINDOWS\System32\alg.exe [576]
C:\PROGRA~1\T-Online\ISDNSP~1\tomcat.exe [1492]
C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe [1564]
D:\Dokumente und Einstellungen\graf\Desktop\Progs\TriLine\TrISDNLine\trisdnline.exe [1716]
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [1896]
C:\Programme\Java\jre6\bin\jusched.exe [1876]
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe [2060]
C:\Programme\HP\hpcoretech\hpcmpmgr.exe [2120]
C:\Programme\FreePDF_XP\fpassist.exe [2128]
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2140]
J:\Programme\a-squared Anti-Dialer\a2adguard.exe [2164]
C:\WINDOWS\system32\ctfmon.exe [2212]
C:\WINDOWS\System32\wbem\wmiapsrv.exe [2308]
J:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2336]
J:\Programme\Fritz!\IWatch.exe [2376]
J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe [2408]
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe [3464]
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe [3488]
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE [3520]
C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\Notifier.exe [3604]
J:\PROGRAMME\MOZILLA FIREFOX\FIREFOX.EXE [3836]
C:\Programme\Windows NT\Zubehör\wordpad.exe [2564]


Drivers - Running:

ACPI
AFD
AmdK7
AsyncMac
atapi
audstub
avgio
avgntflt
avipbb
AVMPORT
AVMWAN
Beep
Cdfs
Cdrom
DgiVecp
Disk
dmio
dmload
Fdc
Fips
FltMgr
Ftdisk
FXUSBASE
gameenum
Gpc
hidusb
HTTP
Imapi
IpNat
IPSec
isapnp
Kbdclass
kbdhid
KSecDD
mnmdd
Modem
Mouclass
mouhid
MountMgr
MRxDAV
MRxSmb
Msfs
mssmbios
MTOnlPktAlyX
Mup
NDIS
NdisTapi
Ndisuio
NdisWan
NDProxy
NetBIOS
NetBT
Npfs
Ntfs
Null
nv
Parport
PartMgr
ParVdm
PCI
PptpMiniport
PSched
Ptilink
RasAcd
Rasl2tp
RasPppoe
Raspti
Rdbss
RDPCDD
rdpdr
redbook
ROOTMODEM
serenum
Serial
sr
Srv
ssmdrv
swenum
sysaudio
Tcpip
TermDD
TOMCATWAN
Update
usbccgp
usbehci
usbhub
usbprint
usbuhci
VgaSave
viaagp
viaagp1
ViaIde
VIAudio
VolSnap
Wanarp
wdmaud


Drivers - Stopped:

Abiosdsk
abp480n5
ACPIEC
adpu160m
aec
Aha154x
aic78u2
aic78xx
AliIde
amsint
asc
asc3350p
asc3550
Atdisk
Atmarpc
catchme
cbidf2k
cd20xrnt
Cdaudio
Changer
CmdIde
Cpqarray
dac960nt
dmboot
DMusic
dpti2o
drmkaud
Fastfat
FETNDIS
Flpydisk
hpn
HPZid412
HPZipr12
HPZius12
i2omgmt
i2omp
i8042prt
ini910u
IntelIde
ip6fw
IpFilterDriver
IpInIp
IRENUM
kmixer
lbrtfdc
MIINPazX
mraid35x
MSKSSRV
MSPCLOCK
MSPQM
nm
NwlnkFlt
NwlnkFwd
PCIDump
PCIIde
Pcmcia
PDCOMP
PDFRAME
PDRELI
PDRFRAME
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
RDPWD
Secdrv
Sfloppy
Simbad
Sparrow
splitter
SSPORT
swmidi
symc810
symc8xx
sym_hi
sym_u3
TDPIPE
TDTCP
TosIde
Udfs
ultra
usbscan
usbstor
WDICA


Services - Running:

a2AntiDialer
a2AntiMalware
aawservice
ALG
AntiVirScheduler
AudioSrv
CCALib8
CryptSvc
DcomLaunch
Dhcp
dmserver
Dnscache
ERSvc
Eventlog
EventSystem
FastUserSwitchingCompatibility
helpsvc
HidServ
JavaQuickStarterService
lanmanserver
lanmanworkstation
LmHosts
Nero
Netman
Nla
NtmsSvc
NVSvc
PLFlash
PlugPlay
PolicyAgent
ProtectedStorage
RasMan
RemoteRegistry
RpcSs
SamSs
Schedule
seclogon
SENS
SharedAccess
ShellHWDetection
SmartSurferManager
Spooler
srservice
SSDPSRV
stisvc
TapiSrv
TermService
Themes
TrkWks
UMWdf
WebClient
winmgmt
WmiApSrv
wscsvc
wuauserv
WZCSVC


Services - Stopped:

Alerter
AntiVirService
AppMgmt
aspnet_state
BITS
Browser
CiSvc
ClipSrv
clr_optimization_v2.0.50727_32
COMSysApp
dmadmin
HTTPFilter
ImapiService
Messenger
mnmsrvc
MSDTC
MSIServer
NetDDE
NetDDEdsdm
Netlogon
NMIndexingService
NtLmSsp
odserv
ose
RasAuto
RDSessMgr
RemoteAccess
RpcLocator
RSVP
SCardSvr
SwPrv
SysmonLog
TlntSvr
upnphost
UPS
VSS
W32Time
WmdmPmSN
Wmi
WPEServ
xmlprov


Files Created/Modified - 60 Days:


C:\

31 Mar 2009 17:25:04 1.610.612.736 A.SH. "C:\pagefile.sys"


C:\WINDOWS\

31 Mar 2009 17:25:08 2.048 A.S.. "C:\WINDOWS\bootstat.dat"
2 Feb 2009 19:34:56 159.220 A.... "C:\WINDOWS\Pic2Pic Uninstaller.exe"
9 Mar 2009 16:44:36 209.696 A.... "C:\WINDOWS\system32\FNTCACHE.DAT"
31 Mar 2009 14:15:36 75.194 A.... "C:\WINDOWS\system32\perfc007.dat"
31 Mar 2009 14:15:36 62.480 A.... "C:\WINDOWS\system32\perfc009.dat"
31 Mar 2009 14:15:36 415.800 A.... "C:\WINDOWS\system32\perfh007.dat"
31 Mar 2009 14:15:36 401.200 A.... "C:\WINDOWS\system32\perfh009.dat"
31 Mar 2009 17:25:16 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"
31 Mar 2009 18:10:48 157 A.... "C:\WINDOWS\temp\scs24.tmp"
31 Mar 2009 14:26:48 255.632 A.... "C:\WINDOWS\system32\Restore\rstrlog.dat"
30 Mar 2009 21:14:54 233.472 A.... "C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT"
30 Mar 2009 21:14:54 8.192 A.... "C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat"
30 Mar 2009 21:14:54 233.472 A.... "C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT"
30 Mar 2009 21:14:54 8.192 A.... "C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat"
30 Mar 2009 21:14:54 5.206.016 A.... "C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT"
30 Mar 2009 21:14:54 225.280 A.... "C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat"


C:\Programme\

10 Feb 2009 12:34:50 84 A.... "C:\Programme\BangolfArena\settings.data"
11 Feb 2009 14:53:58 180.664 A.... "C:\Programme\IEPro\uninst.exe"
20 Feb 2009 13:27:08 176.501 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\aecore.dll"
19 Mar 2009 12:10:48 336.245 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\aegen.dll"
27 Feb 2009 14:16:02 119.158 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\aehelp.dll"
26 Mar 2009 11:51:54 1.679.736 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\aeheur.dll"
27 Feb 2009 14:17:56 196.987 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\aeoffice.dll"
26 Mar 2009 11:52:24 397.687 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\aepack.dll"
6 Mar 2009 11:35:00 127.346 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\aescn.dll"
19 Mar 2009 12:13:40 364.923 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\aescript.dll"
29 Mar 2009 12:51:28 2.162 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\aeset.dat"
2 Feb 2009 20:08:12 106.868 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\aevdf.dll"
29 Mar 2009 14:04:46 16.934 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\build.dat"
19 Mar 2009 12:13:56 2.262 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\prodinfo.dat"
19 Mar 2009 12:13:54 77.312 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\unacev2.dll"
29 Mar 2009 4:53:26 28.090 A.... "C:\Programme\RegCure\Logs\SystemInfo.zip"
20 Feb 2009 13:27:08 176.501 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aecore.dll"
19 Mar 2009 12:10:48 336.245 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aegen.dll"
19 Mar 2009 12:10:48 336.245 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aegen.dll.tmp"
27 Feb 2009 14:16:02 119.158 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aehelp.dll"
26 Mar 2009 11:51:54 1.679.736 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aeheur.dll"
27 Feb 2009 14:17:56 196.987 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aeoffice.dll"
26 Mar 2009 11:52:24 397.687 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aepack.dll"
6 Mar 2009 11:35:00 127.346 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aescn.dll"
19 Mar 2009 12:13:40 364.923 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aescript.dll"
19 Mar 2009 12:13:40 364.923 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aescript.dll.tmp"
29 Mar 2009 12:51:28 2.162 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aeset.dat"
2 Feb 2009 20:08:12 106.868 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aevdf.dll"
19 Mar 2009 12:13:54 77.312 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\FAILSAFE\unacev2.dll"
24 Mar 2009 0:40:42 2.241 A.... "C:\Programme\Samsung\Samsung CLP-300 Series\SPanel\OPTS.dat"


Files with hidden attributes:



Program Folders:

C:\Programme\

Avira
BangolfArena
Canon
COMODO
ComPlus Applications
FreePDF_XP
Gemeinsame Dateien
HP
IEPro
InstallShield Installation Information
Internet Explorer
Java
Messenger
microsoft frontpage
Microsoft Office
Microsoft Works
Movie Maker
Mozilla Firefox
MSN
MSN Gaming Zone
Nero
NeroInstall.bak
NetMeeting
Online Services
Online-Dienste
Outlook Express
Poladroid
QuickTime
RegCure
Samsung
T-Online
Uninstall Information
VIA Technologies, Inc
Windows Media Player
Windows NT
WindowsUpdate
xerox

C:\Programme\Gemeinsame Dateien\

Adobe
Ahead
AVM
Canon
DESIGNER
Dienste
Hewlett-Packard
InstallShield
Marmiko Shared
Microsoft Shared
MSSoap
Nero
ODBC
Real
SpeechEngines
SWF Studio
System
Ulead Systems
Wise Installation Wizard
wpe
xing shared


Add/Remove Programs:

a-squared Anti-Dialer 3.0
a-squared Anti-Malware 4.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
AFPL Ghostscript 8.54
AFPL Ghostscript Fonts
Avira AntiVir Personal - Free Antivirus
AVM ISDN CAPI Port
BangolfArena
Canon Camera Access Library
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities CameraWindow
Canon G.726 WMP-Decoder
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
CCleaner (remove only)
Canon Camera Support Core Library
Canon Utilities EOS Utility
Microsoft Office Excel 2007
FileZilla Client 3.1.2
Flash Slideshow Maker Pro 4.88
FreePDF XP (Remove only)
AVM FRITZ!
GMX SmartSurfer
HijackThis 2.0.2
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
IE7Pro
IrfanView (remove only)
IsoBuster 2.1
Kate's Video Joiner 2.8.0
Hotfix for Windows XP (KB915865)
K-Lite Codec Pack 4.1.6 (Standard)
Lion 3.0.2
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Language Pack - DEU
Canon MovieEdit Task for ZoomBrowser EX
Mozilla Firefox (3.0.7)
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Network Stumbler 0.4.0 (remove only)
Microsoft National Language Support Downlevel APIs
NVIDIA Display Driver
ophcrack 3.1.0
Canon Utilities PhotoStitch
Pic2Pic
PlayFLV
Canon RAW Image Task for ZoomBrowser EX
RealPlayer
RedMon - Redirection Port Monitor
RegCure 1.5.1.3
Registry Mechanic 8.0
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Samsung CLP-300 Series
VIA Audio Driver Setup Program
Video Converter 3
VLC media player 0.9.4
VSO PhotoOnWeb 0.9.0.7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 2
Microsoft Office Word 2007
xp-AntiSpy 3.97
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
HP PSC & OfficeJet 3.5
Ulead PhotoImpact 12
AutoUpdate
AiO_Scan
Scan
Java(TM) 6 Update 10
ConvertHelper 2.1
DeepBurner v1.9.0.228
AIOMinimal
VCRedistSetup
VSO Image Resizer 2.1.8.2
Nero 8 Essentials
neroxml
Microsoft .NET Framework 2.0
DivX Codec
QFolder
Microsoft .NET Framework 2.0 Language Pack - DEU
Microsoft Software Update for Web Folders (German) 12
Microsoft Office Excel 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Word 2007
Microsoft Office Word MUI (German) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office PowerPoint Viewer 2003
Adobe Acrobat 6.0.1 Professional - English, Français, Deutsch
Adobe Reader 9 - Deutsch
T-Online 6.0
DivX Converter
Perfect Print
Microsoft .NET Framework 1.1
Overland
Ad-Aware
Microsoft .NET Framework 1.1 German Language Pack
T-Online ISDN SpeedManager


Run Values:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ISDN SpeedManager"="\"C:\\PROGRA~1\\T-Online\\ISDNSP~1\\tomcat.exe\""
"Ulead AutoDetector v2"="C:\\Programme\\Gemeinsame Dateien\\Ulead Systems\\AutoDetector\\monitor.exe"
"TrISDNLine"="D:\\Dokumente und Einstellungen\\graf\\Desktop\\Progs\\TriLine\\TrISDNLine\\trisdnline.exe"
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre6\\bin\\jusched.exe\""
"Samsung PanelMgr"="C:\\WINDOWS\\Samsung\\PanelMgr\\ssmmgr.exe /autorun"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"NeroFilterCheck"="C:\\Programme\\Gemeinsame Dateien\\Nero\\Lib\\NeroCheck.exe"
"NBKeyScan"="\"C:\\Programme\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe\""
"HP Component Manager"="\"C:\\Programme\\HP\\hpcoretech\\hpcmpmgr.exe\""
"FreePDF Assistant"="C:\\Programme\\FreePDF_XP\\fpassist.exe"
"avgnt"="\"C:\\Programme\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"Adobe Reader Speed Launcher"="\"J:\\Programme\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
"a-squared Anti-Dialer"="\"J:\\Programme\\a-squared Anti-Dialer\\a2adguard.exe\" /d=60"
"a-squared"="\"J:\\Programme\\a-squared Anti-Malware\\a2guard.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"RegistryMechanic"="J:\\Programme\\Registry Mechanic\\RegMech.exe /H"


Bot Check:

SERVICE_NAME: wscsvc
DISPLAY_NAME : Sicherheitscenter
START_TYPE : 2 AUTO_START

SERVICE_NAME: sharedaccess
DISPLAY_NAME : Windows-Firewall/Gemeinsame Nutzung der Internetverbindung
START_TYPE : 2 AUTO_START

SERVICE_NAME: wuauserv
DISPLAY_NAME : Automatische Updates
START_TYPE : 2 AUTO_START

SERVICE_NAME: srservice
DISPLAY_NAME : Systemwiederherstellungsdienst
START_TYPE : 2 AUTO_START

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"AUOptions"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"WaitToKillServiceTimeout"="20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:00000000
"Shell"="Explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions]
"MSMELT"="C:\\WINDOWS\\system32\\spool\\drivers\\wmsncs.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
"TransportBindName"="\\Device\\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters]
"AutoShareWks"=dword:00000000
"AutoShareServer"=dword:00000000


ShellExecuteHooks:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""



Environment:


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
Path REG_EXPAND_SZ %systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2
windir REG_EXPAND_SZ %SystemRoot%
OS REG_SZ Windows_NT
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP

SecurityProviders:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Authentication Packages:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0


Subsystem Startup:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"


Midi Drivers:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midi"="wdmaud.drv"


Non-Default IFEO Debugger:


Non-Default Installed Components:


HKEY_CURRENT_USER\software\microsoft\active setup\installed components\{103l3c30-c3b3-4130-9363-e59e1375perm}
StubPath REG_SZ C:\WINDOWS\Fonts\wmsncs.exe


Non-Default Safeboot Minimal:


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice
<NO NAME> REG_SZ Service


File Associations:


[HKEY_CLASSES_ROOT\batfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\comfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\htafile\shell\open\command]
@="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\http\shell\open\command]
@="\"C:\\Programme\\Internet Explorer\\IEXPLORE.EXE\" -nohome"

[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
@="\"C:\\Programme\\Internet Explorer\\IEXPLORE.EXE\" -nohome"

[HKEY_CLASSES_ROOT\regedit\shell\open\command]
@="regedit.exe %1"

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""

[HKEY_CLASSES_ROOT\scrfile\shell\open\command]
@="\"%1\" /S"

[HKEY_CLASSES_ROOT\txtfile\shell\open\command]
@="%SystemRoot%\system32\NOTEPAD.EXE %1"


Finished!


Stelle Dein Avira Antivir so ein wie hier beschrieben. Zusätzlich Rootkitsuche anwählen. UPDATE dein Antivir und scanne all deine Festplatten, funde in Quarantäne verschieben lassen. Poste das Log.
(Nach dem scanen, Einstellungen wieder zurücksetzen)
http://board.protecus.de/t23979.htm

Gruss Swiss
[color="red"][/color]

Die beiden letzten habe ich vertauscht, oder ?

Avira Antivirus funktioniert ja noch nicht.
Seitenanfang Seitenende
31.03.2009, 18:52
Swisstreasure
Moderator

Beiträge: 5694
#4 >>
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere in das weisse Feld:

Zitat

Files to delete:
C:\WINDOWS\Fonts\wmsncs.exe
- schliesse alle offenen Programme (denn nach Anwendung des Avengers wird der Rechner neustarten)

- Klicke: Execute

- bestätige, dass der Rechner neu gestartet wird - klicke "yes"
- nach dem Neustart erscheint automatisch ein Log vom Avenger - (C:\avenger.txt), kopiere es ab - mit rechtem Mausklick - kopieren - einfügen

>>
gehe in die Registry
Start - Ausfuehren - regedit


[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001 - in 0 ändern
"UpdatesDisableNotify"=dword:00000001 - in 0 ändern
die 1 wegklicken und 0 reinschreiben, dann abspeichern

>>
scanne mit smitfraudfix (option 1 und 2) - poste beide scanreporte
http://virus-protect.org/artikel/tools/smitfrautfix.html

>>
Arbeite datfindbat ab - poste von jedem log nur die Daten der letzten drei Monate:
http://www.virus-protect.org/datfindbat.html

>>
Mach ein Onlinescan mit Bitdefender und poste das Log:
http://virus-protect.org/artikel/tools/bitdefender.html


Gruss Swiss
Dieser Beitrag wurde am 31.03.2009 um 18:59 Uhr von Tonstudio editiert.
Seitenanfang Seitenende
31.03.2009, 21:06
allesroger
Member

Themenstarter

Beiträge: 19
#5 @ Tonstudio

hier gehts weiter :

/////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Tue Mar 31 19:00:43 2009

19:00:43: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\WINDOWS\Fonts\wmsncs.exe" not found!
Deletion of file "C:\WINDOWS\Fonts\wmsncs.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

-----------------------------------------------------------------------
antivir : siehe Anhang
scheint schon zu stimmen ?
-----------------------------------------------------------------------
SmitFraudFix v2.405

Scan done at 19:13:43,17, 31.03.2009
Run from J:\Setups\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
J:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
J:\Programme\a-squared Anti-Dialer\a2service.exe
C:\PROGRA~1\T-Online\ISDNSP~1\tomcat.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
D:\Dokumente und Einstellungen\graf\Desktop\Progs\TriLine\TrISDNLine\trisdnline.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
J:\Programme\a-squared Anti-Malware\a2service.exe
J:\Programme\a-squared Anti-Dialer\a2adguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
J:\Programme\GMX\GMX SmartSurfer\SmurfService.exe
J:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programme\HP\hpcoretech\comp\hptskmgr.exe
J:\Programme\Fritz!\IWatch.exe
J:\Programme\GMX\GMX SmartSurfer\SmartSurfer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programme\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\Notifier.exe
J:\PROGRAMME\MOZILLA FIREFOX\FIREFOX.EXE
J:\Setups\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Graf


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\Graf\LOKALE~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Graf\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\Graf\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Programme


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 217.237.150.51
DNS Server Search Order: 217.237.148.22

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2E2BA5F8-F619-40F1-B89F-DFAF8C6AD9EA}: NameServer=217.237.150.51 217.237.148.22
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2E2BA5F8-F619-40F1-B89F-DFAF8C6AD9EA}: NameServer=217.237.150.51 217.237.148.22


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

------------------------------------------------------------------------
SmitFraudFix v2.405

Scan done at 19:15:39,17, 31.03.2009
Run from J:\Setups\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 217.237.150.51
DNS Server Search Order: 217.237.148.22

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2E2BA5F8-F619-40F1-B89F-DFAF8C6AD9EA}: NameServer=217.237.150.51 217.237.148.22
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2E2BA5F8-F619-40F1-B89F-DFAF8C6AD9EA}: NameServer=217.237.150.51 217.237.148.22


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

------------------------------------------------------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 1840-ADDB

Verzeichnis von C:\WINDOWS\system32

31.03.2009 19:36 3.731 nvapps.xml
31.03.2009 19:16 0 tmp.txt
31.03.2009 19:16 3.812 tmp.reg
31.03.2009 19:02 166.712 FNTCACHE.DAT
31.03.2009 17:27 11.654 ModemLog_AVM ISDN Internet (PPP over ISDN).txt
31.03.2009 16:55 4.610 ModemLog_AVM ISDN BTX.txt
31.03.2009 16:55 4.660 ModemLog_AVM ISDN Analog Modem (V.32bis).txt
31.03.2009 16:55 4.162 ModemLog_AVM ISDN Custom Config.txt
31.03.2009 16:55 4.620 ModemLog_AVM ISDN FAX (G3).txt
31.03.2009 16:55 4.630 ModemLog_AVM ISDN - ISDN (X.75).txt
31.03.2009 16:55 4.672 ModemLog_AVM ISDN SoftCompression X.75-V.42bis.txt
31.03.2009 16:55 4.632 ModemLog_AVM ISDN Mailbox (X.75).txt
31.03.2009 16:55 4.642 ModemLog_AVM ISDN RAS (PPP over ISDN).txt
31.03.2009 14:15 401.200 perfh009.dat
31.03.2009 14:15 62.480 perfc009.dat
31.03.2009 14:15 75.194 perfc007.dat
31.03.2009 14:15 415.800 perfh007.dat
31.03.2009 14:15 966.250 PerfStringBackup.INI
30.03.2009 12:56 2.206 wpa.dbl
21.01.2009 13:19 297 MsiExec.exe.log
22.12.2008 13:52 185.920 rmoc3260.dll
22.12.2008 13:52 5.632 pndx5032.dll
22.12.2008 13:52 6.656 pndx5016.dll
22.12.2008 13:52 348.160 msvcr71.dll
22.12.2008 13:52 499.712 msvcp71.dll
22.12.2008 13:52 278.528 pncrt.dll
25.11.2008 20:27 34.494 m2.ico
22.11.2008 11:02 249.592 cssdll32.dll
13.11.2008 19:23 8 probtp51.cnt
12.11.2008 00:51 24.091 NULL
12.11.2008 00:51 16.832 amcompat.tlb
12.11.2008 00:51 23.392 nscompat.tlb
11.11.2008 20:58 269 spupdwxp.log
11.11.2008 17:29 148.888 javaws.exe
11.11.2008 17:29 144.792 javaw.exe
11.11.2008 17:29 73.728 javacpl.cpl
11.11.2008 17:29 144.792 java.exe
11.11.2008 17:29 410.976 deploytk.dll
11.11.2008 15:41 552 d3d8caps.dat
11.11.2008 11:58 14.341 $winnt$.inf
11.11.2008 11:56 25.065 wmpscheme.xml
11.11.2008 11:55 488 WindowsLogon.manifest
11.11.2008 11:55 488 logonui.exe.manifest
11.11.2008 11:55 749 ncpa.cpl.manifest
11.11.2008 11:55 749 sapi.cpl.manifest
11.11.2008 11:55 749 cdplayer.exe.manifest
11.11.2008 11:55 749 wuaucpl.cpl.manifest
11.11.2008 11:55 749 nwc.cpl.manifest
11.11.2008 11:54 22.880 emptyregdb.dat
11.11.2008 11:33 2.951 CONFIG.NT
11.11.2008 11:27 0 h323log.txt
-----------------------------------------------------------------------

Da Bitdefender nur mit IE-Explorer läuft, kann ich dies nicht posten, da irgendwelche Einstellungen nicht passen.

Noch was ist seltsam : Mit T-online komme ich problemlos ins Netz (sonst könnte ich das hier nicht machen)
Mit Smartsurfer (ISDN) geht es nicht , wie oben beschrieben. Daß Avira nicht mehr laufen will, ist doch irgendwie schwerwiegend, oder ?

Anhang: antivir.doc
Seitenanfang Seitenende
31.03.2009, 22:41
Swisstreasure
Moderator

Beiträge: 5694
#6 >>
Ich kann den Anhang nicht öffnen. Kommt dann eine Fehlermeldung? Welche?

>>

Zitat

da irgendwelche Einstellungen nicht passen
Wie meinst Du das??

>>
FixWareout
Download FixWareout zum Desktop
Doppelklick Fixwareout.exe um es zu starten
Klicke Next und dan auf Install, achte darauf das Run fixit angehaakt ist und klick Finish.
Der Fix faengt an und folge die Instruktion im Fenster
Wenn gefragt wird dein Rechner neu zu starten,starte neu
Dein Rechner startet jetzt langsamer das ist normal
Poste den Inhalt von C:\fixwareout\report.txt (report.txt).

Note*
Solltest du Probleme mit deiner Internet Verbindung bekommen:
Systemsteuerung > wähle Netzwerk und Internet Verbindungen oder mach einen Doppelklick auf Netzwerk-Verbindungen > Klick mit der rechten Maustaste auf Default Connection (Normale Verbindung), das ist normalerweise die örtliche Umgebung, Kabel oder DSL Verbindung > Klick mit der linken Maustaste auf Eigenschaften > Doppelklick auf Internet Protocol (TCP/IP) >wähle den Knopf der dafür steht, dass die DNS Verbindung automatisch aufrecht erhalten wird > zweimal auf "OK" klicken > den Rechner neu starten (Diese Einstellungen sind nicht auf allen Systemen gleich oder vorhanden).


>>
Wende Silentrunner an und poste das Log:
http://virus-protect.org/silentrunner.html


Gruss swiss
Seitenanfang Seitenende
01.04.2009, 12:03
allesroger
Member

Themenstarter

Beiträge: 19
#7 hier habe ich die Regdaten von Antivir hinterlegt : http://www.allesroger.de/regantivir.jpg
habe nichts geändert - müßte so stimmen ?

Username "Graf" - 01.04.2009 10:16:53 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Der DNS-Auflösungscache wurde geleert.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISDN SpeedManager"="\"C:\\PROGRA~1\\T-Online\\ISDNSP~1\\tomcat.exe\""
"Ulead AutoDetector v2"="C:\\Programme\\Gemeinsame Dateien\\Ulead Systems\\AutoDetector\\monitor.exe"
"TrISDNLine"="D:\\Dokumente und Einstellungen\\graf\\Desktop\\Progs\\TriLine\\TrISDNLine\\trisdnline.exe"
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre6\\bin\\jusched.exe\""
"Samsung PanelMgr"="C:\\WINDOWS\\Samsung\\PanelMgr\\ssmmgr.exe /autorun"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"NeroFilterCheck"="C:\\Programme\\Gemeinsame Dateien\\Nero\\Lib\\NeroCheck.exe"
"NBKeyScan"="\"C:\\Programme\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe\""
"HP Component Manager"="\"C:\\Programme\\HP\\hpcoretech\\hpcmpmgr.exe\""
"FreePDF Assistant"="C:\\Programme\\FreePDF_XP\\fpassist.exe"
"avgnt"="\"C:\\Programme\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"Adobe Reader Speed Launcher"="\"J:\\Programme\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
"a-squared Anti-Dialer"="\"J:\\Programme\\a-squared Anti-Dialer\\a2adguard.exe\" /d=60"
"a-squared"="\"J:\\Programme\\a-squared Anti-Malware\\a2guard.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
---------------------------------------------------------------------------
Bitdefender kann scan nicht beenden, da kein Zugriff auf die Antivirus dateien.
Verweist auf Kauf Upgrade 2009 !

Silentrunner habe ich genau nach Anleitung durchgeführt. Kann jedoch nirgendwo die Logdatei finden ?
Dieser Beitrag wurde am 01.04.2009 um 13:28 Uhr von allesroger editiert.
Seitenanfang Seitenende
01.04.2009, 12:41
Swisstreasure
Moderator

Beiträge: 5694
#8

Zitat

Entpacke das Programm Silentrunners in einen Ordner (z.B. "Eigene Dateien")
Die Text Datei solltest Du in diesem Ordner wo du das Programm hast finden.

Die Seite: www.allesroger/regantivir.jpg kann nicht angezeigt werden.


Gruss Swiss
Seitenanfang Seitenende
01.04.2009, 13:34
allesroger
Member

Themenstarter

Beiträge: 19
#9 sorry, es fehlte .de hinter allesroger.

"Silent Runners.vbs", revision 59, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ISDN SpeedManager" = ""C:\PROGRA~1\T-Online\ISDNSP~1\tomcat.exe"" ["T-Systems International GmbH"]
"Ulead AutoDetector v2" = "C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe" ["Ulead Systems, Inc."]
"TrISDNLine" = "D:\Dokumente und Einstellungen\graf\Desktop\Progs\TriLine\TrISDNLine\trisdnline.exe" ["TriLine - Martin Stemplinger Dipl. Inf."]
"TkBellExe" = ""C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"SunJavaUpdateSched" = ""C:\Programme\Java\jre6\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"Samsung PanelMgr" = "C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun" [empty string]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"NeroFilterCheck" = "C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" ["Nero AG"]
"NBKeyScan" = ""C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"" ["Nero AG"]
"HP Component Manager" = ""C:\Programme\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]
"FreePDF Assistant" = "C:\Programme\FreePDF_XP\fpassist.exe" [null data]
"avgnt" = ""C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"]
"Adobe Reader Speed Launcher" = ""J:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"a-squared Anti-Dialer" = ""J:\Programme\a-squared Anti-Dialer\a2adguard.exe" /d=60" ["a-squared"]
"a-squared" = ""J:\Programme\a-squared Anti-Malware\a2guard.exe"" ["Emsi Software GmbH"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{00011268-E188-40DF-A514-835FCD78B1BF}\(Default) = "IE7Pro"
-> {HKLM...CLSID} = "IE7Pro BHO"
\InProcServer32\(Default) = "C:\Programme\IEPro\iepro.dll" ["IE7Pro.com"]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "J:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub"
-> {HKLM...CLSID} = "Adobe PDF Link Helper"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]
{3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided)
-> {HKLM...CLSID} = "RealPlayer Download and Record Plugin for Internet Explorer"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll" ["RealPlayer"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In SSV Helper"
\InProcServer32\(Default) = "C:\Programme\Java\jre6\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEToolbarHelper Class"
\InProcServer32\(Default) = "J:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
\InProcServer32\(Default) = "C:\Programme\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]
{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl"
-> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class"
\InProcServer32\(Default) = "C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
Seitenanfang Seitenende
01.04.2009, 16:40
Swisstreasure
Moderator

Beiträge: 5694
#10 Hmm.. Was meint eigentlich a-squared? Poste doch mal ein Log davon.

Geh zu dieser Seite
http://www.zonavirus.com/datos/descargas/95/elibagla.asp
Scrolle nach unten und klicke den Knopf "Descargar ELIBAGLA 12.41"
Download EliBaglA.exe zum Desktop
Doppelklick EliBaglA.exe um das Program zu starten
Kontrolliere ob neben Unidad C:\ steht, wenn nicht ändere es nach C:\
Sorge dafür das "Eliminar Ficheros Automaticamente" angehakt ist
Klicke jetzt den Knopf "Explorar" um das Program zu starten
Am Ende poste den Inhalt von C:\InfoSat.txt in diesen Thread
Klicke nachher "Salir" um das Program zu schliessen


Gruss Swiss
Seitenanfang Seitenende
01.04.2009, 18:25
allesroger
Member

Themenstarter

Beiträge: 19
#11 a-squared verlangt sofort ein Update. Dieses kann aber dann nicht ausgeführt
werde.


(1-4-2009 16:12:46)
EliBagle v12.41 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 31 de Marzo del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):

(1-4-2009 16:13:28)
EliBagle v12.41 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 31 de Marzo del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 2943
Nº Total de Ficheros: 37481
Nº de Ficheros Analizados: 10055
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Aber das ist höchst seltsam, wie schon geschrieben :
Mit T-online komme ich problemlos ins Netz (sonst könnte ich das hier nicht machen)
Mit Smartsurfer (ISDN) geht es nicht , wie oben beschrieben. Daß Avira nicht mehr laufen will, ist doch irgendwie schwerwiegend, oder ?

Diesen virus hatte ich schon mal. Ist aber nichts mehr zu finden. Womit kann ich noch danach scannen ?

[color="red"]c:\windows\Fonts\wmsncs.exe
[/color]
Seitenanfang Seitenende
01.04.2009, 23:15
Swisstreasure
Moderator

Beiträge: 5694
#12 ALso dann versuche es mit der Removal von AVG:
http://free.avg.de/virenentfernung.ndi-67762

Gruss Swiss
Seitenanfang Seitenende
02.04.2009, 11:08
allesroger
Member

Themenstarter

Beiträge: 19
#13

Zitat

Tonstudio postete
ALso dann versuche es mit der Removal von AVG:
http://free.avg.de/virenentfernung.ndi-67762

Gruss Swiss
Die Log-Datei ist irre lang. Trotzdem posten ? Oder soll ich nur die Dateien auswählen, bei denen steht : can't open
Seitenanfang Seitenende
02.04.2009, 11:33
Swisstreasure
Moderator

Beiträge: 5694
#14 Kannst das Log nicht als Anhang einfügen? WIe siehts dann aus mit Avira? Noch kein Wank? Kannst du das Programm nicht starten oder was genau?

Gruss Swiss
Seitenanfang Seitenende
02.04.2009, 11:55
allesroger
Member

Themenstarter

Beiträge: 19
#15

Zitat

Tonstudio postete
Kannst das Log nicht als Anhang einfügen? WIe siehts dann aus mit Avira? Noch kein Wank? Kannst du das Programm nicht starten oder was genau?

Gruss Swiss
ok, im Anhang. (liegt scheinbar an Firefox)

Das meldet Avira nach dem Scanstart :

" Beim Laden des Modules (aecore.dll) ist folgender Fehler aufgetreten: Die angegebenen Module konnten nicht geladen werden."

Beim Druck auf ok schließt das Programm von selbst.

Anhang: VirusRemover.log.txt
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 12