Home » Viren, Trojaner & Malware Forum » Trojanische Pferd TR/Agent.ruo » Themenansicht

Trojanische Pferd TR/Agent.ruo
#0
29.03.2010, 12:15
Okto1967
Member

Beiträge: 156
#1 Hallo zusammen,

nachdem Antivir immer wieder die Meldung des Trojanische Pferd TR/Agent.ruo anzeigt, benötige ich eure Hilfe.

Ich habe ein Komplettscan gemacht, den Virus schon zig mal in Quarantäne geschickt. Aber bei jedem Neustart des Pc's ist er wieder da.

Hier mal den Logflile:

gfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 12:14:04, on 29.03.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduserv.exe
C:\WINDOWS\system32\lxducoms.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
C:\Programme\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Programme\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programme\Lexmark 5600-6600 Series\ezprint.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\NETGEAR\WG311v3\wlancfg5.exe
C:\Programme\Firebird\Firebird_2_1\bin\fbserver.exe
C:\Programme\Lexmark 5600-6600 Series\lxdumon.exe
C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programme\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://de.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Lexmark - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [lxdumon.exe] "C:\Programme\Lexmark 5600-6600 Series\lxdumon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Programme\Lexmark 5600-6600 Series\ezprint.exe"
O4 - HKLM\..\Run: [Lexmark 5600-6600 Series Fax Server] "C:\Programme\Lexmark 5600-6600 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ALF-BanCo 3 Reminder.lnk = C:\Programme\ALFBanCo3\AlfReminder3.exe
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = C:\Programme\NETGEAR\WG311v3\wlancfg5.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} (Attachment Upload Control) - https://stream.web.de/mail/activex/mail_upload_11213.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - http://game03.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Programme\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Programme\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate1c9f048f07d96a6) (gupdate1c9f048f07d96a6) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe
O23 - Service: lxdu_device - - C:\WINDOWS\system32\lxducoms.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 10354 bytes
__________
Danke für Eure super Unterstützung!
Lg Stefan
Seitenanfang Seitenende
29.03.2010, 12:44
raman
Moderator

Beiträge: 7805
#2 Nutze bitte Combofix nach anleitung und poste den erstellten REport..
http://board.protecus.de/t23188.htm
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
29.03.2010, 13:26
Okto1967
Member

Themenstarter

Beiträge: 156
#3 Hallo Ralf,

danke für deine schnelle Antwort.

Ich habe Combofix angewendet.

Habe danach meinen Rechner neugestartet und als ich nun auf den IE klickte, kam die Viruswarnung
( In der Datei 'C:\WINDOWS\system32\ntnue.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Agent.ruo' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern) wieder. Das gleiche geschieht auch wenn ich FiireFox anwende.

Hier nun der Report von Combofix:


ComboFix 10-03-28.03 - 29.03.2010 13:10:45.14.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2047.1468 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\\Desktop\test.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Thumbs.db
c:\windows\system32\CoolXPProgress.ocx
c:\windows\system32\SIntf16.dll

.
((((((((((((((((((((((( Dateien erstellt von 2010-02-28 bis 2010-03-29 ))))))))))))))))))))))))))))))
.

2010-03-29 10:13 . 2010-03-29 10:13 388096 ----a-r- c:\dokumente und einstellungen\Stefan\Anwendungsdaten\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-29 10:13 . 2010-03-29 10:13 -------- d-----w- c:\programme\TrendMicro
2010-03-28 10:51 . 2010-03-28 10:51 -------- d-sh--w- c:\dokumente und einstellungen\LocalService\IETldCache
2010-03-26 12:31 . 2010-03-26 12:31 -------- d-----w- c:\dokumente und einstellungen\Stefan\Anwendungsdaten\Canneverbe Limited
2010-03-17 16:05 . 2010-03-17 16:25 -------- d-----w- c:\programme\PCPitstop
2010-03-17 16:05 . 2010-03-17 16:05 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\PCPitstop
2010-03-17 16:03 . 2010-03-17 16:03 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\NVIDIA Corporation
2010-03-17 16:03 . 2010-03-17 16:03 -------- d-----w- c:\programme\NVIDIA Corporation
2010-03-17 15:57 . 2010-03-17 16:01 -------- d-----w- c:\dokumente und einstellungen\Stefan\Anwendungsdaten\GetRightToGo
2010-03-10 15:31 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-06 08:46 . 2010-03-29 08:08 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\AlfBanCo3
2010-03-06 08:46 . 2010-03-06 08:46 -------- d-----w- c:\programme\ALFBanCo3
2010-03-04 11:47 . 2010-03-04 11:47 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\StarMoney 7.0
2010-03-04 11:45 . 2010-03-04 11:45 -------- d-----w- c:\programme\Business Objects
2010-03-04 11:45 . 2010-03-04 11:45 -------- d-----w- c:\programme\Gemeinsame Dateien\StarFinanz
2010-02-28 19:06 . 2010-02-28 19:06 -------- d-----w- c:\programme\House-Manager-TS

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-29 08:08 . 2010-02-11 18:45 -------- d-----w- c:\dokumente und einstellungen\Stefan\Anwendungsdaten\ALFBanCo3
2010-03-29 06:05 . 2009-07-02 15:32 -------- d-----w- c:\programme\casa70
2010-03-28 17:18 . 2008-10-14 05:51 -------- d-----w- c:\programme\Yahoo!
2010-03-28 16:33 . 2008-10-20 11:27 -------- d-----w- c:\programme\CCleaner
2010-03-28 12:28 . 2009-12-30 15:53 -------- d-----w- c:\dokumente und einstellungen\Stefan\Anwendungsdaten\vlc
2010-03-28 10:28 . 2001-08-18 10:00 89702 ----a-w- c:\windows\system32\perfc007.dat
2010-03-28 10:28 . 2001-08-18 10:00 471630 ----a-w- c:\windows\system32\perfh007.dat
2010-03-26 12:31 . 2009-10-15 18:14 -------- d-----w- c:\programme\CDBurnerXP
2010-03-14 11:53 . 2008-11-02 17:07 -------- d-----w- c:\programme\Haufe
2010-03-14 11:46 . 2008-10-02 17:21 -------- d--h--w- c:\programme\InstallShield Installation Information
2010-03-14 11:29 . 2009-09-29 11:40 -------- d-----w- c:\programme\WIN-CASA2009
2010-03-14 09:59 . 2010-02-21 18:50 -------- d-----w- c:\dokumente und einstellungen\Stefan\Anwendungsdaten\Zylom
2010-03-14 08:23 . 2008-10-08 12:24 -------- d-----w- c:\programme\eMule
2010-03-10 22:30 . 2008-10-08 12:07 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help
2010-03-04 18:01 . 2008-10-02 19:23 77408 ----a-w- c:\dokumente und einstellungen\Stefan\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-03-04 11:46 . 2009-07-23 09:50 -------- d-----w- c:\programme\Common Files
2010-02-28 18:58 . 2008-11-02 17:08 -------- d-----w- c:\dokumente und einstellungen\Stefan\Anwendungsdaten\Haufe
2010-02-24 12:59 . 2008-10-06 12:21 -------- d-----w- c:\programme\Gemeinsame Dateien\Adobe
2010-02-23 20:36 . 2009-09-01 08:30 -------- d-----w- c:\programme\Zylom Games
2010-02-22 07:24 . 2008-10-02 18:54 -------- d-----w- c:\programme\Google
2010-02-21 18:50 . 2010-02-21 18:50 -------- d-----w- c:\dokumente und einstellungen\Stefan\Anwendungsdaten\Skip-Bo
2010-02-19 15:16 . 2010-02-19 15:16 -------- d-----w- c:\programme\Sykosch
2010-02-16 10:40 . 2010-02-16 10:35 -------- d-----w- c:\programme\PDFCreator
2010-02-04 12:33 . 2010-02-04 12:33 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2010-02-04 12:33 . 2010-02-04 12:33 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-02-04 12:33 . 2010-02-04 12:30 -------- d-----w- c:\programme\TuneUp Utilities 2009
2010-02-04 12:30 . 2010-02-04 12:30 -------- d-----w- c:\dokumente und einstellungen\Stefan\Anwendungsdaten\TuneUp Software
2010-02-04 12:30 . 2010-02-04 12:30 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TuneUp Software
2010-02-02 19:32 . 2009-06-28 10:18 -------- d-----w- c:\programme\MS-Buchhalter
2010-02-02 10:50 . 2009-12-07 14:03 -------- d-----w- c:\programme\Haushaltsbuch
2010-01-11 21:17 . 2010-01-11 21:17 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-11 21:17 . 2010-01-11 21:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-11 21:17 . 2010-01-11 21:17 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-01-11 21:17 . 2010-01-11 21:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-11 21:17 . 2010-01-11 21:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-11 21:17 . 2010-01-11 21:17 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-12-31 16:50 . 2001-08-18 10:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 12:55 . 2009-12-31 12:55 60516 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-31 12:29 . 2009-12-31 12:29 79144 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-30 13:42 . 2009-12-30 13:42 33848 ----a-w- c:\windows\system32\drivers\nchssvad.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-12-08_11.16.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-29 05:56 . 2010-03-29 05:56 16384 c:\windows\temp\Perflib_Perfdata_764.dat
+ 2006-09-28 17:56 . 2006-09-28 17:56 55808 c:\windows\system32\WudfSvc.dll
+ 2006-09-28 19:13 . 2006-09-28 19:13 95344 c:\windows\system32\WUDFCoinstaller.dll
+ 2005-01-28 12:44 . 2005-01-28 12:44 10752 c:\windows\system32\wpdtrace.dll
+ 2005-01-28 12:44 . 2005-01-28 12:44 66560 c:\windows\system32\wpdmtpus.dll
+ 2005-01-28 12:44 . 2005-01-28 12:44 61952 c:\windows\system32\wpdconns.dll
+ 2005-01-28 12:44 . 2005-01-28 12:44 38912 c:\windows\system32\wpd_ci.dll
+ 2001-08-18 10:00 . 2005-01-28 12:44 33792 c:\windows\system32\wmdmps.dll
+ 2001-08-18 10:00 . 2005-01-28 12:44 28160 c:\windows\system32\wmdmlog.dll
+ 2005-01-28 12:44 . 2005-01-28 12:44 38912 c:\windows\system32\wdfmgr.exe
+ 2005-01-28 12:44 . 2005-01-28 12:44 15872 c:\windows\system32\wdfapi.dll
+ 2009-12-30 14:03 . 2009-04-28 20:20 96752 c:\windows\system32\vxblock.dll
+ 2010-02-04 12:33 . 2009-04-27 12:21 28928 c:\windows\system32\uxtuneup.dll
+ 2005-01-28 12:44 . 2005-01-28 12:44 47104 c:\windows\system32\uwdf.exe
+ 2008-07-14 11:09 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
- 2008-07-14 11:09 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
- 2008-10-03 11:26 . 2008-04-14 02:22 75776 c:\windows\system32\strmfilt.dll
+ 2008-10-03 11:26 . 2009-10-21 05:38 75776 c:\windows\system32\strmfilt.dll
- 2008-10-03 11:24 . 2009-05-12 13:12 26144 c:\windows\system32\spupdsvc.exe
+ 2008-10-03 11:24 . 2009-01-07 17:20 26144 c:\windows\system32\spupdsvc.exe
+ 2009-12-30 14:17 . 2009-01-07 17:20 18464 c:\windows\system32\spmsg.dll
+ 1996-10-09 00:00 . 1996-10-09 00:00 24576 c:\windows\system32\Sbtrvd32.dll
+ 1998-01-22 00:00 . 1998-01-22 00:00 66560 c:\windows\system32\s2dtconv.dll
+ 2010-03-17 16:03 . 2008-09-17 21:55 81920 c:\windows\system32\ReinstallBackups\0009\DriverFiles\nvwddi.dll
+ 2010-03-17 16:03 . 2008-09-17 21:55 86016 c:\windows\system32\ReinstallBackups\0009\DriverFiles\nvmctray.dll
+ 2001-08-18 10:00 . 2009-10-12 13:38 79872 c:\windows\system32\raschap.dll
- 2001-08-18 10:00 . 2008-04-14 02:22 79872 c:\windows\system32\raschap.dll
+ 2009-12-30 14:03 . 2009-04-28 20:20 66032 c:\windows\system32\pxinsa64.exe
+ 2009-12-30 14:03 . 2009-04-28 20:20 72176 c:\windows\system32\pxhpinst.exe
+ 2009-12-30 14:03 . 2009-04-28 20:20 66544 c:\windows\system32\pxcpya64.exe
+ 2002-08-29 07:32 . 2009-03-08 03:31 46592 c:\windows\system32\pngfilt.dll
+ 2005-12-21 15:59 . 2005-12-21 15:59 21504 c:\windows\system32\plds4.dll
+ 2005-12-21 15:58 . 2005-12-21 15:58 28160 c:\windows\system32\plc4.dll
+ 2001-08-18 10:00 . 2010-03-28 10:28 75112 c:\windows\system32\perfc009.dat
- 2001-08-18 10:00 . 2009-12-06 16:58 75112 c:\windows\system32\perfc009.dat
+ 2010-01-12 11:03 . 2010-01-12 11:03 61440 c:\windows\system32\OpenCL.dll
+ 2005-12-21 15:54 . 2005-12-21 15:54 40960 c:\windows\system32\nsldapssl32v50.dll
+ 2005-12-21 15:57 . 2005-12-21 15:57 24576 c:\windows\system32\nsldappr32v50.dll
+ 2009-01-07 17:20 . 2009-01-07 17:20 23552 c:\windows\system32\normaliz.dll
+ 2009-01-07 17:20 . 2009-01-07 17:20 24576 c:\windows\system32\nlsdl.dll
+ 2008-10-02 17:46 . 2009-11-27 17:11 17920 c:\windows\system32\msyuv.dll
+ 2001-08-18 10:00 . 2009-11-27 16:08 28672 c:\windows\system32\msvidc32.dll
- 2001-08-18 10:00 . 2008-04-14 02:22 11264 c:\windows\system32\msrle32.dll
+ 2001-08-18 10:00 . 2009-11-27 16:08 11264 c:\windows\system32\msrle32.dll
+ 2008-10-03 11:26 . 2005-01-28 12:44 25088 c:\windows\system32\mspmsnsv.dll
+ 2002-08-29 07:32 . 2009-03-08 03:31 48128 c:\windows\system32\mshtmler.dll
+ 2002-08-29 07:32 . 2009-03-08 03:31 66560 c:\windows\system32\mshtmled.dll
+ 2002-08-29 07:32 . 2009-03-08 03:31 45568 c:\windows\system32\mshta.exe
+ 2009-03-08 03:31 . 2009-03-08 03:31 13312 c:\windows\system32\msfeedssync.exe
+ 2009-03-08 03:31 . 2009-12-21 19:04 55296 c:\windows\system32\msfeedsbs.dll
+ 2008-10-04 00:30 . 2009-12-13 08:27 84507 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2001-08-18 10:00 . 2008-06-10 04:52 96768 c:\windows\system32\logagent.exe
+ 2001-08-18 10:00 . 2009-03-08 03:34 43008 c:\windows\system32\licmgr10.dll
+ 2002-08-29 07:32 . 2009-12-21 19:04 25600 c:\windows\system32\jsproxy.dll
+ 2001-08-18 04:53 . 2009-11-27 16:08 48128 c:\windows\system32\iyuv_32.dll
+ 2002-08-29 07:32 . 2009-03-08 03:32 94720 c:\windows\system32\inseng.dll
+ 2009-07-02 15:32 . 2000-08-04 13:25 49152 c:\windows\system32\INETWH32.dll
- 2009-07-02 15:32 . 2000-08-04 12:25 49152 c:\windows\system32\INETWH32.dll
+ 2002-08-29 07:32 . 2009-03-08 03:31 34816 c:\windows\system32\imgutil.dll
+ 2009-03-08 03:32 . 2009-03-08 03:32 36864 c:\windows\system32\ieudinit.exe
+ 2002-08-29 07:32 . 2009-03-08 03:32 71680 c:\windows\system32\iesetup.dll
+ 2001-08-18 10:00 . 2009-03-08 03:32 55808 c:\windows\system32\iernonce.dll
+ 2009-01-07 17:20 . 2009-01-07 17:20 26112 c:\windows\system32\idndl.dll
+ 2008-11-27 02:55 . 2008-11-27 02:55 27136 c:\windows\system32\iculx30.dll
+ 2009-03-08 03:31 . 2009-03-08 03:31 59904 c:\windows\system32\icardie.dll
+ 2008-10-03 11:26 . 2009-10-21 05:38 25088 c:\windows\system32\httpapi.dll
+ 2001-08-18 10:00 . 2009-10-15 16:28 81920 c:\windows\system32\fontsub.dll
- 2001-08-18 10:00 . 2009-06-16 14:36 81920 c:\windows\system32\fontsub.dll
+ 2008-11-27 02:37 . 2008-11-27 02:37 86016 c:\windows\system32\etc-1-0-12-4.dll
+ 2009-12-31 12:32 . 2009-08-28 18:42 40448 c:\windows\system32\DRVSTORE\usbaapl_6DA28B91FF48C57089E4D2436654AFA4ECAD0622\usbaapl.sys
+ 2009-12-31 12:32 . 2009-08-28 18:42 17408 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\netaapl.sys
+ 2009-12-31 12:33 . 2009-05-18 13:17 26600 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys
+ 2001-08-18 10:00 . 2005-01-28 12:44 96768 c:\windows\system32\drmstor.dll
+ 2006-09-28 18:00 . 2006-09-28 18:00 82944 c:\windows\system32\drivers\WudfRd.sys
+ 2006-09-28 17:55 . 2006-09-28 17:55 77568 c:\windows\system32\drivers\WudfPf.sys
+ 2005-01-28 12:44 . 2005-01-28 12:44 18944 c:\windows\system32\drivers\wpdusb.sys
+ 2008-10-02 17:46 . 2004-07-09 03:27 48512 c:\windows\system32\drivers\stream.sys
+ 2009-12-30 14:03 . 2009-04-28 20:20 44944 c:\windows\system32\drivers\PxHelp20.sys
+ 2010-01-13 14:45 . 2001-08-17 12:57 16128 c:\windows\system32\drivers\MODEMCSA.sys
+ 2009-12-31 12:33 . 2009-05-18 13:17 26600 c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2008-10-03 20:06 . 2008-04-13 19:45 60160 c:\windows\system32\drivers\drmk.sys
- 2008-10-03 20:06 . 2008-04-13 18:45 60160 c:\windows\system32\drivers\drmk.sys
+ 2008-12-12 10:11 . 2008-12-12 10:11 61440 c:\windows\system32\dnssd.dll
+ 2008-12-12 10:18 . 2008-12-12 10:18 87336 c:\windows\system32\dns-sd.exe
+ 2010-02-26 06:48 . 2009-12-21 19:05 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2001-08-18 10:00 . 2005-01-28 12:44 33792 c:\windows\system32\dllcache\wmdmps.dll
+ 2001-08-18 10:00 . 2005-01-28 12:44 28160 c:\windows\system32\dllcache\wmdmlog.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2008-10-02 17:46 . 2004-07-09 03:27 48512 c:\windows\system32\dllcache\stream.sys
+ 2009-10-12 13:38 . 2009-10-12 13:38 79872 c:\windows\system32\dllcache\raschap.dll
+ 2009-03-08 03:31 . 2009-03-08 03:31 46592 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-02 17:46 . 2009-11-27 17:11 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2001-08-18 10:00 . 2009-11-27 16:08 28672 c:\windows\system32\dllcache\msvidc32.dll
+ 2009-11-27 16:08 . 2009-11-27 16:08 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2008-10-03 11:26 . 2005-01-28 12:44 25088 c:\windows\system32\dllcache\mspmsnsv.dll
+ 2009-03-08 03:31 . 2009-03-08 03:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2009-03-08 03:31 . 2009-03-08 03:31 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-03-08 03:31 . 2009-03-08 03:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2010-02-26 06:48 . 2009-12-21 19:04 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2010-01-13 14:45 . 2001-08-17 12:57 16128 c:\windows\system32\dllcache\modemcsa.sys
+ 2001-08-18 10:00 . 2008-06-10 04:52 96768 c:\windows\system32\dllcache\logagent.exe
+ 2009-03-08 03:34 . 2009-03-08 03:34 43008 c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-08 03:33 . 2009-12-21 19:04 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2001-08-18 04:53 . 2009-11-27 16:08 48128 c:\windows\system32\dllcache\iyuv_32.dll
+ 2009-03-08 03:32 . 2009-03-08 03:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2009-03-08 03:31 . 2009-03-08 03:31 34816 c:\windows\system32\dllcache\imgutil.dll
+ 2009-03-08 03:32 . 2009-03-08 03:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2009-03-08 03:32 . 2009-03-08 03:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38 25088 c:\windows\system32\dllcache\httpapi.dll
+ 2009-03-08 03:24 . 2009-03-08 03:24 68608 c:\windows\system32\dllcache\hmmapi.dll
- 2009-06-16 14:36 . 2009-06-16 14:36 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2009-06-16 14:36 . 2009-10-15 16:28 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2001-08-18 10:00 . 2005-01-28 12:44 96768 c:\windows\system32\dllcache\drmstor.dll
+ 2008-10-03 20:06 . 2008-04-13 19:45 60160 c:\windows\system32\dllcache\drmk.sys
+ 2009-12-14 07:08 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-03-08 03:33 . 2009-03-08 03:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2009-06-10 14:13 . 2009-11-27 16:08 85504 c:\windows\system32\dllcache\avifil32.dll
- 2009-06-10 14:13 . 2009-06-10 14:13 85504 c:\windows\system32\dllcache\avifil32.dll
+ 2009-03-08 03:32 . 2009-03-08 03:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2007-01-16 09:02 . 2007-01-16 09:02 73728 c:\windows\system32\ctil2u32.dll
+ 2007-01-16 09:02 . 2007-01-16 09:02 81920 c:\windows\system32\ctil2c32.exe
+ 2001-08-18 10:00 . 2009-12-14 07:08 33280 c:\windows\system32\csrsrv.dll
+ 2001-08-18 10:00 . 2009-03-08 03:33 18944 c:\windows\system32\corpol.dll
- 2001-08-18 10:00 . 2009-06-10 14:13 85504 c:\windows\system32\avifil32.dll
+ 2001-08-18 10:00 . 2009-11-27 16:08 85504 c:\windows\system32\avifil32.dll
+ 2003-03-18 18:05 . 2003-03-18 18:05 89088 c:\windows\system32\atl71.dll
+ 2001-08-18 10:00 . 2009-03-08 03:32 72704 c:\windows\system32\admparse.dll
+ 2009-12-30 14:04 . 2005-01-28 12:44 96768 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmstor.dll
+ 2009-12-30 14:04 . 2008-04-14 02:22 87040 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmstor.dll
+ 2009-12-30 14:04 . 2005-01-28 12:44 96768 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe
+ 2009-12-30 14:04 . 2005-01-28 12:44 18944 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdusb.sys
+ 2009-12-30 14:04 . 2005-01-28 12:44 10752 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdtrace.dll
+ 2009-12-30 14:04 . 2005-01-28 12:44 66560 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpus.dll
+ 2009-12-30 14:04 . 2005-01-28 12:44 61952 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdconns.dll
+ 2009-12-30 14:04 . 2005-01-28 12:44 38912 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpd_ci.dll
+ 2009-12-30 14:04 . 2005-01-28 12:44 38912 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfmgr.exe
+ 2009-12-30 14:04 . 2005-01-28 12:44 15872 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfapi.dll
+ 2009-12-30 14:04 . 2005-01-28 12:44 47104 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\uwdf.exe
+ 2009-12-30 14:04 . 2005-01-28 12:44 33792 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMPS.dll
+ 2009-12-30 14:04 . 2005-01-28 12:44 28160 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMLOG.dll
+ 2009-12-30 14:04 . 2005-01-28 12:44 25088 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
+ 2009-12-30 14:04 . 2008-04-14 02:22 23552 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\WMDMPS.dll
+ 2009-12-30 14:04 . 2008-04-14 02:22 27136 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\WMDMLOG.dll
+ 2009-12-30 14:04 . 2008-04-14 02:22 52736 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
+ 2009-12-21 15:27 . 2009-12-21 15:27 25088 c:\windows\Installer\1b4543b.msi
+ 2010-03-18 16:53 . 2010-03-18 16:53 22528 c:\windows\Installer\19ccc1.msi
+ 2009-12-20 12:49 . 2009-12-20 12:49 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-03-14 11:56 . 2010-03-14 11:56 86016 c:\windows\Installer\{C04C93E0-A934-455D-A761-B9FACC443BE1}\StartmenuShortcut_54F810DECE09414AB84186BF9CE8529E.exe
+ 2010-03-14 11:56 . 2010-03-14 11:56 86016 c:\windows\Installer\{C04C93E0-A934-455D-A761-B9FACC443BE1}\ARPPRODUCTICON.exe
- 2008-10-02 18:29 . 2009-11-11 06:51 90112 c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2008-10-02 18:29 . 2010-03-10 22:28 90112 c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2008-10-02 18:29 . 2009-11-11 06:51 45056 c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2008-10-02 18:29 . 2010-03-10 22:28 45056 c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2008-10-02 18:29 . 2009-11-11 06:51 22528 c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2008-10-02 18:29 . 2010-03-10 22:28 22528 c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2008-10-02 18:29 . 2010-03-10 22:28 30720 c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2008-10-02 18:29 . 2009-11-11 06:51 30720 c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2008-10-02 18:29 . 2009-11-11 06:51 16384 c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2008-10-02 18:29 . 2010-03-10 22:28 16384 c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2008-10-02 18:29 . 2009-11-11 06:51 34304 c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2008-10-02 18:29 . 2010-03-10 22:28 34304 c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2008-10-02 18:29 . 2010-03-10 22:28 81920 c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2008-10-02 18:29 . 2009-11-11 06:51 81920 c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2008-10-08 12:11 . 2009-11-11 06:51 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-10-08 12:11 . 2010-03-10 22:30 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-10-08 12:11 . 2009-11-11 06:51 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-10-08 12:11 . 2010-03-10 22:30 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-10-08 12:11 . 2010-03-10 22:30 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-10-08 12:11 . 2009-11-11 06:51 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-02-06 13:50 . 2010-02-06 13:50 25214 c:\windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-02-06 13:50 . 2010-02-06 13:50 25214 c:\windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-02-06 13:50 . 2010-02-06 13:50 25214 c:\windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-02-06 13:50 . 2010-02-06 13:50 25214 c:\windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-02-06 13:50 . 2010-02-06 13:50 25214 c:\windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-02-06 13:50 . 2010-02-06 13:50 25214 c:\windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-02-06 13:50 . 2010-02-06 13:50 25214 c:\windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\ARPPRODUCTICON.exe
+ 2010-02-28 19:06 . 2010-02-28 19:06 16958 c:\windows\Installer\{09EB30A2-99C2-4187-9DE5-E02C971BD24E}\_F2ED56126744ADD524D846.exe
+ 2010-02-28 19:06 . 2010-02-28 19:06 16958 c:\windows\Installer\{09EB30A2-99C2-4187-9DE5-E02C971BD24E}\_6FEFF9B68218417F98F549.exe
+ 2010-02-28 19:06 . 2010-02-28 19:06 16958 c:\windows\Installer\{09EB30A2-99C2-4187-9DE5-E02C971BD24E}\_5134B63205D8551B5ADF86.exe
+ 2009-12-31 12:32 . 2009-12-31 12:32 86016 c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe
+ 2009-03-20 14:01 . 2009-03-20 14:01 28416 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.3000\uxtuneupx86.dll
+ 2009-03-20 14:00 . 2009-03-20 14:00 11008 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.3000\tux64thk.exe
+ 2009-03-20 14:30 . 2009-03-20 14:30 29440 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.3000\TUMessages.exe
+ 2009-03-20 14:30 . 2009-03-20 14:30 71936 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.3000\TUInstallHelper.exe
+ 2009-03-20 14:01 . 2009-03-20 14:01 27904 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.3000\SDShelEx86.dll
+ 2009-03-20 14:30 . 2009-03-20 14:30 97024 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.3000\RegWiz.exe
+ 2009-03-20 14:30 . 2009-03-20 14:30 17664 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.3000\RegistryDefragHelper.exe
+ 2009-03-20 14:30 . 2009-03-20 14:30 32512 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.3000\PMLauncher.exe
+ 2009-03-20 14:01 . 2009-03-20 14:01 25856 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.3000\DseShExtx86.dll
+ 2009-03-20 14:01 . 2009-03-20 14:01 17152 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.3000\authuitu_x86.dll
+ 2010-02-26 06:54 . 2009-03-08 03:33 12288 c:\windows\ie8updates\KB978207-IE8\xpshims.dll
+ 2010-02-26 06:54 . 2009-03-08 03:31 55296 c:\windows\ie8updates\KB978207-IE8\msfeedsbs.dll
+ 2010-02-26 06:54 . 2009-03-08 03:33 25600 c:\windows\ie8updates\KB978207-IE8\jsproxy.dll
+ 2010-02-25 17:10 . 2008-04-14 02:22 37888 c:\windows\ie8\url.dll
+ 2010-02-25 17:10 . 2009-03-08 18:18 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2010-02-25 17:10 . 2008-04-14 02:22 39424 c:\windows\ie8\pngfilt.dll
+ 2010-02-25 17:10 . 2008-04-14 02:22 97792 c:\windows\ie8\occache.dll
+ 2010-02-25 17:10 . 2008-04-14 01:52 57344 c:\windows\ie8\mshtmler.dll
+ 2010-02-25 17:10 . 2008-04-14 02:22 29184 c:\windows\ie8\mshta.exe
+ 2010-02-25 17:10 . 2008-04-14 02:22 22016 c:\windows\ie8\licmgr10.dll
+ 2010-02-25 17:10 . 2008-04-14 02:22 15872 c:\windows\ie8\jsproxy.dll
+ 2010-02-25 17:10 . 2008-04-14 02:22 96768 c:\windows\ie8\inseng.dll
+ 2010-02-25 17:10 . 2008-04-14 02:22 35840 c:\windows\ie8\imgutil.dll
+ 2010-02-25 17:10 . 2008-04-14 02:22 93184 c:\windows\ie8\iexplore.exe
+ 2010-02-25 17:10 . 2008-04-14 02:22 64000 c:\windows\ie8\iesetup.dll
+ 2010-02-25 17:10 . 2008-04-14 02:22 49152 c:\windows\ie8\iernonce.dll
+ 2010-02-25 17:10 . 2009-12-22 05:07 81920 c:\windows\ie8\ieencode.dll
+ 2010-02-25 17:10 . 2008-04-14 02:22 34304 c:\windows\ie8\ie4uinit.exe
+ 2010-02-25 17:10 . 2008-04-14 02:22 38912 c:\windows\ie8\hmmapi.dll
+ 2010-02-25 17:10 . 2008-04-14 02:22 35328 c:\windows\ie8\corpol.dll
+ 2010-02-25 17:10 . 2008-04-14 02:22 61440 c:\windows\ie8\admparse.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:08 . 2009-11-27 16:08 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2009-12-30 14:16 . 2006-09-28 18:01 58368 c:\windows\$NtUninstallWudf01000$\spuninst\WudfCustom.dll
+ 2010-02-24 06:39 . 2009-10-28 15:07 46080 c:\windows\$NtUninstallKB979306$\tzchange.exe
+ 2010-02-24 06:39 . 2010-01-23 10:40 16896 c:\windows\$NtUninstallKB979306$\spuninst\tzchange.dll
+ 2010-01-22 07:07 . 2009-09-25 05:35 81920 c:\windows\$NtUninstallKB978207$\ieencode.dll
+ 2010-02-10 07:00 . 2008-04-14 02:22 32256 c:\windows\$NtUninstallKB978037$\csrsrv.dll
+ 2010-02-10 06:58 . 2001-08-18 10:00 25600 c:\windows\$NtUninstallKB977914$\msvidc32.dll
+ 2010-02-10 06:58 . 2008-04-14 02:22 11264 c:\windows\$NtUninstallKB977914$\msrle32.dll
+ 2010-02-10 06:58 . 2008-04-14 03:22 47616 c:\windows\$NtUninstallKB977914$\iyuv_32.dll
+ 2010-02-10 06:58 . 2009-06-10 14:13 85504 c:\windows\$NtUninstallKB977914$\avifil32.dll
+ 2010-02-10 06:59 . 2008-04-14 03:22 16896 c:\windows\$NtUninstallKB975560$\msyuv.dll
+ 2009-12-09 19:53 . 2008-04-14 02:22 79872 c:\windows\$NtUninstallKB974318$\raschap.dll
+ 2010-01-13 06:50 . 2009-06-16 14:36 81920 c:\windows\$NtUninstallKB972270$\fontsub.dll
+ 2009-12-09 19:53 . 2008-04-14 02:22 75776 c:\windows\$NtUninstallKB970430$\strmfilt.dll
+ 2009-12-09 19:53 . 2008-04-14 02:22 24576 c:\windows\$NtUninstallKB970430$\httpapi.dll
+ 2010-02-10 07:01 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978262\update\spcustom.dll
+ 2010-02-10 07:01 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB978262\spmsg.dll
+ 2010-02-10 06:59 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978251\update\spcustom.dll
+ 2010-02-10 06:59 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB978251\spmsg.dll
+ 2010-01-22 07:07 . 2008-07-08 13:00 26488 c:\windows\$hf_mig$\KB978207\update\spcustom.dll
+ 2010-01-22 07:07 . 2008-07-08 13:00 18808 c:\windows\$hf_mig$\KB978207\spmsg.dll
+ 2009-12-22 05:05 . 2009-12-22 05:05 81920 c:\windows\$hf_mig$\KB978207\SP3QFE\ieencode.dll
+ 2010-02-26 06:54 . 2008-07-08 13:00 26488 c:\windows\$hf_mig$\KB978207-IE8\update\spcustom.dll
+ 2010-02-26 06:54 . 2008-07-08 13:00 18808 c:\windows\$hf_mig$\KB978207-IE8\spmsg.dll
+ 2010-02-26 06:48 . 2009-12-21 19:00 12800 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\xpshims.dll
+ 2010-02-26 06:48 . 2009-12-21 19:00 55296 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\msfeedsbs.dll
+ 2010-02-26 06:48 . 2009-12-21 19:00 25600 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\jsproxy.dll
+ 2010-02-10 07:00 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978037\update\spcustom.dll
+ 2010-02-10 07:00 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB978037\spmsg.dll
+ 2009-12-14 07:10 . 2009-12-14 07:10 33280 c:\windows\$hf_mig$\KB978037\SP3QFE\csrsrv.dll
+ 2010-02-10 06:58 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB977914\update\spcustom.dll
+ 2010-02-10 06:58 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB977914\spmsg.dll
+ 2009-11-27 16:28 . 2009-11-27 16:28 28672 c:\windows\$hf_mig$\KB977914\SP3QFE\msvidc32.dll
+ 2009-11-27 16:28 . 2009-11-27 16:28 11264 c:\windows\$hf_mig$\KB977914\SP3QFE\msrle32.dll
+ 2009-11-27 16:28 . 2009-11-27 16:28 48128 c:\windows\$hf_mig$\KB977914\SP3QFE\iyuv_32.dll
+ 2009-11-27 16:28 . 2009-11-27 16:28 85504 c:\windows\$hf_mig$\KB977914\SP3QFE\avifil32.dll
+ 2010-02-10 06:58 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB977165\update\spcustom.dll
+ 2010-02-10 06:58 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB977165\spmsg.dll
+ 2010-02-26 06:53 . 2008-07-08 13:00 26488 c:\windows\$hf_mig$\KB976662-IE8\update\spcustom.dll
+ 2010-02-26 06:53 . 2008-07-08 13:00 18808 c:\windows\$hf_mig$\KB976662-IE8\spmsg.dll
+ 2009-12-09 19:52 . 2008-07-08 13:00 26488 c:\windows\$hf_mig$\KB976325\update\spcustom.dll
+ 2009-12-09 19:52 . 2008-07-08 13:00 18808 c:\windows\$hf_mig$\KB976325\spmsg.dll
+ 2009-09-25 05:32 . 2009-09-25 05:32 81920 c:\windows\$hf_mig$\KB976325\SP3QFE\ieencode.dll
+ 2010-02-10 06:59 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB975713\update\spcustom.dll
+ 2010-02-10 06:59 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB975713\spmsg.dll
+ 2010-02-10 06:59 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB975560\update\spcustom.dll
+ 2010-02-10 06:59 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB975560\spmsg.dll
+ 2009-11-27 17:23 . 2009-11-27 17:23 17920 c:\windows\$hf_mig$\KB975560\SP3QFE\msyuv.dll
+ 2009-12-09 19:52 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974392\update\spcustom.dll
+ 2009-12-09 19:52 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB974392\spmsg.dll
+ 2009-12-09 19:53 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974318\update\spcustom.dll
+ 2009-12-09 19:53 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB974318\spmsg.dll
+ 2009-10-12 13:29 . 2009-10-12 13:29 79872 c:\windows\$hf_mig$\KB974318\SP3QFE\raschap.dll
+ 2009-12-09 19:52 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973904\update\spcustom.dll
+ 2009-12-09 19:52 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB973904\spmsg.dll
+ 2010-01-13 06:50 . 2008-07-08 13:00 26488 c:\windows\$hf_mig$\KB972270\update\spcustom.dll
+ 2010-01-13 06:50 . 2008-07-08 13:00 18808 c:\windows\$hf_mig$\KB972270\spmsg.dll
+ 2010-01-13 06:30 . 2009-10-15 16:38 81920 c:\windows\$hf_mig$\KB972270\SP3QFE\fontsub.dll
+ 2010-02-26 06:53 . 2008-07-08 13:00 26488 c:\windows\$hf_mig$\KB971961-IE8\update\spcustom.dll
+ 2010-02-26 06:53 . 2008-07-08 13:00 18808 c:\windows\$hf_mig$\KB971961-IE8\spmsg.dll
+ 2009-12-09 19:52 . 2008-07-08 13:00 26488 c:\windows\$hf_mig$\KB971737\update\spcustom.dll
+ 2009-12-09 19:52 . 2008-07-08 13:00 18808 c:\windows\$hf_mig$\KB971737\spmsg.dll
+ 2010-02-10 07:01 . 2008-07-08 13:00 26488 c:\windows\$hf_mig$\KB971468\update\spcustom.dll
+ 2010-02-10 07:01 . 2008-07-08 13:00 18808 c:\windows\$hf_mig$\KB971468\spmsg.dll
+ 2009-12-09 19:53 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB970430\update\spcustom.dll
+ 2009-12-09 19:53 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB970430\spmsg.dll
+ 2009-10-21 05:41 . 2009-10-21 05:41 75776 c:\windows\$hf_mig$\KB970430\SP3QFE\strmfilt.dll
+ 2009-10-21 05:41 . 2009-10-21 05:41 25088 c:\windows\$hf_mig$\KB970430\SP3QFE\httpapi.dll
+ 2009-12-30 21:11 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB955759\update\spcustom.dll
+ 2009-12-30 21:11 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB955759\spmsg.dll
+ 2001-08-18 04:54 . 2009-11-27 16:08 8704 c:\windows\system32\tsbyuv.dll
+ 2001-08-18 10:00 . 2005-01-28 12:44 6656 c:\windows\system32\laprxy.dll
- 2001-08-18 10:00 . 2008-04-14 02:22 6656 c:\windows\system32\laprxy.dll
- 2008-10-02 17:46 . 2008-04-14 02:22 4096 c:\windows\system32\ksuser.dll
+ 2008-10-02 17:46 . 2002-12-11 23:14 4096 c:\windows\system32\ksuser.dll
- 2009-10-15 18:14 . 2009-09-28 19:57 7168 c:\windows\system32\drivers\StarOpen.sys
+ 2009-10-15 18:14 . 2009-11-12 12:48 7168 c:\windows\system32\drivers\StarOpen.sys
+ 2009-12-30 14:03 . 2009-04-28 20:20 9200 c:\windows\system32\drivers\cdralw2k.sys
+ 2009-12-30 14:03 . 2009-04-28 20:20 9072 c:\windows\system32\drivers\cdr4_xp.sys
+ 2001-08-18 04:54 . 2009-11-27 16:08 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2001-08-18 10:00 . 2005-01-28 12:44 6656 c:\windows\system32\dllcache\laprxy.dll
- 2008-10-03 11:46 . 2008-04-14 02:22 6656 c:\windows\system32\dllcache\laprxy.dll
+ 2009-12-30 14:04 . 2005-01-28 12:44 6656 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\laprxy.dll
+ 2009-12-30 14:04 . 2008-04-14 02:22 6656 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\laprxy.dll
- 2008-10-02 18:29 . 2009-11-11 06:51 3584 c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2008-10-02 18:29 . 2010-03-10 22:28 3584 c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2008-10-02 18:29 . 2010-03-10 22:28 8192 c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2008-10-02 18:29 . 2009-11-11 06:51 8192 c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2008-10-02 18:29 . 2009-11-11 06:51 2560 c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2008-10-02 18:29 . 2010-03-10 22:28 2560 c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2010-02-28 19:06 . 2010-02-28 19:06 2862 c:\windows\Installer\{09EB30A2-99C2-4187-9DE5-E02C971BD24E}\_E34C02CE76FF818B8C2ADE.exe
+ 2009-11-27 16:08 . 2009-11-27 16:08 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2010-02-10 06:58 . 2001-08-18 03:54 8192 c:\windows\$NtUninstallKB977914$\tsbyuv.dll
+ 2009-11-27 16:28 . 2009-11-27 16:28 8704 c:\windows\$hf_mig$\KB977914\SP3QFE\tsbyuv.dll
+ 2009-07-12 00:12 . 2009-07-12 00:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 00:09 . 2009-07-12 00:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-12 00:08 . 2009-07-12 00:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2008-10-03 11:46 . 2009-01-07 17:21 121856 c:\windows\system32\xmllite.dll
- 2008-10-03 11:46 . 2008-04-14 02:22 121856 c:\windows\system32\xmllite.dll
+ 2006-09-28 17:56 . 2006-09-28 17:56 316416 c:\windows\system32\WUDFx.dll
+ 2006-09-28 17:56 . 2006-09-28 17:56 165376 c:\windows\system32\WudfPlatform.dll
+ 2006-09-28 17:56 . 2006-09-28 17:56 146432 c:\windows\system32\WudfHost.exe
+ 2005-01-28 12:44 . 2005-01-28 12:44 331264 c:\windows\system32\wpdsp.dll
+ 2005-01-28 12:44 . 2005-01-28 12:44 331776 c:\windows\system32\wpdmtpdr.dll
+ 2005-01-28 12:44 . 2005-01-28 12:44 114176 c:\windows\system32\wpdmtp.dll
+ 2001-08-18 10:00 . 2005-01-28 12:44 895736 c:\windows\system32\wmvdmod.dll
+ 2008-10-03 11:26 . 2005-01-28 12:44 940544 c:\windows\system32\wmspdmoe.dll
+ 2008-10-03 11:26 . 2009-04-10 00:01 413032 c:\windows\system32\wmspdmod.dll
+ 2001-08-18 10:00 . 2005-01-28 12:44 774904 c:\windows\system32\wmsdmod.dll
+ 2008-10-03 11:26 . 2005-01-28 12:44 150016 c:\windows\system32\wmidx.dll
+ 2005-01-28 12:44 . 2005-01-28 12:44 290816 c:\windows\system32\wmdrmnet.dll
+ 2005-01-28 12:44 . 2005-01-28 12:44 335872 c:\windows\system32\wmdrmdev.dll
+ 2001-08-18 10:00 . 2005-01-28 12:44 224768 c:\windows\system32\wmasf.dll
+ 2001-08-18 10:00 . 2005-01-28 12:44 716288 c:\windows\system32\wmadmoe.dll
+ 2001-08-18 10:00 . 2005-01-28 12:44 396528 c:\windows\system32\wmadmod.dll
+ 2002-08-29 07:32 . 2009-12-21 19:05 916480 c:\windows\system32\wininet.dll
+ 2008-10-03 11:26 . 2009-08-25 09:17 354816 c:\windows\system32\winhttp.dll
+ 2009-03-08 03:34 . 2009-03-08 03:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2002-08-29 07:32 . 2009-03-08 03:34 236544 c:\windows\system32\webcheck.dll
+ 2002-02-26 13:58 . 2009-03-08 03:33 420352 c:\windows\system32\vbscript.dll
+ 2002-08-29 07:32 . 2009-03-08 03:34 105984 c:\windows\system32\url.dll
- 2001-08-18 10:00 . 2009-06-16 14:36 119808 c:\windows\system32\t2embed.dll
+ 2001-08-18 10:00 . 2009-10-15 16:28 119808 c:\windows\system32\t2embed.dll
+ 2008-11-27 01:44 . 2008-11-27 01:44 450560 c:\windows\system32\stringres115_sv.dll
+ 2008-11-27 01:44 . 2008-11-27 01:44 626688 c:\windows\system32\stringres115_ru.dll
+ 2008-11-27 01:44 . 2008-11-27 01:44 475136 c:\windows\system32\stringres115_pt.dll
+ 2008-11-27 01:44 . 2008-11-27 01:44 626688 c:\windows\system32\stringres115_pl.dll
+ 2008-11-27 01:44 . 2008-11-27 01:44 483328 c:\windows\system32\stringres115_nl.dll
+ 2008-11-27 01:44 . 2008-11-27 01:44 278528 c:\windows\system32\stringres115_ko.dll
+ 2008-11-27 01:44 . 2008-11-27 01:44 286720 c:\windows\system32\stringres115_jp.dll
+ 2008-11-27 01:44 . 2008-11-27 01:44 483328 c:\windows\system32\stringres115_it.dll
+ 2008-11-27 01:44 . 2008-11-27 01:44 503808 c:\windows\system32\stringres115_fr.dll
+ 2008-11-27 01:44 . 2008-11-27 01:44 503808 c:\windows\system32\stringres115_es.dll
+ 2008-11-27 02:23 . 2008-11-27 02:23 548864 c:\windows\system32\stringres115_en.dll
+ 2008-11-27 01:44 . 2008-11-27 01:44 503808 c:\windows\system32\stringres115_de.dll
+ 2008-11-27 01:44 . 2008-11-27 01:44 208896 c:\windows\system32\stringres115_cht.dll
+ 2008-11-27 01:44 . 2008-11-27 01:44 204800 c:\windows\system32\stringres115_chs.dll
+ 2002-02-27 07:41 . 2002-02-27 07:41 106496 c:\windows\system32\ssl3.dll
+ 2007-08-22 14:02 . 2007-08-22 14:02 487424 c:\windows\system32\SmAgentAPI.dll
+ 2002-08-29 07:32 . 2009-12-08 09:23 474624 c:\windows\system32\shlwapi.dll
- 2002-08-29 07:32 . 2008-04-14 02:22 474624 c:\windows\system32\shlwapi.dll
+ 2006-11-06 10:35 . 2006-11-06 10:35 192624 c:\windows\system32\SecProc_ssp_isv.dll
+ 2006-11-06 10:35 . 2006-11-06 10:35 192624 c:\windows\system32\SecProc_ssp.dll
+ 2006-11-06 10:35 . 2006-11-06 10:35 519280 c:\windows\system32\SecProc_isv.dll
+ 2006-11-06 10:35 . 2006-11-06 10:35 518768 c:\windows\system32\SecProc.dll
+ 2006-11-06 10:35 . 2006-11-06 10:35 354416 c:\windows\system32\RmActivate_ssp_isv.exe
+ 2006-11-06 10:35 . 2006-11-06 10:35 358000 c:\windows\system32\RmActivate_ssp.exe
+ 2006-11-06 10:35 . 2006-11-06 10:35 531568 c:\windows\system32\RmActivate_isv.exe
+ 2006-11-06 10:35 . 2006-11-06 10:35 523376 c:\windows\system32\RmActivate.exe
+ 2010-03-17 16:03 . 2008-09-17 21:55 163908 c:\windows\system32\ReinstallBackups\0009\DriverFiles\nvsvc32.exe
+ 2010-03-17 16:03 . 2008-09-17 21:55 286720 c:\windows\system32\ReinstallBackups\0009\DriverFiles\nvnt4cpl.dll
+ 2010-03-17 16:03 . 2008-09-17 21:55 458752 c:\windows\system32\ReinstallBackups\0009\DriverFiles\nvmccssr.dll
+ 2010-03-17 16:03 . 2008-09-17 21:55 188416 c:\windows\system32\ReinstallBackups\0009\DriverFiles\nvmccss.dll
+ 2010-03-17 16:03 . 2008-09-17 21:55 229376 c:\windows\system32\ReinstallBackups\0009\DriverFiles\nvmccs.dll
+ 2010-03-17 16:03 . 2008-09-17 21:55 122880 c:\windows\system32\ReinstallBackups\0009\DriverFiles\nvcod.dll
+ 2010-03-17 16:03 . 2008-09-17 21:55 475136 c:\windows\system32\ReinstallBackups\0009\DriverFiles\nvapi.dll
+ 2001-08-18 10:00 . 2009-10-12 13:38 150528 c:\windows\system32\rastls.dll
+ 2008-10-02 17:46 . 2005-01-28 12:44 221184 c:\windows\system32\qasf.dll
+ 2009-12-30 14:03 . 2009-04-28 20:20 436720 c:\windows\system32\pxwave.dll
+ 2009-12-30 14:03 . 2009-04-28 20:20 219632 c:\windows\system32\pxmas.dll
+ 2009-12-30 14:03 . 2009-04-28 20:20 551408 c:\windows\system32\pxdrv.dll
+ 2009-12-30 14:03 . 2009-04-28 20:20 129520 c:\windows\system32\pxafs.dll
+ 2009-12-30 14:03 . 2009-04-28 20:20 670192 c:\windows\system32\px.dll
- 2001-08-18 10:00 . 2009-12-06 16:58 451860 c:\windows\system32\perfh009.dat
+ 2001-08-18 10:00 . 2010-03-28 10:28 451860 c:\windows\system32\perfh009.dat
+ 2002-08-29 07:32 . 2009-12-21 19:05 206848 c:\windows\system32\occache.dll
+ 2001-08-18 10:00 . 2009-10-13 10:32 271360 c:\windows\system32\oakley.dll
- 2001-08-18 10:00 . 2008-04-14 02:22 271360 c:\windows\system32\oakley.dll
+ 2008-10-02 17:20 . 2010-01-12 11:03 592488 c:\windows\system32\NVUNINST.EXE
+ 2008-10-02 17:44 . 2010-01-12 11:03 592488 c:\windows\system32\nvudisp.exe
+ 2008-09-17 21:55 . 2010-01-12 11:03 182888 c:\windows\system32\nvcodins.dll
+ 2008-09-17 21:55 . 2010-01-12 11:03 182888 c:\windows\system32\nvcod.dll
+ 2005-12-21 15:58 . 2005-12-21 15:58 475136 c:\windows\system32\nss3.dll
+ 2005-12-21 15:58 . 2005-12-21 15:58 294912 c:\windows\system32\nspr4.dll
+ 2007-08-16 14:17 . 2007-08-16 14:17 143360 c:\windows\system32\nsldap32v50.dll
+ 2008-11-27 01:56 . 2008-11-27 01:56 258048 c:\windows\system32\nsclient115w.dll
+ 2008-11-27 01:56 . 2008-11-27 01:56 253952 c:\windows\system32\nsclient115.dll
+ 2001-08-18 10:00 . 2005-01-28 12:44 315904 c:\windows\system32\mswmdm.dll
+ 2002-01-05 02:37 . 2002-01-05 02:37 344064 c:\windows\system32\msvcr70.dll
+ 2002-01-05 02:40 . 2002-01-05 02:40 487424 c:\windows\system32\msvcp70.dll
+ 2002-08-29 07:32 . 2009-03-08 03:32 611840 c:\windows\system32\mstime.dll
+ 2001-08-18 10:00 . 2005-01-28 12:44 364784 c:\windows\system32\msscp.dll
+ 2002-08-29 07:32 . 2009-03-08 03:34 193536 c:\windows\system32\msrating.dll
+ 2001-08-18 10:00 . 2005-01-28 12:44 173568 c:\windows\system32\mspmsp.dll
+ 2001-08-18 10:00 . 2005-01-28 12:44 142336 c:\windows\system32\msnetobj.dll
+ 2001-08-18 10:00 . 2009-03-08 03:22 156160 c:\windows\system32\msls31.dll
+ 2009-03-08 03:32 . 2009-12-21 19:04 594432 c:\windows\system32\msfeeds.dll
+ 2006-11-06 10:35 . 2006-11-06 10:35 323696 c:\windows\system32\msdrm.dll
+ 2006-10-02 14:28 . 2006-10-02 14:28 312128 c:\windows\system32\msdelta.dll
+ 2009-01-07 17:20 . 2009-01-07 17:20 265720 c:\windows\system32\msdbg2.dll
+ 2009-10-28 03:31 . 2009-10-28 03:31 257440 c:\windows\system32\Macromed\Flash\FlashUtil10d.exe
+ 2008-11-27 01:58 . 2008-11-27 01:58 819200 c:\windows\system32\libOCASecurityw-2-0.dll
+ 2008-11-27 02:35 . 2008-11-27 02:35 638976 c:\windows\system32\libbobjeay32.dll
+ 2001-06-26 14:36 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
+ 2009-03-08 03:22 . 2009-03-08 03:22 164352 c:\windows\system32\ieui.dll
+ 2002-08-29 07:32 . 2009-12-21 19:04 184320 c:\windows\system32\iepeers.dll
+ 2002-08-29 07:32 . 2009-12-21 19:04 387584 c:\windows\system32\iedkcs32.dll
+ 2009-03-08 03:11 . 2009-03-08 03:11 445952 c:\windows\system32\ieapfltr.dll
+ 2001-08-18 10:00 . 2009-03-08 03:32 163840 c:\windows\system32\ieakui.dll
+ 2001-08-18 10:00 . 2009-03-08 03:33 229376 c:\windows\system32\ieaksie.dll
+ 2001-08-18 10:00 . 2009-03-08 03:33 125952 c:\windows\system32\ieakeng.dll
+ 2002-08-29 07:32 . 2009-12-21 13:18 173056 c:\windows\system32\ie4uinit.exe
+ 2008-11-27 02:52 . 2008-11-27 02:52 602112 c:\windows\system32\icuuc30.dll
+ 2008-11-27 02:53 . 2008-11-27 02:53 114688 c:\windows\system32\icule30.dll
+ 2008-11-27 02:53 . 2008-11-27 02:53 692224 c:\windows\system32\icuin30.dll
+ 2009-12-31 12:33 . 2008-04-17 12:12 107368 c:\windows\system32\GEARAspi.dll
+ 2008-11-27 02:51 . 2008-11-27 02:51 585728 c:\windows\system32\fssl-1-2-1-2.dll
+ 2008-10-03 18:04 . 2010-03-04 11:50 292480 c:\windows\system32\FNTCACHE.DAT
+ 2002-08-29 07:32 . 2009-03-08 03:31 216064 c:\windows\system32\dxtrans.dll
+ 2002-08-29 07:32 . 2009-03-08 03:31 348160 c:\windows\system32\dxtmsft.dll
+ 2009-12-31 12:33 . 2008-04-17 12:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll
+ 2001-08-18 10:00 . 2005-01-28 12:44 502272 c:\windows\system32\drmv2clt.dll
+ 2001-08-18 10:00 . 2005-01-28 12:44 258296 c:\windows\system32\drmclien.dll
+ 2008-10-03 20:06 . 2008-04-13 20:19 146048 c:\windows\system32\drivers\portcls.sys
- 2008-10-03 20:06 . 2008-04-13 19:19 146048 c:\windows\system32\drivers\portcls.sys
+ 2001-08-18 10:00 . 2009-12-04 18:22 455424 c:\windows\system32\drivers\mrxsmb.sys
+ 2008-10-03 11:26 . 2009-10-20 16:20 265728 c:\windows\system32\drivers\http.sys
+ 2001-08-18 10:00 . 2005-01-28 12:44 895736 c:\windows\system32\dllcache\wmvdmod.dll
+ 2008-10-03 11:26 . 2005-01-28 12:44 940544 c:\windows\system32\dllcache\wmspdmoe.dll
+ 2008-10-03 11:26 . 2009-04-10 00:01 413032 c:\windows\system32\dllcache\wmspdmod.dll
+ 2001-08-18 10:00 . 2005-01-28 12:44 774904 c:\windows\system32\dllcache\wmsdmod.dll
+ 2008-10-03 11:26 . 2005-01-28 12:44 150016 c:\windows\system32\dllcache\wmidx.dll
+ 2001-08-18 10:00 . 2005-01-28 12:44 224768 c:\windows\system32\dllcache\wmasf.dll
+ 2001-08-18 10:00 . 2005-01-28 12:44 716288 c:\windows\system32\dllcache\wmadmoe.dll
+ 2001-08-18 10:00 . 2005-01-28 12:44 396528 c:\windows\system32\dllcache\wmadmod.dll
+ 2008-06-23 15:10 . 2009-12-21 19:05 916480 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2009-03-08 03:34 . 2009-03-08 03:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2009-03-08 03:33 . 2009-03-08 03:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2008-05-09 10:54 . 2009-03-08 03:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2009-03-08 03:34 . 2009-03-08 03:34 105984 c:\windows\system32\dllcache\url.dll
- 2009-06-16 14:36 . 2009-06-16 14:36 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2009-06-16 14:36 . 2009-10-15 16:28 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2008-10-15 05:33 . 2009-12-31 16:50 353792 c:\windows\system32\dllcache\srv.sys
+ 2009-01-07 17:20 . 2009-01-07 17:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2009-12-08 09:23 . 2009-12-08 09:23 474624 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-10-12 13:38 . 2009-10-12 13:38 150528 c:\windows\system32\dllcache\rastls.dll
+ 2008-10-02 17:46 . 2005-01-28 12:44 221184 c:\windows\system32\dllcache\qasf.dll
+ 2008-10-03 20:06 . 2008-04-13 20:19 146048 c:\windows\system32\dllcache\portcls.sys
+ 2009-03-08 03:34 . 2009-12-21 19:05 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-10-13 10:32 . 2009-10-13 10:32 271360 c:\windows\system32\dllcache\oakley.dll
+ 2001-08-18 10:00 . 2005-01-28 12:44 315904 c:\windows\system32\dllcache\mswmdm.dll
+ 2009-03-08 03:32 . 2009-03-08 03:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2001-08-18 10:00 . 2005-01-28 12:44 364784 c:\windows\system32\dllcache\msscp.dll
+ 2009-03-08 03:34 . 2009-03-08 03:34 193536 c:\windows\system32\dllcache\msrating.dll
+ 2001-08-18 10:00 . 2005-01-28 12:44 173568 c:\windows\system32\dllcache\mspmsp.dll
+ 2001-08-18 10:00 . 2005-01-28 12:44 142336 c:\windows\system32\dllcache\msnetobj.dll
+ 2001-08-18 10:00 . 2009-03-08 03:22 156160 c:\windows\system32\dllcache\msls31.dll
+ 2010-02-26 06:48 . 2009-12-21 19:04 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-11-12 05:49 . 2009-12-04 18:22 455424 c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-05-09 10:54 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
+ 2009-03-08 13:09 . 2009-03-08 13:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2010-02-26 06:48 . 2009-12-21 19:04 246272 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-03-08 03:31 . 2009-12-21 19:04 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 13:09 . 2009-12-21 19:04 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2001-08-18 10:00 . 2009-03-08 03:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2009-03-08 03:33 . 2009-03-08 03:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2009-03-08 03:33 . 2009-03-08 03:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2009-03-08 03:32 . 2009-12-21 13:18 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys
+ 2009-03-08 03:31 . 2009-03-08 03:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2009-03-08 03:31 . 2009-03-08 03:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2001-08-18 10:00 . 2005-01-28 12:44 502272 c:\windows\system32\dllcache\drmv2clt.dll
+ 2001-08-18 10:00 . 2005-01-28 12:44 258296 c:\windows\system32\dllcache\drmclien.dll
+ 2001-08-18 10:00 . 2005-01-28 12:44 164864 c:\windows\system32\dllcache\cewmdm.dll
+ 2001-08-18 10:00 . 2005-01-28 12:44 294912 c:\windows\system32\dllcache\blackbox.dll
+ 2009-03-08 03:32 . 2009-03-08 03:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2009-12-30 21:10 . 2009-11-21 15:54 471552 c:\windows\system32\dllcache\aclayers.dll
+ 2007-01-16 09:02 . 2007-01-16 09:02 270336 c:\windows\system32\ctil2d32.dll
+ 2000-11-09 15:52 . 2000-11-09 15:52 618496 c:\windows\system32\CRPAIG80.DLL
+ 2001-08-18 10:00 . 2005-01-28 12:44 164864 c:\windows\system32\cewmdm.dll
+ 2001-08-18 10:00 . 2005-01-28 12:44 294912 c:\windows\system32\blackbox.dll
+ 2002-08-29 07:32 . 2009-03-08 03:32 128512 c:\windows\system32\advpack.dll
+ 2009-12-30 14:04 . 2005-01-28 12:44 142336 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\msnetobj.dll
+ 2009-12-30 14:04 . 2005-01-28 12:44 502272 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmv2clt.dll
+ 2009-12-30 14:04 . 2005-01-28 12:44 258296 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmclien.dll
+ 2009-12-30 14:04 . 2005-01-28 12:44 294912 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\blackbox.dll
+ 2009-12-30 14:04 . 2008-04-14 02:23 259072 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\msnetobj.dll
+ 2009-12-30 14:04 . 2008-04-14 02:23 695808 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmv2clt.dll
+ 2009-12-30 14:04 . 2008-04-14 02:23 299520 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmclien.dll
+ 2009-12-30 14:04 . 2008-04-14 02:22 286720 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\blackbox.dll
+ 2009-12-30 14:04 . 2005-01-28 12:44 940544 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmspdmoe.dll
+ 2009-12-30 14:04 . 2005-01-28 12:44 150016 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmidx.dll
+ 2009-12-30 14:04 . 2005-01-28 12:44 290816 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMNet.dll
+ 2009-12-30 14:04 . 2005-01-28 12:44 335872 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMdev.dll
+ 2009-12-30 14:04 . 2005-01-28 12:44 224768 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmasf.dll
+ 2009-12-30 14:04 . 2005-01-28 12:44 716288 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmadmoe.dll
+ 2009-12-30 14:04 . 2005-01-28 12:44 221184 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\qasf.dll
+ 2009-12-30 14:04 . 2008-04-14 02:22 897024 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmspdmoe.dll
+ 2009-12-30 14:04 . 2008-04-14 02:22 151552 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmidx.dll
+ 2009-12-30 14:04 . 2008-04-14 02:22 230912 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmasf.dll
+ 2009-12-30 14:04 . 2008-04-14 02:22 670720 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmadmoe.dll
+ 2009-12-30 14:04 . 2008-04-14 02:22 237568 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\qasf.dll
+ 2009-12-30 14:04 . 2008-06-10 02:11 103936 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\logagent.exe
+ 2009-12-30 14:04 . 2005-01-28 12:44 895736 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvdmod.dll
+ 2009-12-30 14:04 . 2005-01-28 12:44 413944 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmspdmod.dll
+ 2009-12-30 14:04 . 2005-01-28 12:44 774904 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmsdmod.dll
+ 2009-12-30 14:04 . 2005-01-28 12:44 396528 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmadmod.dll
+ 2009-12-30 14:04 . 2008-04-14 02:22 809984 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmvdmod.dll
+ 2009-12-30 14:04 . 2009-04-03 10:15 485376 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmspdmod.dll
+ 2009-12-30 14:04 . 2008-04-14 02:22 759296 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmsdmod.dll
+ 2009-12-30 14:04 . 2008-04-14 02:22 408064 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmadmod.dll
+ 2009-12-30 14:04 . 2005-01-28 12:44 331264 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdsp.dll
+ 2009-12-30 14:04 . 2005-01-28 12:44 331776 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpdr.dll
+ 2009-12-30 14:04 . 2005-01-28 12:44 114176 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtp.dll
+ 2009-12-30 14:04 . 2005-01-28 12:44 315904 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSWMDM.dll
+ 2009-12-30 14:04 . 2005-01-28 12:44 364784 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSSCP.dll
+ 2009-12-30 14:04 . 2005-01-28 12:44 173568 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSP.dll
+ 2009-12-30 14:04 . 2005-01-28 12:44 164864 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\cewmdm.dll
+ 2009-12-30 14:04 . 2008-04-14 02:22 246272 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MSWMDM.dll
+ 2009-12-30 14:04 . 2008-04-14 02:23 356352 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MSSCP.dll
+ 2009-12-30 14:04 . 2008-04-14 02:22 201728 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSP.dll
+ 2009-12-30 14:04 . 2008-04-14 02:22 159232 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\cewmdm.dll
+ 2009-12-31 12:27 . 2009-12-31 12:27 796672 c:\windows\Installer\e46501.msi
+ 2009-11-05 13:41 . 2009-11-05 13:41 536576 c:\windows\Installer\2c67953.msp
+ 2010-02-28 19:06 . 2010-02-28 19:06 415232 c:\windows\Installer\25c54a1.msi
+ 2009-12-21 15:27 . 2009-12-21 15:27 238080 c:\windows\Installer\1b45435.msi
+ 2009-12-31 12:33 . 2009-12-31 12:33 102400 c:\windows\Installer\{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}\iTunesIco.exe
+ 2008-10-02 18:29 . 2010-03-10 22:28 114688 c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2008-10-02 18:29 . 2009-11-11 06:51 114688 c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2008-10-02 18:29 . 2009-11-11 06:51 167936 c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2008-10-02 18:29 . 2010-03-10 22:28 167936 c:\windows\Installer\{90280407-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2009-06-21 08:58 . 2009-10-28 21:45 135168 c:\windows\Installer\{901C0407-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-06-21 08:58 . 2010-01-17 12:42 135168 c:\windows\Installer\{901C0407-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-06-21 08:58 . 2010-01-17 12:42 593920 c:\windows\Installer\{901C0407-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2009-06-21 08:58 . 2009-10-28 21:45 593920 c:\windows\Installer\{901C0407-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2010-01-04 15:56 . 2010-01-04 15:56 217864 c:\windows\Installer\{90120000-006E-0407-0000-0000000FF1CE}\misc.exe
- 2009-11-01 09:37 . 2009-11-01 09:37 217864 c:\windows\Installer\{90120000-006E-0407-0000-0000000FF1CE}\misc.exe
+ 2008-10-08 12:11 . 2010-03-10 22:30 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-10-08 12:11 . 2009-11-11 06:51 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-10-08 12:11 . 2009-11-11 06:51 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-10-08 12:11 . 2010-03-10 22:30 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-10-08 12:11 . 2009-11-11 06:51 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-10-08 12:11 . 2010-03-10 22:30 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-10-08 12:11 . 2010-03-10 22:30 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-10-08 12:11 . 2009-11-11 06:51 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-10-08 12:11 . 2010-03-10 22:30 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-10-08 12:11 . 2009-11-11 06:51 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-10-08 12:11 . 2009-11-11 06:51 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-10-08 12:11 . 2010-03-10 22:30 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-10-08 12:11 . 2009-11-11 06:51 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-10-08 12:11 . 2010-03-10 22:30 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-03-20 14:30 . 2009-03-20 14:30 984320 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.3000\WinStyler.exe
+ 2009-03-20 14:30 . 2009-03-20 14:30 236800 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.3000\UpdateWizard.exe
+ 2009-03-20 14:30 . 2009-03-20 14:30 239872 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.3000\UninstallManager.exe
+ 2009-03-20 14:30 . 2009-03-20 14:30 252160 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.3000\Undelete.exe
+ 2009-03-20 14:02 . 2009-03-20 14:02 886016 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.3000\TUDefragService.dll
+ 2009-03-20 14:30 . 2009-03-20 14:30 325888 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.3000\SystemInformation.exe
+ 2009-03-20 14:30 . 2009-03-20 14:30 145664 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.3000\SystemControl.exe
+ 2009-03-20 14:30 . 2009-03-20 14:30 318208 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.3000\StartUpManager.exe
+ 2009-03-20 14:30 . 2009-03-20 14:30 946944 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.3000\SpeedOptimizer.exe
+ 2009-03-20 14:30 . 2009-03-20 14:30 182016 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.3000\Shredder.exe
+ 2009-03-20 14:30 . 2009-03-20 14:30 247552 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.3000\ShortcutCleaner.exe
+ 2009-03-20 14:30 . 2009-03-20 14:30 213248 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.3000\RescueCenter.exe
+ 2009-03-20 14:30 . 2009-03-20 14:30 177920 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.3000\RepairWizard.exe
+ 2009-03-20 14:30 . 2009-03-20 14:30 339200 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.3000\RegistryEditor.exe
+ 2009-03-20 14:30 . 2009-03-20 14:30 168192 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.3000\RegistryDefrag.exe
+ 2009-03-20 14:30 . 2009-03-20 14:30 551680 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.3000\RegistryCleaner.exe
+ 2009-03-20 14:29 . 2009-03-20 14:29 592728 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.3000\ProductInfo.dat
+ 2009-03-20 14:30 . 2009-03-20 14:30 409344 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.3000\ProcessManager.exe
+ 2009-03-20 14:30 . 2009-03-20 14:30 130816 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.3000\OneClickStarter.exe
+ 2009-03-20 14:30 . 2009-03-20 14:30 617728 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.3000\OneClick.exe
+ 2009-03-20 14:30 . 2009-03-20 14:30 162048 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.3000\MemOptimizer.exe
+ 2009-03-20 14:29 . 2009-03-20 14:29 233216 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.3000\DriveDefrag.exe
+ 2009-03-20 14:29 . 2009-03-20 14:29 479488 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.3000\DiskExplorer.exe
+ 2009-03-20 14:29 . 2009-03-20 14:29 174336 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.3000\DiskDoctor.exe
+ 2010-02-26 06:54 . 2009-03-08 03:34 914944 c:\windows\ie8updates\KB978207-IE8\wininet.dll
+ 2010-02-26 06:54 . 2009-05-26 11:40 388984 c:\windows\ie8updates\KB978207-IE8\spuninst\updspapi.dll
+ 2010-02-26 06:54 . 2008-07-08 13:00 234872 c:\windows\ie8updates\KB978207-IE8\spuninst\spuninst.exe
+ 2010-02-26 06:54 . 2009-03-08 03:34 109568 c:\windows\ie8updates\KB978207-IE8\occache.dll
+ 2010-02-26 06:54 . 2009-03-08 03:32 594432 c:\windows\ie8updates\KB978207-IE8\msfeeds.dll
+ 2010-02-26 06:54 . 2009-03-08 03:33 246784 c:\windows\ie8updates\KB978207-IE8\ieproxy.dll
+ 2010-02-26 06:54 . 2009-03-08 03:31 183808 c:\windows\ie8updates\KB978207-IE8\iepeers.dll
+ 2010-02-26 06:54 . 2009-03-08 13:09 391536 c:\windows\ie8updates\KB978207-IE8\iedkcs32.dll
+ 2010-02-26 06:54 . 2009-03-08 03:32 173056 c:\windows\ie8updates\KB978207-IE8\ie4uinit.exe
+ 2010-02-26 06:53 . 2008-07-08 13:00 388984 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2010-02-26 06:53 . 2008-07-08 13:00 234872 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2010-02-26 06:53 . 2009-06-22 06:45 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2010-02-26 06:53 . 2008-07-08 13:00 388984 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2010-02-26 06:53 . 2008-07-08 13:00 234872 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2010-02-26 06:53 . 2009-03-08 03:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2010-02-25 17:10 . 2009-12-22 05:07 672768 c:\windows\ie8\wininet.dll
+ 2010-02-25 17:10 . 2008-04-14 02:22 281088 c:\windows\ie8\webcheck.dll
+ 2010-02-25 17:10 . 2008-04-14 02:22 851968 c:\windows\ie8\vgx.dll
+ 2010-02-25 17:10 . 2008-05-09 10:54 430080 c:\windows\ie8\vbscript.dll
+ 2010-02-25 17:10 . 2009-12-22 05:07 628736 c:\windows\ie8\urlmon.dll
+ 2010-02-25 17:10 . 2009-01-07 17:20 388640 c:\windows\ie8\spuninst\updspapi.dll
+ 2010-02-25 17:10 . 2009-01-07 17:20 235040 c:\windows\ie8\spuninst\spuninst.exe
+ 2010-02-25 17:10 . 2008-04-14 02:22 532480 c:\windows\ie8\mstime.dll
+ 2010-02-25 17:10 . 2008-04-14 02:22 146432 c:\windows\ie8\msrating.dll
+ 2010-02-25 17:10 . 2001-08-18 10:00 146432 c:\windows\ie8\msls31.dll
+ 2010-02-25 17:10 . 2008-04-14 02:22 449024 c:\windows\ie8\mshtmled.dll
+ 2010-02-25 17:10 . 2009-08-13 15:15 512000 c:\windows\ie8\jscript.dll
+ 2010-02-25 17:10 . 2008-04-14 02:22 251904 c:\windows\ie8\iepeers.dll
+ 2010-02-25 17:10 . 2008-04-14 02:22 323584 c:\windows\ie8\iedkcs32.dll
+ 2010-02-25 17:10 . 2001-08-18 10:00 237568 c:\windows\ie8\ieakui.dll
+ 2010-02-25 17:10 . 2008-04-14 02:22 220672 c:\windows\ie8\ieaksie.dll
+ 2010-02-25 17:10 . 2008-04-14 02:22 143360 c:\windows\ie8\ieakeng.dll
+ 2010-02-25 17:10 . 2008-04-14 02:22 205312 c:\windows\ie8\dxtrans.dll
+ 2010-02-25 17:10 . 2008-04-14 02:22 357888 c:\windows\ie8\dxtmsft.dll
+ 2010-02-25 17:10 . 2008-04-14 02:22 102400 c:\windows\ie8\advpack.dll
+ 2008-11-12 05:49 . 2009-12-04 18:22 455424 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\Driver Cache\i386\http.sys
+ 2009-11-10 17:08 . 2009-11-10 17:08 381664 c:\windows\Downloaded Program Files\PCPitstop2.dll
+ 2001-08-18 10:00 . 2009-11-21 15:54 471552 c:\windows\AppPatch\aclayers.dll
+ 2009-12-30 14:16 . 2006-09-16 00:05 379184 c:\windows\$NtUninstallWudf01000$\spuninst\updspapi.dll
+ 2009-12-30 14:16 . 2006-09-16 00:05 221488 c:\windows\$NtUninstallWudf01000$\spuninst\spuninst.exe
+ 2009-12-30 14:17 . 2006-09-25 16:58 379184 c:\windows\$NtUninstallMSCompPackV1$\spuninst\updspapi.dll
+ 2009-12-30 14:17 . 2006-09-25 16:58 221488 c:\windows\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe
+ 2010-02-24 06:39 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB979306$\spuninst\updspapi.dll
+ 2010-02-24 06:39 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB979306$\spuninst\spuninst.exe
+ 2010-02-10 07:01 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB978262$\spuninst\updspapi.dll
+ 2010-02-10 07:01 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB978262$\spuninst\spuninst.exe
+ 2010-02-10 06:59 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB978251$\spuninst\updspapi.dll
+ 2010-02-10 06:59 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB978251$\spuninst\spuninst.exe
+ 2010-02-10 06:59 . 2008-10-24 11:21 455296 c:\windows\$NtUninstallKB978251$\mrxsmb.sys
+ 2010-01-22 07:07 . 2009-10-29 05:24 672768 c:\windows\$NtUninstallKB978207$\wininet.dll
+ 2010-01-22 07:07 . 2009-10-29 05:24 628736 c:\windows\$NtUninstallKB978207$\urlmon.dll
+ 2010-01-22 07:07 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB978207$\spuninst\updspapi.dll
+ 2010-01-22 07:07 . 2008-07-08 13:00 234872 c:\windows\$NtUninstallKB978207$\spuninst\spuninst.exe
+ 2010-02-10 07:00 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB978037$\spuninst\updspapi.dll
+ 2010-02-10 07:00 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB978037$\spuninst\spuninst.exe
+ 2010-02-10 06:58 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB977914$\spuninst\updspapi.dll
+ 2010-02-10 06:58 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB977914$\spuninst\spuninst.exe
+ 2010-02-10 06:58 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB977165$\spuninst\updspapi.dll
+ 2010-02-10 06:58 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB977165$\spuninst\spuninst.exe
+ 2009-12-09 19:52 . 2009-09-25 05:35 672768 c:\windows\$NtUninstallKB976325$\wininet.dll
+ 2009-12-09 19:52 . 2009-09-25 05:35 628736 c:\windows\$NtUninstallKB976325$\urlmon.dll
+ 2009-12-09 19:52 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB976325$\spuninst\updspapi.dll
+ 2009-12-09 19:52 . 2008-07-08 13:00 234872 c:\windows\$NtUninstallKB976325$\spuninst\spuninst.exe
+ 2010-02-10 06:59 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB975713$\spuninst\updspapi.dll
+ 2010-02-10 06:59 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB975713$\spuninst\spuninst.exe
+ 2010-02-10 06:59 . 2008-04-14 02:22 474624 c:\windows\$NtUninstallKB975713$\shlwapi.dll
+ 2010-02-10 06:59 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB975560$\spuninst\updspapi.dll
+ 2010-02-10 06:59 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB975560$\spuninst\spuninst.exe
+ 2009-12-09 19:52 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB974392$\spuninst\updspapi.dll
+ 2009-12-09 19:52 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB974392$\spuninst\spuninst.exe
+ 2009-12-09 19:52 . 2008-04-14 02:22 271360 c:\windows\$NtUninstallKB974392$\oakley.dll
+ 2009-12-09 19:53 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB974318$\spuninst\updspapi.dll
+ 2009-12-09 19:53 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB974318$\spuninst\spuninst.exe
+ 2009-12-09 19:53 . 2008-04-14 02:22 151040 c:\windows\$NtUninstallKB974318$\rastls.dll
+ 2009-12-09 19:52 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB973904$\spuninst\updspapi.dll
+ 2009-12-09 19:52 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB973904$\spuninst\spuninst.exe
+ 2010-01-13 06:50 . 2009-06-16 14:36 119808 c:\windows\$NtUninstallKB972270$\t2embed.dll
+ 2010-01-13 06:50 . 2008-07-08 13:00 388984 c:\windows\$NtUninstallKB972270$\spuninst\updspapi.dll
+ 2010-01-13 06:50 . 2008-07-08 13:00 234872 c:\windows\$NtUninstallKB972270$\spuninst\spuninst.exe
+ 2009-12-09 19:52 . 2008-12-16 12:30 354304 c:\windows\$NtUninstallKB971737$\winhttp.dll
+ 2009-12-09 19:52 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB971737$\spuninst\updspapi.dll
+ 2009-12-09 19:52 . 2008-07-08 13:00 234872 c:\windows\$NtUninstallKB971737$\spuninst\spuninst.exe
+ 2010-02-10 07:01 . 2008-12-11 10:57 333952 c:\windows\$NtUninstallKB971468$\srv.sys
+ 2010-02-10 07:01 . 2008-07-08 13:00 388984 c:\windows\$NtUninstallKB971468$\spuninst\updspapi.dll
+ 2010-02-10 07:01 . 2008-07-08 13:00 234872 c:\windows\$NtUninstallKB971468$\spuninst\spuninst.exe
+ 2009-12-09 19:53 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB970430$\spuninst\updspapi.dll
+ 2009-12-09 19:53 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB970430$\spuninst\spuninst.exe
+ 2009-12-09 19:53 . 2008-04-13 18:53 264832 c:\windows\$NtUninstallKB970430$\http.sys
+ 2009-12-30 21:11 . 2009-05-26 16:10 388984 c:\windows\$NtUninstallKB955759$\spuninst\updspapi.dll
+ 2009-12-30 21:11 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB955759$\spuninst\spuninst.exe
+ 2009-12-30 21:11 . 2008-04-14 02:22 451072 c:\windows\$NtUninstallKB955759$\aclayers.dll
+ 2010-02-10 07:01 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB978262\update\updspapi.dll
+ 2010-02-10 07:01 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB978262\update\update.exe
+ 2010-02-10 07:01 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB978262\spuninst.exe
+ 2010-02-10 06:59 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB978251\update\updspapi.dll
+ 2010-02-10 06:59 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB978251\update\update.exe
+ 2010-02-10 06:59 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB978251\spuninst.exe
+ 2010-02-10 06:46 . 2009-12-04 17:25 456832 c:\windows\$hf_mig$\KB978251\SP3QFE\mrxsmb.sys
+ 2010-01-22 07:07 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB978207\update\updspapi.dll
+ 2010-01-22 07:07 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB978207\update\update.exe
+ 2010-01-22 07:07 . 2008-07-08 13:00 234872 c:\windows\$hf_mig$\KB978207\spuninst.exe
+ 2009-12-22 05:05 . 2009-12-22 05:05 674304 c:\windows\$hf_mig$\KB978207\SP3QFE\wininet.dll
+ 2009-12-22 05:05 . 2009-12-22 05:05 629760 c:\windows\$hf_mig$\KB978207\SP3QFE\urlmon.dll
+ 2010-02-26 06:54 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB978207-IE8\update\updspapi.dll
+ 2010-02-26 06:54 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB978207-IE8\update\update.exe
+ 2010-02-26 06:54 . 2008-07-08 13:00 234872 c:\windows\$hf_mig$\KB978207-IE8\spuninst.exe
+ 2010-02-26 06:48 . 2009-12-21 19:00 916480 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
+ 2010-02-26 06:48 . 2009-12-21 19:00 206848 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\occache.dll
+ 2010-02-26 06:48 . 2009-12-21 19:00 594432 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\msfeeds.dll
+ 2010-02-26 06:48 . 2009-12-21 19:00 246272 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\ieproxy.dll
+ 2010-02-26 06:48 . 2009-12-21 19:00 184320 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\iepeers.dll
+ 2010-02-26 06:48 . 2009-12-21 19:00 387584 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\iedkcs32.dll
+ 2010-02-26 06:48 . 2009-12-21 13:22 173056 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\ie4uinit.exe
+ 2010-02-10 07:00 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB978037\update\updspapi.dll
+ 2010-02-10 07:00 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB978037\update\update.exe
+ 2010-02-10 07:00 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB978037\spuninst.exe
+ 2010-02-10 06:58 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB977914\update\updspapi.dll
+ 2010-02-10 06:58 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB977914\update\update.exe
+ 2010-02-10 06:58 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB977914\spuninst.exe
+ 2010-02-10 06:58 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB977165\update\updspapi.dll
+ 2010-02-10 06:58 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB977165\update\update.exe
+ 2010-02-10 06:58 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB977165\spuninst.exe
+ 2010-02-26 06:53 . 2008-07-08 13:00 388984 c:\windows\$hf_mig$\KB976662-IE8\update\updspapi.dll
+ 2010-02-26 06:53 . 2008-07-08 13:00 765304 c:\windows\$hf_mig$\KB976662-IE8\update\update.exe
+ 2010-02-26 06:53 . 2008-07-08 13:00 234872 c:\windows\$hf_mig$\KB976662-IE8\spuninst.exe
+ 2010-02-26 06:47 . 2009-12-09 05:51 726528 c:\windows\$hf_mig$\KB976662-IE8\SP3QFE\jscript.dll
+ 2009-12-09 19:52 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB976325\update\updspapi.dll
+ 2009-12-09 19:52 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB976325\update\update.exe
+ 2009-12-09 19:52 . 2008-07-08 13:00 234872 c:\windows\$hf_mig$\KB976325\spuninst.exe
+ 2009-10-29 05:22 . 2009-10-29 05:22 674304 c:\windows\$hf_mig$\KB976325\SP3QFE\wininet.dll
+ 2009-10-29 05:22 . 2009-10-29 05:22 629760 c:\windows\$hf_mig$\KB976325\SP3QFE\urlmon.dll
+ 2010-02-10 06:59 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB975713\update\updspapi.dll
+ 2010-02-10 06:59 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB975713\update\update.exe
+ 2010-02-10 06:59 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB975713\spuninst.exe
+ 2009-12-08 09:01 . 2009-12-08 09:01 474624 c:\windows\$hf_mig$\KB975713\SP3QFE\shlwapi.dll
+ 2010-02-10 06:59 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB975560\update\updspapi.dll
+ 2010-02-10 06:59 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB975560\update\update.exe
+ 2010-02-10 06:59 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB975560\spuninst.exe
+ 2009-12-09 19:52 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB974392\update\updspapi.dll
+ 2009-12-09 19:52 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB974392\update\update.exe
+ 2009-12-09 19:52 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB974392\spuninst.exe
+ 2009-10-13 10:38 . 2009-10-13 10:38 271360 c:\windows\$hf_mig$\KB974392\SP3QFE\oakley.dll
+ 2009-12-09 19:53 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB974318\update\updspapi.dll
+ 2009-12-09 19:53 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB974318\update\update.exe
+ 2009-12-09 19:53 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB974318\spuninst.exe
+ 2009-10-12 13:29 . 2009-10-12 13:29 151040 c:\windows\$hf_mig$\KB974318\SP3QFE\rastls.dll
+ 2009-12-09 19:52 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB973904\update\updspapi.dll
+ 2009-12-09 19:52 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB973904\update\update.exe
+ 2009-12-09 19:52 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB973904\spuninst.exe
+ 2009-12-09 07:13 . 2009-07-29 14:01 119648 c:\windows\$hf_mig$\KB973904\SP3QFE\msconv97.dll
+ 2010-01-13 06:50 . 2008-07-08 13:00 388984 c:\windows\$hf_mig$\KB972270\update\updspapi.dll
+ 2010-01-13 06:50 . 2008-07-08 13:00 765304 c:\windows\$hf_mig$\KB972270\update\update.exe
+ 2010-01-13 06:50 . 2008-07-08 13:00 234872 c:\windows\$hf_mig$\KB972270\spuninst.exe
+ 2010-01-13 06:30 . 2009-10-15 16:38 119808 c:\windows\$hf_mig$\KB972270\SP3QFE\t2embed.dll
+ 2010-02-26 06:53 . 2008-07-08 13:00 388984 c:\windows\$hf_mig$\KB971961-IE8\update\updspapi.dll
+ 2010-02-26 06:53 . 2008-07-08 13:00 765304 c:\windows\$hf_mig$\KB971961-IE8\update\update.exe
+ 2010-02-26 06:53 . 2008-07-08 13:00 234872 c:\windows\$hf_mig$\KB971961-IE8\spuninst.exe
+ 2010-02-26 06:47 . 2009-06-22 06:48 726528 c:\windows\$hf_mig$\KB971961-IE8\SP3QFE\jscript.dll
+ 2009-12-09 19:52 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB971737\update\updspapi.dll
+ 2009-12-09 19:52 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB971737\update\update.exe
+ 2009-12-09 19:52 . 2008-07-08 13:00 234872 c:\windows\$hf_mig$\KB971737\spuninst.exe
+ 2009-08-25 09:27 . 2009-08-25 09:27 354816 c:\windows\$hf_mig$\KB971737\SP3QFE\winhttp.dll
+ 2010-02-10 07:01 . 2008-07-08 13:00 388984 c:\windows\$hf_mig$\KB971468\update\updspapi.dll
+ 2010-02-10 07:01 . 2008-07-08 13:00 765304 c:\windows\$hf_mig$\KB971468\update\update.exe
+ 2010-02-10 07:01 . 2008-07-08 13:00 234872 c:\windows\$hf_mig$\KB971468\spuninst.exe
+ 2010-02-10 06:46 . 2010-01-01 07:58 353792 c:\windows\$hf_mig$\KB971468\SP3QFE\srv.sys
+ 2009-12-09 19:53 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB970430\update\updspapi.dll
+ 2009-12-09 19:53 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB970430\update\update.exe
+ 2009-12-09 19:53 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB970430\spuninst.exe
+ 2009-10-20 15:21 . 2009-10-20 15:21 265728 c:\windows\$hf_mig$\KB970430\SP3QFE\http.sys
+ 2009-12-30 21:11 . 2009-05-26 16:10 388984 c:\windows\$hf_mig$\KB955759\update\updspapi.dll
+ 2009-12-30 21:11 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB955759\update\update.exe
+ 2009-12-30 21:11 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB955759\spuninst.exe
+ 2009-12-30 21:10 . 2009-11-21 15:42 471552 c:\windows\$hf_mig$\KB955759\SP3QFE\aclayers.dll
+ 2008-10-03 11:26 . 2005-01-28 12:44 1003008 c:\windows\system32\wmvdmoe2.dll
+ 2001-08-18 10:00 . 2009-05-20 11:24 2373504 c:\windows\system32\WMVCore.dll
+ 2005-01-28 12:44 . 2005-01-28 12:44 1512448 c:\windows\system32\wmvadve.dll
+ 2005-01-28 12:44 . 2005-01-28 12:44 1218808 c:\windows\system32\wmvadvd.dll
- 2008-10-03 11:26 . 2008-04-14 02:22 1119744 c:\windows\system32\wmsdmoe2.dll
+ 2008-10-03 11:26 . 2005-01-28 12:44 1119744 c:\windows\system32\wmsdmoe2.dll
+ 2001-08-18 10:00 . 2008-06-10 05:28 1028096 c:\windows\system32\WMNetmgr.dll
+ 2002-08-29 07:32 . 2009-12-21 19:05 1208832 c:\windows\system32\urlmon.dll
- 2002-08-29 07:32 . 2009-09-25 05:35 1509888 c:\windows\system32\shdocvw.dll
+ 2002-08-29 07:32 . 2009-12-22 05:07 1509888 c:\windows\system32\shdocvw.dll
+ 2010-03-17 16:03 . 2008-09-17 21:55 2981888 c:\windows\system32\ReinstallBackups\0009\DriverFiles\nvwssr.dll
+ 2010-03-17 16:03 . 2008-09-17 21:55 2686976 c:\windows\system32\ReinstallBackups\0009\DriverFiles\nvwss.dll
+ 2010-03-17 16:03 . 2008-09-17 21:55 4149248 c:\windows\system32\ReinstallBackups\0009\DriverFiles\nvvitvsr.dll
+ 2010-03-17 16:03 . 2008-09-17 21:55 3764224 c:\windows\system32\ReinstallBackups\0009\DriverFiles\nvvitvs.dll
+ 2010-03-17 16:03 . 2008-09-17 21:55 8826880 c:\windows\system32\ReinstallBackups\0009\DriverFiles\nvoglnt.dll
+ 2010-03-17 16:03 . 2008-09-17 21:55 2854912 c:\windows\system32\ReinstallBackups\0009\DriverFiles\nvmoblsr.dll
+ 2010-03-17 16:03 . 2008-09-17 21:55 1257472 c:\windows\system32\ReinstallBackups\0009\DriverFiles\nvmobls.dll
+ 2010-03-17 16:03 . 2008-09-17 21:55 3457024 c:\windows\system32\ReinstallBackups\0009\DriverFiles\nvgamesr.dll
+ 2010-03-17 16:03 . 2008-09-17 21:55 3444736 c:\windows\system32\ReinstallBackups\0009\DriverFiles\nvgames.dll
+ 2010-03-17 16:03 . 2008-09-17 21:55 5799936 c:\windows\system32\ReinstallBackups\0009\DriverFiles\nvdispsr.dll
+ 2010-03-17 16:03 . 2008-09-17 21:55 3989504 c:\windows\system32\ReinstallBackups\0009\DriverFiles\nvdisps.dll
+ 2010-03-17 16:03 . 2008-09-17 21:55 1368064 c:\windows\system32\ReinstallBackups\0009\DriverFiles\nvcuda.dll
+ 2010-03-17 16:03 . 2008-09-17 21:55 6132576 c:\windows\system32\ReinstallBackups\0009\DriverFiles\nv4_mini.sys
+ 2010-03-17 16:03 . 2008-09-17 21:55 6057472 c:\windows\system32\ReinstallBackups\0009\DriverFiles\nv4_disp.dll
+ 2008-10-02 17:46 . 2009-11-27 17:11 1297408 c:\windows\system32\quartz.dll
+ 2009-12-30 14:03 . 2009-04-28 20:20 1858032 c:\windows\system32\pxsfs.dll
+ 2010-01-12 11:03 . 2010-01-12 11:03 2283526 c:\windows\system32\nvdata.bin
+ 2010-01-12 11:03 . 2010-01-12 11:03 2259560 c:\windows\system32\nvcuvid.dll
+ 2010-01-12 11:03 . 2010-01-12 11:03 4077672 c:\windows\system32\nvcuvenc.dll
+ 2008-09-17 21:55 . 2010-01-12 11:03 4104192 c:\windows\system32\nvcuda.dll
+ 2008-09-17 21:55 . 2010-01-12 11:03 1081344 c:\windows\system32\nvapi.dll
+ 2008-10-03 11:26 . 2010-01-12 11:03 6359168 c:\windows\system32\nv4_disp.dll
- 2001-08-18 10:00 . 2009-08-04 17:26 2147840 c:\windows\system32\ntoskrnl.exe
+ 2001-08-18 10:00 . 2009-12-09 10:05 2147840 c:\windows\system32\ntoskrnl.exe
- 2001-08-18 04:28 . 2009-08-04 17:25 2026496 c:\windows\system32\ntkrnlpa.exe
+ 2001-08-18 04:28 . 2009-12-09 10:05 2026496 c:\windows\system32\ntkrnlpa.exe
+ 2002-08-29 07:32 . 2009-12-21 19:05 5942784 c:\windows\system32\mshtml.dll
+ 2008-11-27 01:52 . 2008-11-27 01:52 1585152 c:\windows\system32\libOCAHelperw-3-1.dll
+ 2008-11-27 01:56 . 2008-11-27 01:56 1654784 c:\windows\system32\libOCAHelper-3-1.dll
+ 2009-03-08 03:32 . 2009-12-21 19:04 1985536 c:\windows\system32\iertutil.dll
+ 2009-02-06 20:07 . 2009-02-06 20:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2008-11-27 02:55 . 2008-11-27 02:55 8568832 c:\windows\system32\icudt30.dll
+ 2008-11-27 01:43 . 2008-11-27 01:43 1699840 c:\windows\system32\htmlres115_sv.dll
+ 2008-11-27 01:43 . 2008-11-27 01:43 1785856 c:\windows\system32\htmlres115_ru.dll
+ 2008-11-27 01:43 . 2008-11-27 01:43 1708032 c:\windows\system32\htmlres115_pt.dll
+ 2008-11-27 01:44 . 2008-11-27 01:44 1708032 c:\windows\system32\htmlres115_pl.dll
+ 2008-11-27 01:43 . 2008-11-27 01:43 1695744 c:\windows\system32\htmlres115_nl.dll
+ 2008-11-27 01:43 . 2008-11-27 01:43 1699840 c:\windows\system32\htmlres115_ko.dll
+ 2008-11-27 01:43 . 2008-11-27 01:43 1712128 c:\windows\system32\htmlres115_jp.dll
+ 2008-11-27 01:42 . 2008-11-27 01:42 1699840 c:\windows\system32\htmlres115_it.dll
+ 2008-11-27 01:42 . 2008-11-27 01:42 1716224 c:\windows\system32\htmlres115_fr.dll
+ 2008-11-27 01:43 . 2008-11-27 01:43 1708032 c:\windows\system32\htmlres115_es.dll
+ 2008-11-27 01:42 . 2008-11-27 01:42 1683456 c:\windows\system32\htmlres115_en.dll
+ 2008-11-27 01:42 . 2008-11-27 01:42 1703936 c:\windows\system32\htmlres115_de.dll
+ 2008-11-27 01:43 . 2008-11-27 01:43 1662976 c:\windows\system32\htmlres115_cht.dll
+ 2008-11-27 01:43 . 2008-11-27 01:43 1658880 c:\windows\system32\htmlres115_chs.dll
+ 2008-11-27 02:40 . 2008-11-27 02:40 1732608 c:\windows\system32\ebus-3-3-2-5.dll
+ 2009-12-31 12:32 . 2009-08-28 18:42 2065696 c:\windows\system32\DRVSTORE\usbaapl_6DA28B91FF48C57089E4D2436654AFA4ECAD0622\usbaaplrc.dll
+ 2009-12-31 12:32 . 2009-08-28 18:42 1417504 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\wdfcoinstaller01005.dll
+ 2008-10-03 11:26 . 2005-01-28 12:44 1003008 c:\windows\system32\dllcache\wmvdmoe2.dll
+ 2001-08-18 10:00 . 2009-05-20 11:24 2373504 c:\windows\system32\dllcache\WMVCore.dll
- 2008-10-03 11:46 . 2008-04-14 02:22 1119744 c:\windows\system32\dllcache\wmsdmoe2.dll
+ 2008-10-03 11:26 . 2005-01-28 12:44 1119744 c:\windows\system32\dllcache\wmsdmoe2.dll
+ 2001-08-18 10:00 . 2008-06-10 05:28 1028096 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2008-06-26 08:12 . 2009-12-21 19:05 1208832 c:\windows\system32\dllcache\urlmon.dll
- 2008-06-26 08:12 . 2009-09-25 05:35 1509888 c:\windows\system32\dllcache\shdocvw.dll
+ 2008-06-26 08:12 . 2009-12-22 05:07 1509888 c:\windows\system32\dllcache\shdocvw.dll
+ 2008-05-07 05:10 . 2009-11-27 17:11 1297408 c:\windows\system32\dllcache\quartz.dll
+ 2008-10-15 05:33 . 2009-12-09 10:06 2191488 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-10-15 05:33 . 2009-08-04 20:56 2191488 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-10-15 05:33 . 2009-08-04 17:25 2026496 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-15 05:33 . 2009-12-09 10:05 2026496 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-15 05:33 . 2009-12-09 10:06 2068352 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-15 05:33 . 2009-08-04 17:26 2068352 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-15 05:33 . 2009-08-04 17:26 2147840 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-10-15 05:33 . 2009-12-09 10:05 2147840 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-06-23 15:10 . 2009-12-21 19:05 5942784 c:\windows\system32\dllcache\mshtml.dll
+ 2010-02-26 06:48 . 2009-12-21 19:04 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-01-07 17:20 . 2009-01-07 17:20 1022976 c:\windows\system32\dllcache\browseui.dll
+ 2008-11-27 02:30 . 2008-11-27 02:30 1339392 c:\windows\system32\cxlibw-3-1.dll
+ 2008-11-27 02:33 . 2008-11-27 02:33 1343488 c:\windows\system32\cxlib-3-1.dll
+ 2008-11-27 02:30 . 2008-11-27 02:30 1761280 c:\windows\system32\cslibu-2-1.dll
+ 2001-02-09 19:43 . 2001-02-09 19:43 4587577 c:\windows\system32\CRPE32.DLL
+ 2009-12-30 14:04 . 2005-01-28 12:44 1003008 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvdmoe2.dll
+ 2009-12-30 14:04 . 2005-01-28 12:44 2370296 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvcore.dll
+ 2009-12-30 14:04 . 2005-01-28 12:44 1512448 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMVADVE.DLL
+ 2009-12-30 14:04 . 2005-01-28 12:44 1119744 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmsdmoe2.dll
+ 2009-12-30 14:04 . 2005-01-28 12:44 1027072 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmnetmgr.dll
+ 2009-12-30 14:04 . 2008-04-14 02:22 1001472 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmvdmoe2.dll
+ 2009-12-30 14:04 . 2009-05-26 14:53 2174976 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmvcore.dll
+ 2009-12-30 14:04 . 2008-04-14 02:22 1119744 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmsdmoe2.dll
+ 2009-12-30 14:04 . 2008-06-10 05:11 1053696 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmnetmgr.dll
+ 2009-12-30 14:04 . 2005-01-28 12:44 1218808 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvadvd.dll
+ 2010-03-29 10:13 . 2010-03-29 10:13 1093632 c:\windows\Installer\ebb35f.msi
+ 2009-12-31 12:33 . 2009-12-31 12:33 4454912 c:\windows\Installer\e4651b.msi
+ 2009-12-31 12:32 . 2009-12-31 12:32 1659392 c:\windows\Installer\e46515.msi
+ 2009-12-31 12:32 . 2009-12-31 12:32 3310592 c:\windows\Installer\e46507.msi
+ 2009-12-31 12:27 . 2009-12-31 12:27 9473024 c:\windows\Installer\e464fb.msi
+ 2010-03-14 11:56 . 2010-03-14 11:56 4367360 c:\windows\Installer\302fda.msi
+ 2009-11-20 22:36 . 2009-11-20 22:36 5002752 c:\windows\Installer\2c6796a.msp
+ 2009-10-16 06:09 . 2009-10-16 06:09 2518016 c:\windows\Installer\2c6793f.msp
+ 2010-02-04 16:24 . 2010-02-04 16:24 9122304 c:\windows\Installer\1c265da.msp
+ 2010-02-21 00:00 . 2010-02-21 00:00 8480768 c:\windows\Installer\1c265af.msp
+ 2010-02-03 23:59 . 2010-02-03 23:59 5031936 c:\windows\Installer\1c26598.msp
+ 2009-12-03 13:15 . 2009-12-03 13:15 5004288 c:\windows\Installer\1b7f05.msp
+ 2010-01-14 20:26 . 2010-01-14 20:26 5027840 c:\windows\Installer\183505.msp
+ 2009-12-01 14:52 . 2009-12-01 14:52 7970816 c:\windows\Installer\1834ee.msp
+ 2009-12-01 14:52 . 2009-12-01 14:52 9630208 c:\windows\Installer\1834d9.msp
+ 2010-02-24 13:00 . 2010-02-24 13:00 3966976 c:\windows\Installer\16f3f99.msi
+ 2010-02-06 13:50 . 2010-02-06 13:50 1262080 c:\windows\Installer\1496a73.msi
+ 2009-04-29 13:11 . 2009-04-29 13:11 2988544 c:\windows\Installer\146f6aa.msp
+ 2010-02-04 12:30 . 2010-02-04 12:30 1387520 c:\windows\Installer\146f5ac.msi
+ 2010-03-04 11:46 . 2010-03-04 11:46 1890816 c:\windows\Installer\128c725.msi
- 2008-10-08 12:11 . 2009-11-11 06:51 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-10-08 12:11 . 2010-03-10 22:30 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-10-08 12:11 . 2010-03-10 22:30 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-10-08 12:11 . 2009-11-11 06:51 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-03-20 14:30 . 2009-03-20 14:30 1043200 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.3000\SilentUpdater.exe
+ 2009-03-06 03:26 . 2009-03-06 03:26 5291376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\IPEDITOR.DLL
+ 2010-02-26 06:54 . 2009-03-08 03:34 1206784 c:\windows\ie8updates\KB978207-IE8\urlmon.dll
+ 2010-02-26 06:54 . 2009-03-08 03:41 5937152 c:\windows\ie8updates\KB978207-IE8\mshtml.dll
+ 2010-02-26 06:54 . 2009-03-08 03:32 1985024 c:\windows\ie8updates\KB978207-IE8\iertutil.dll
+ 2010-02-25 17:10 . 2009-12-22 05:07 3092480 c:\windows\ie8\mshtml.dll
+ 2008-10-15 05:33 . 2009-12-09 10:06 2191488 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2008-10-15 05:33 . 2009-08-04 20:56 2191488 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-15 05:33 . 2009-12-09 10:05 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-15 05:33 . 2009-08-04 17:25 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-15 05:33 . 2009-08-04 17:26 2068352 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-15 05:33 . 2009-12-09 10:06 2068352 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-15 05:33 . 2009-08-04 17:26 2147840 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-10-15 05:33 . 2009-12-09 10:05 2147840 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-01-22 07:07 . 2009-10-29 05:24 1509888 c:\windows\$NtUninstallKB978207$\shdocvw.dll
+ 2010-01-22 07:07 . 2009-10-29 18:54 3091968 c:\windows\$NtUninstallKB978207$\mshtml.dll
+ 2010-02-10 06:58 . 2009-08-04 17:26 2147840 c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
+ 2010-02-10 06:58 . 2009-08-04 17:25 2026496 c:\windows\$NtUninstallKB977165$\ntkrpamp.exe
+ 2010-02-10 06:58 . 2009-08-04 17:25 2026496 c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
+ 2010-02-10 06:58 . 2009-08-04 17:26 2147840 c:\windows\$NtUninstallKB977165$\ntkrnlmp.exe
+ 2009-12-09 19:52 . 2009-09-25 05:35 1509888 c:\windows\$NtUninstallKB976325$\shdocvw.dll
+ 2009-12-09 19:52 . 2009-10-19 23:51 3091968 c:\windows\$NtUninstallKB976325$\mshtml.dll
+ 2010-02-10 06:59 . 2009-06-03 19:09 1296896 c:\windows\$NtUninstallKB975560$\quartz.dll
+ 2009-12-22 05:05 . 2009-12-22 05:05 1509888 c:\windows\$hf_mig$\KB978207\SP3QFE\shdocvw.dll
+ 2009-12-22 05:05 . 2009-12-22 05:05 3094528 c:\windows\$hf_mig$\KB978207\SP3QFE\mshtml.dll
+ 2010-02-26 06:48 . 2009-12-21 19:00 1209344 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\urlmon.dll
+ 2010-02-26 06:48 . 2009-12-21 19:00 5945856 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
+ 2010-02-26 06:48 . 2009-12-21 19:00 1986048 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\iertutil.dll
+ 2009-12-09 14:29 . 2009-12-09 14:29 2191616 c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
+ 2010-02-10 06:45 . 2009-12-09 09:58 2026496 c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrpamp.exe
+ 2009-12-09 14:29 . 2009-12-09 14:29 2068480 c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
+ 2010-02-10 06:45 . 2009-12-09 09:58 2147840 c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlmp.exe
+ 2009-10-29 05:22 . 2009-10-29 05:22 1509888 c:\windows\$hf_mig$\KB976325\SP3QFE\shdocvw.dll
+ 2009-10-29 05:22 . 2009-10-29 05:22 3094016 c:\windows\$hf_mig$\KB976325\SP3QFE\mshtml.dll
+ 2009-11-27 17:23 . 2009-11-27 17:23 1297408 c:\windows\$hf_mig$\KB975560\SP3QFE\quartz.dll
+ 2010-03-17 16:03 . 2008-09-17 21:55 13574144 c:\windows\system32\ReinstallBackups\0009\DriverFiles\nvcpl.dll
+ 2008-09-17 21:55 . 2010-01-12 11:03 14458880 c:\windows\system32\nvoglnt.dll
+ 2010-01-12 11:03 . 2010-01-12 11:03 11632640 c:\windows\system32\nvcompiler.dll
+ 2008-10-05 11:46 . 2010-03-02 05:30 31648712 c:\windows\system32\MRT.exe
+ 2009-03-08 03:39 . 2009-12-21 19:04 11070464 c:\windows\system32\ieframe.dll
+ 2008-10-03 11:26 . 2010-01-12 11:03 10276768 c:\windows\system32\drivers\nv4_mini.sys
+ 2008-10-03 11:26 . 2010-01-12 11:03 10276768 c:\windows\system32\dllcache\nv4_mini.sys
+ 2010-02-26 06:48 . 2009-12-21 19:04 11070464 c:\windows\system32\dllcache\ieframe.dll
+ 2009-11-20 22:46 . 2009-11-20 22:46 11524608 c:\windows\Installer\1c265f1.msp
+ 2010-01-28 05:17 . 2010-01-28 05:17 17510400 c:\windows\Installer\1c265c3.msp
+ 2010-03-04 11:46 . 2010-03-04 11:46 13410304 c:\windows\Installer\128c72b.msi
+ 2009-04-03 17:46 . 2009-04-03 17:46 17314688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSO.DLL
+ 2010-02-26 06:54 . 2009-03-08 03:39 11063808 c:\windows\ie8updates\KB978207-IE8\ieframe.dll
+ 2009-12-22 13:00 . 2009-12-22 13:00 11070976 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\ieframe.dll
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"lxdumon.exe"="c:\programme\Lexmark 5600-6600 Series\lxdumon.exe" [2008-09-10 676520]
"EzPrint"="c:\programme\Lexmark 5600-6600 Series\ezprint.exe" [2008-09-10 131752]
"Lexmark 5600-6600 Series Fax Server"="c:\programme\Lexmark 5600-6600 Series\fm3032.exe" [2008-09-10 311976]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"HP Component Manager"="c:\programme\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2009-11-10 417792]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
ALF-BanCo 3 Reminder.lnk - c:\programme\ALFBanCo3\AlfReminder3.exe [2010-3-6 360448]
NETGEAR WG311v3 Smart Wizard.lnk - c:\programme\NETGEAR\WG311v3\wlancfg5.exe [2006-4-11 1503232]

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Lexware professional Datenbankserver starten.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Lexware professional Datenbankserver starten.lnk
backup=c:\windows\pss\Lexware professional Datenbankserver starten.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\eMule\\emule.exe"=
"c:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programme\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\lxducoms.exe"=
"c:\\Programme\\Microsoft Office\\Office10\\FRONTPG.EXE"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3050:TCP"= 3050:TCP:*;)isabled:firebird
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5000:TCP"= 5000:TCP:5000t
"5001:TCP"= 5001:TCP:5001t
"5002:TCP"= 5002:TCP:5002t
"5003:TCP"= 5003:TCP:5003t
"5004:TCP"= 5004:TCP:5004t
"5000:UDP"= 5000:UDP:5000u
"5001:UDP"= 5001:UDP:5001u
"5002:UDP"= 5002:UDP:5002u
"5003:UDP"= 5003:UDP:5003u
"5004:UDP"= 5004:UDP:5004u

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [15.02.2009 20:32 26624]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [20.10.2008 12:44 28544]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [12.08.2009 19:25 108289]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [27.04.2009 10:53 98984]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\programme\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance --> c:\programme\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance [?]
S2 gupdate1c9f048f07d96a6;Google Update Service (gupdate1c9f048f07d96a6);c:\programme\Google\Update\GoogleUpdate.exe [18.06.2009 21:14 133104]
S2 Tdlpt;Tdlpt;\??\c:\windows\system32\drivers\Tdlpt.sys --> c:\windows\system32\drivers\Tdlpt.sys [?]
S2 Wlansvc;@%SystemRoot%\System32\wlansvc.dll,-257;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [18.08.2001 12:00 14336]
S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [26.01.2009 13:16 94208]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\dokumente und einstellungen\Stefan\Lokale Einstellungen\temp\{D4FB1EFD-C011-464F-9B23-FD6C1DA6514C}\fsgk.sys --> c:\dokumente und einstellungen\Stefan\Lokale Einstellungen\temp\{D4FB1EFD-C011-464F-9B23-FD6C1DA6514C}\fsgk.sys [?]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\programme\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance --> c:\programme\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance [?]

--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - ntnbtx

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2010-03-29 c:\windows\Tasks\1-Klick-Wartung.job
- c:\programme\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 12:54]

2010-03-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-03-29 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-03 19:13]

2010-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-06-18 19:13]

2010-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-06-18 19:13]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mSearch Bar = hxxp://www.google.com/ie
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://de.search.yahoo.com
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} - hxxps://stream.web.de/mail/activex/mail_upload_11213.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game03.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\dokumente und einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\1thcnwgy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - component: c:\dokumente und einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\1thcnwgy.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\programme\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programme\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\programme\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programme\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-29 13:14
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1844237615-162531612-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1844237615-162531612-839522115-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-1844237615-162531612-839522115-1003)
@Allowed: (Read) (S-1-5-21-1844237615-162531612-839522115-1003)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1844237615-162531612-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:65,dc,21,bd,70,8f,5f,c0,82,a8,ed,9a,ca,2c,0a,76,31,a4,65,88,fa,ff,4d,
8e,fb,0c,fe,ad,49,cc,e9,be,f3,f0,56,7a,44,92,b6,1c,46,cf,aa,e0,a3,0d,97,7b,\
"??"=hex:6d,77,c1,5e,09,b0,35,eb,ea,b5,6c,b2,8e,1f,6c,34

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\CurrentControlSet]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\USER\LocalSystem]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]
"7040C10900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\MrvGINA.dll
.
Zeit der Fertigstellung: 2010-03-29 13:15:07
ComboFix-quarantined-files.txt 2010-03-29 11:15
ComboFix2.txt 2009-12-08 11:19
ComboFix3.txt 2009-07-25 07:15

Vor Suchlauf: 24 Verzeichnis(se), 24.340.504.576 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 24.562.565.120 Bytes frei

- - End Of File - - CB3A175A0A2777416B443A539EA150DA
__________
Danke für Eure super Unterstützung!
Lg Stefan
Seitenanfang Seitenende
29.03.2010, 14:06
raman
Moderator

Beiträge: 7805
#4 Mache bitte folgendes:

1. Starte Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code

http://board.protecus.de/t39383.htm
collect::
c:\windows\system32\drivers\ntnbtx.sys
C:\WINDOWS\system32\ntnue.dll
driver::
ntnbtx


3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer!)

5. Dann ziehe die CFScript.txt auf die ComboFix.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.





6. Nach dem Neustart (falls du gefragt wirst, ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

7. Nachdem das Log im Notepad aufgegangen ist, erscheint ein Popup

Folge den dort angegebenen Anweisungen.

Poste den neu erstellten Combofix Report

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
29.03.2010, 15:43
Okto1967
Member

Themenstarter

Beiträge: 156
#5 Hallo Ralf,

Cobofix habe ich wie beschrieben ausgeführt. Aber der Popup unter 7 ist nicht erschienen.

Hier der Report.

ComboFix 10-03-28.03 - 29.03.2010 15:29:51.15.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2047.1549 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\\Desktop\test.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((( Dateien erstellt von 2010-02-28 bis 2010-03-29 ))))))))))))))))))))))))))))))
.

2010-03-29 10:13 . 2010-03-29 10:13 388096 ----a-r- c:\dokumente und einstellungen\Stefan\Anwendungsdaten\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-29 10:13 . 2010-03-29 10:13 -------- d-----w- c:\programme\TrendMicro
2010-03-28 10:51 . 2010-03-28 10:51 -------- d-sh--w- c:\dokumente und einstellungen\LocalService\IETldCache
2010-03-26 12:31 . 2010-03-26 12:31 -------- d-----w- c:\dokumente und einstellungen\Stefan\Anwendungsdaten\Canneverbe Limited
2010-03-17 16:05 . 2010-03-17 16:25 -------- d-----w- c:\programme\PCPitstop
2010-03-17 16:05 . 2010-03-17 16:05 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\PCPitstop
2010-03-17 16:03 . 2010-03-17 16:03 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\NVIDIA Corporation
2010-03-17 16:03 . 2010-03-17 16:03 -------- d-----w- c:\programme\NVIDIA Corporation
2010-03-17 15:57 . 2010-03-17 16:01 -------- d-----w- c:\dokumente und einstellungen\Stefan\Anwendungsdaten\GetRightToGo
2010-03-10 15:31 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-06 08:46 . 2010-03-29 13:01 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\AlfBanCo3
2010-03-06 08:46 . 2010-03-06 08:46 -------- d-----w- c:\programme\ALFBanCo3
2010-03-04 11:47 . 2010-03-04 11:47 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\StarMoney 7.0
2010-03-04 11:45 . 2010-03-04 11:45 -------- d-----w- c:\programme\Business Objects
2010-03-04 11:45 . 2010-03-04 11:45 -------- d-----w- c:\programme\Gemeinsame Dateien\StarFinanz
2010-02-28 19:06 . 2010-02-28 19:06 -------- d-----w- c:\programme\House-Manager-TS

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-29 13:01 . 2010-02-11 18:45 -------- d-----w- c:\dokumente und einstellungen\Stefan\Anwendungsdaten\ALFBanCo3
2010-03-29 06:05 . 2009-07-02 15:32 -------- d-----w- c:\programme\casa70
2010-03-28 17:18 . 2008-10-14 05:51 -------- d-----w- c:\programme\Yahoo!
2010-03-28 16:33 . 2008-10-20 11:27 -------- d-----w- c:\programme\CCleaner
2010-03-28 12:28 . 2009-12-30 15:53 -------- d-----w- c:\dokumente und einstellungen\Stefan\Anwendungsdaten\vlc
2010-03-28 10:28 . 2001-08-18 10:00 89702 ----a-w- c:\windows\system32\perfc007.dat
2010-03-28 10:28 . 2001-08-18 10:00 471630 ----a-w- c:\windows\system32\perfh007.dat
2010-03-26 12:31 . 2009-10-15 18:14 -------- d-----w- c:\programme\CDBurnerXP
2010-03-14 11:53 . 2008-11-02 17:07 -------- d-----w- c:\programme\Haufe
2010-03-14 11:46 . 2008-10-02 17:21 -------- d--h--w- c:\programme\InstallShield Installation Information
2010-03-14 11:29 . 2009-09-29 11:40 -------- d-----w- c:\programme\WIN-CASA2009
2010-03-14 09:59 . 2010-02-21 18:50 -------- d-----w- c:\dokumente und einstellungen\Stefan\Anwendungsdaten\Zylom
2010-03-14 08:23 . 2008-10-08 12:24 -------- d-----w- c:\programme\eMule
2010-03-10 22:30 . 2008-10-08 12:07 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help
2010-03-04 18:01 . 2008-10-02 19:23 77408 ----a-w- c:\dokumente und einstellungen\Stefan\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-03-04 11:46 . 2009-07-23 09:50 -------- d-----w- c:\programme\Common Files
2010-02-28 18:58 . 2008-11-02 17:08 -------- d-----w- c:\dokumente und einstellungen\Stefan\Anwendungsdaten\Haufe
2010-02-24 12:59 . 2008-10-06 12:21 -------- d-----w- c:\programme\Gemeinsame Dateien\Adobe
2010-02-23 20:36 . 2009-09-01 08:30 -------- d-----w- c:\programme\Zylom Games
2010-02-22 07:24 . 2008-10-02 18:54 -------- d-----w- c:\programme\Google
2010-02-21 18:50 . 2010-02-21 18:50 -------- d-----w- c:\dokumente und einstellungen\Stefan\Anwendungsdaten\Skip-Bo
2010-02-19 15:16 . 2010-02-19 15:16 -------- d-----w- c:\programme\Sykosch
2010-02-16 10:40 . 2010-02-16 10:35 -------- d-----w- c:\programme\PDFCreator
2010-02-04 12:33 . 2010-02-04 12:33 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2010-02-04 12:33 . 2010-02-04 12:33 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-02-04 12:33 . 2010-02-04 12:30 -------- d-----w- c:\programme\TuneUp Utilities 2009
2010-02-04 12:30 . 2010-02-04 12:30 -------- d-----w- c:\dokumente und einstellungen\Stefan\Anwendungsdaten\TuneUp Software
2010-02-04 12:30 . 2010-02-04 12:30 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TuneUp Software
2010-02-02 19:32 . 2009-06-28 10:18 -------- d-----w- c:\programme\MS-Buchhalter
2010-02-02 10:50 . 2009-12-07 14:03 -------- d-----w- c:\programme\Haushaltsbuch
2010-01-11 21:17 . 2010-01-11 21:17 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-11 21:17 . 2010-01-11 21:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-11 21:17 . 2010-01-11 21:17 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-01-11 21:17 . 2010-01-11 21:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-11 21:17 . 2010-01-11 21:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-11 21:17 . 2010-01-11 21:17 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-12-31 16:50 . 2001-08-18 10:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 12:55 . 2009-12-31 12:55 60516 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-31 12:29 . 2009-12-31 12:29 79144 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-30 13:42 . 2009-12-30 13:42 33848 ----a-w- c:\windows\system32\drivers\nchssvad.sys
.

((((((((((((((((((((((((((((( SnapShot_2010-03-29_11.14.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-29 11:31 . 2010-03-29 11:31 16384 c:\windows\temp\Perflib_Perfdata_108.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"lxdumon.exe"="c:\programme\Lexmark 5600-6600 Series\lxdumon.exe" [2008-09-10 676520]
"EzPrint"="c:\programme\Lexmark 5600-6600 Series\ezprint.exe" [2008-09-10 131752]
"Lexmark 5600-6600 Series Fax Server"="c:\programme\Lexmark 5600-6600 Series\fm3032.exe" [2008-09-10 311976]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"HP Component Manager"="c:\programme\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2009-11-10 417792]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
ALF-BanCo 3 Reminder.lnk - c:\programme\ALFBanCo3\AlfReminder3.exe [2010-3-6 360448]
NETGEAR WG311v3 Smart Wizard.lnk - c:\programme\NETGEAR\WG311v3\wlancfg5.exe [2006-4-11 1503232]

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Lexware professional Datenbankserver starten.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Lexware professional Datenbankserver starten.lnk
backup=c:\windows\pss\Lexware professional Datenbankserver starten.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\eMule\\emule.exe"=
"c:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programme\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\lxducoms.exe"=
"c:\\Programme\\Microsoft Office\\Office10\\FRONTPG.EXE"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3050:TCP"= 3050:TCP:*;)isabled:firebird
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5000:TCP"= 5000:TCP:5000t
"5001:TCP"= 5001:TCP:5001t
"5002:TCP"= 5002:TCP:5002t
"5003:TCP"= 5003:TCP:5003t
"5004:TCP"= 5004:TCP:5004t
"5000:UDP"= 5000:UDP:5000u
"5001:UDP"= 5001:UDP:5001u
"5002:UDP"= 5002:UDP:5002u
"5003:UDP"= 5003:UDP:5003u
"5004:UDP"= 5004:UDP:5004u

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [15.02.2009 20:32 26624]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [20.10.2008 12:44 28544]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [12.08.2009 19:25 108289]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [27.04.2009 10:53 98984]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\programme\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance --> c:\programme\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance [?]
S2 gupdate1c9f048f07d96a6;Google Update Service (gupdate1c9f048f07d96a6);c:\programme\Google\Update\GoogleUpdate.exe [18.06.2009 21:14 133104]
S2 Tdlpt;Tdlpt;\??\c:\windows\system32\drivers\Tdlpt.sys --> c:\windows\system32\drivers\Tdlpt.sys [?]
S2 Wlansvc;@%SystemRoot%\System32\wlansvc.dll,-257;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [18.08.2001 12:00 14336]
S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [26.01.2009 13:16 94208]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\dokumente und einstellungen\Stefan\Lokale Einstellungen\temp\{D4FB1EFD-C011-464F-9B23-FD6C1DA6514C}\fsgk.sys --> c:\dokumente und einstellungen\Stefan\Lokale Einstellungen\temp\{D4FB1EFD-C011-464F-9B23-FD6C1DA6514C}\fsgk.sys [?]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\programme\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance --> c:\programme\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance [?]

--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - ntnbtx

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2010-03-29 c:\windows\Tasks\1-Klick-Wartung.job
- c:\programme\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 12:54]

2010-03-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-03-29 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-03 19:13]

2010-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-06-18 19:13]

2010-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-06-18 19:13]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mSearch Bar = hxxp://www.google.com/ie
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://de.search.yahoo.com
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} - hxxps://stream.web.de/mail/activex/mail_upload_11213.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game03.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\dokumente und einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\1thcnwgy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - component: c:\dokumente und einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\1thcnwgy.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\programme\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programme\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\programme\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programme\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-29 15:32
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1844237615-162531612-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1844237615-162531612-839522115-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-1844237615-162531612-839522115-1003)
@Allowed: (Read) (S-1-5-21-1844237615-162531612-839522115-1003)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1844237615-162531612-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:65,dc,21,bd,70,8f,5f,c0,82,a8,ed,9a,ca,2c,0a,76,31,a4,65,88,fa,ff,4d,
8e,fb,0c,fe,ad,49,cc,e9,be,f3,f0,56,7a,44,92,b6,1c,46,cf,aa,e0,a3,0d,97,7b,\
"??"=hex:6d,77,c1,5e,09,b0,35,eb,ea,b5,6c,b2,8e,1f,6c,34

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\CurrentControlSet]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\USER\LocalSystem]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]
"7040C10900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\MrvGINA.dll

- - - - - - - > 'Explorer.exe'(1768)
c:\windows\system32\webcheck.dll
.
Zeit der Fertigstellung: 2010-03-29 15:33:25
ComboFix-quarantined-files.txt 2010-03-29 13:33
ComboFix2.txt 2010-03-29 11:15
ComboFix3.txt 2009-12-08 11:19
ComboFix4.txt 2009-07-25 07:15

Vor Suchlauf: 25 Verzeichnis(se), 24.551.665.664 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 24.510.357.504 Bytes frei

- - End Of File - - E702A363438F0EC7BC97BD683916E127
__________
Danke für Eure super Unterstützung!
Lg Stefan
Seitenanfang Seitenende
29.03.2010, 16:20
Okto1967
Member

Themenstarter

Beiträge: 156
#6 Nachdem ich nun neu gestartet habe, ist die Meldung immer noch da.
__________
Danke für Eure super Unterstützung!
Lg Stefan
Seitenanfang Seitenende
29.03.2010, 16:33
raman
Moderator

Beiträge: 7805
#7 ICh habe das Script oben etwas angepasst. Wiederhole es bitte nocheinmal und schaue, ob du unter c:\qoobox\Quarantain ein Ziparchive besitzt, das einen DAteinamen ala 4-submit [Datum] beinhaltet. Wenn ja, lade es bitte hier hoch:
http://www.bleepingcomputer.com/submit-malware.php?channel=4
Gib unter Link zu Topic, den Link zu diesem Thema an. Also:
http://board.protecus.de/t39383.htm
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
29.03.2010, 17:06
Okto1967
Member

Themenstarter

Beiträge: 156
#8 Der lauf mit dem neuem Script hast auch nicht funktioniert.
Vierusmeldung kommt wieder.
Auch gibt es kein Ziparchive.

Hier der Report:

ComboFix 10-03-28.03 - 29.03.2010 16:51:29.17.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2047.1533 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\\Desktop\test.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((( Dateien erstellt von 2010-02-28 bis 2010-03-29 ))))))))))))))))))))))))))))))
.

2010-03-29 13:52 . 2010-03-29 13:57 -------- d-----w- C:\test5799t
2010-03-29 13:29 . 2010-03-29 13:33 -------- d-----w- C:\test
2010-03-29 10:13 . 2010-03-29 10:13 388096 ----a-r- c:\dokumente und einstellungen\Stefan\Anwendungsdaten\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-29 10:13 . 2010-03-29 10:13 -------- d-----w- c:\programme\TrendMicro
2010-03-28 10:51 . 2010-03-28 10:51 -------- d-sh--w- c:\dokumente und einstellungen\LocalService\IETldCache
2010-03-26 12:31 . 2010-03-26 12:31 -------- d-----w- c:\dokumente und einstellungen\Stefan\Anwendungsdaten\Canneverbe Limited
2010-03-17 16:05 . 2010-03-17 16:25 -------- d-----w- c:\programme\PCPitstop
2010-03-17 16:05 . 2010-03-17 16:05 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\PCPitstop
2010-03-17 16:03 . 2010-03-17 16:03 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\NVIDIA Corporation
2010-03-17 16:03 . 2010-03-17 16:03 -------- d-----w- c:\programme\NVIDIA Corporation
2010-03-17 15:57 . 2010-03-17 16:01 -------- d-----w- c:\dokumente und einstellungen\Stefan\Anwendungsdaten\GetRightToGo
2010-03-10 15:31 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-06 08:46 . 2010-03-29 13:01 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\AlfBanCo3
2010-03-06 08:46 . 2010-03-06 08:46 -------- d-----w- c:\programme\ALFBanCo3
2010-03-04 11:47 . 2010-03-04 11:47 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\StarMoney 7.0
2010-03-04 11:45 . 2010-03-04 11:45 -------- d-----w- c:\programme\Business Objects
2010-03-04 11:45 . 2010-03-04 11:45 -------- d-----w- c:\programme\Gemeinsame Dateien\StarFinanz
2010-02-28 19:06 . 2010-02-28 19:06 -------- d-----w- c:\programme\House-Manager-TS

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-29 13:01 . 2010-02-11 18:45 -------- d-----w- c:\dokumente und einstellungen\Stefan\Anwendungsdaten\ALFBanCo3
2010-03-29 06:05 . 2009-07-02 15:32 -------- d-----w- c:\programme\casa70
2010-03-28 17:18 . 2008-10-14 05:51 -------- d-----w- c:\programme\Yahoo!
2010-03-28 16:33 . 2008-10-20 11:27 -------- d-----w- c:\programme\CCleaner
2010-03-28 12:28 . 2009-12-30 15:53 -------- d-----w- c:\dokumente und einstellungen\Stefan\Anwendungsdaten\vlc
2010-03-28 10:28 . 2001-08-18 10:00 89702 ----a-w- c:\windows\system32\perfc007.dat
2010-03-28 10:28 . 2001-08-18 10:00 471630 ----a-w- c:\windows\system32\perfh007.dat
2010-03-26 12:31 . 2009-10-15 18:14 -------- d-----w- c:\programme\CDBurnerXP
2010-03-14 11:53 . 2008-11-02 17:07 -------- d-----w- c:\programme\Haufe
2010-03-14 11:46 . 2008-10-02 17:21 -------- d--h--w- c:\programme\InstallShield Installation Information
2010-03-14 11:29 . 2009-09-29 11:40 -------- d-----w- c:\programme\WIN-CASA2009
2010-03-14 09:59 . 2010-02-21 18:50 -------- d-----w- c:\dokumente und einstellungen\Stefan\Anwendungsdaten\Zylom
2010-03-14 08:23 . 2008-10-08 12:24 -------- d-----w- c:\programme\eMule
2010-03-10 22:30 . 2008-10-08 12:07 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help
2010-03-04 18:01 . 2008-10-02 19:23 77408 ----a-w- c:\dokumente und einstellungen\Stefan\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-03-04 11:46 . 2009-07-23 09:50 -------- d-----w- c:\programme\Common Files
2010-02-28 18:58 . 2008-11-02 17:08 -------- d-----w- c:\dokumente und einstellungen\Stefan\Anwendungsdaten\Haufe
2010-02-24 12:59 . 2008-10-06 12:21 -------- d-----w- c:\programme\Gemeinsame Dateien\Adobe
2010-02-23 20:36 . 2009-09-01 08:30 -------- d-----w- c:\programme\Zylom Games
2010-02-22 07:24 . 2008-10-02 18:54 -------- d-----w- c:\programme\Google
2010-02-21 18:50 . 2010-02-21 18:50 -------- d-----w- c:\dokumente und einstellungen\Stefan\Anwendungsdaten\Skip-Bo
2010-02-19 15:16 . 2010-02-19 15:16 -------- d-----w- c:\programme\Sykosch
2010-02-16 10:40 . 2010-02-16 10:35 -------- d-----w- c:\programme\PDFCreator
2010-02-04 12:33 . 2010-02-04 12:33 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2010-02-04 12:33 . 2010-02-04 12:33 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-02-04 12:33 . 2010-02-04 12:30 -------- d-----w- c:\programme\TuneUp Utilities 2009
2010-02-04 12:30 . 2010-02-04 12:30 -------- d-----w- c:\dokumente und einstellungen\Stefan\Anwendungsdaten\TuneUp Software
2010-02-04 12:30 . 2010-02-04 12:30 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TuneUp Software
2010-02-02 19:32 . 2009-06-28 10:18 -------- d-----w- c:\programme\MS-Buchhalter
2010-02-02 10:50 . 2009-12-07 14:03 -------- d-----w- c:\programme\Haushaltsbuch
2010-01-11 21:17 . 2010-01-11 21:17 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-11 21:17 . 2010-01-11 21:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-11 21:17 . 2010-01-11 21:17 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-01-11 21:17 . 2010-01-11 21:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-11 21:17 . 2010-01-11 21:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-11 21:17 . 2010-01-11 21:17 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-12-31 16:50 . 2001-08-18 10:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 12:55 . 2009-12-31 12:55 60516 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-31 12:29 . 2009-12-31 12:29 79144 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-30 13:42 . 2009-12-30 13:42 33848 ----a-w- c:\windows\system32\drivers\nchssvad.sys
.

((((((((((((((((((((((((((((( SnapShot_2010-03-29_11.14.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-29 13:45 . 2010-03-29 13:45 16384 c:\windows\temp\Perflib_Perfdata_770.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"lxdumon.exe"="c:\programme\Lexmark 5600-6600 Series\lxdumon.exe" [2008-09-10 676520]
"EzPrint"="c:\programme\Lexmark 5600-6600 Series\ezprint.exe" [2008-09-10 131752]
"Lexmark 5600-6600 Series Fax Server"="c:\programme\Lexmark 5600-6600 Series\fm3032.exe" [2008-09-10 311976]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"HP Component Manager"="c:\programme\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2009-11-10 417792]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
ALF-BanCo 3 Reminder.lnk - c:\programme\ALFBanCo3\AlfReminder3.exe [2010-3-6 360448]
NETGEAR WG311v3 Smart Wizard.lnk - c:\programme\NETGEAR\WG311v3\wlancfg5.exe [2006-4-11 1503232]

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Lexware professional Datenbankserver starten.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Lexware professional Datenbankserver starten.lnk
backup=c:\windows\pss\Lexware professional Datenbankserver starten.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\eMule\\emule.exe"=
"c:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programme\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\lxducoms.exe"=
"c:\\Programme\\Microsoft Office\\Office10\\FRONTPG.EXE"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3050:TCP"= 3050:TCP:*;)isabled:firebird
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5000:TCP"= 5000:TCP:5000t
"5001:TCP"= 5001:TCP:5001t
"5002:TCP"= 5002:TCP:5002t
"5003:TCP"= 5003:TCP:5003t
"5004:TCP"= 5004:TCP:5004t
"5000:UDP"= 5000:UDP:5000u
"5001:UDP"= 5001:UDP:5001u
"5002:UDP"= 5002:UDP:5002u
"5003:UDP"= 5003:UDP:5003u
"5004:UDP"= 5004:UDP:5004u

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [15.02.2009 20:32 26624]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [20.10.2008 12:44 28544]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [12.08.2009 19:25 108289]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [27.04.2009 10:53 98984]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\programme\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance --> c:\programme\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance [?]
S2 gupdate1c9f048f07d96a6;Google Update Service (gupdate1c9f048f07d96a6);c:\programme\Google\Update\GoogleUpdate.exe [18.06.2009 21:14 133104]
S2 Tdlpt;Tdlpt;\??\c:\windows\system32\drivers\Tdlpt.sys --> c:\windows\system32\drivers\Tdlpt.sys [?]
S2 Wlansvc;@%SystemRoot%\System32\wlansvc.dll,-257;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [18.08.2001 12:00 14336]
S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [26.01.2009 13:16 94208]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\dokumente und einstellungen\Stefan\Lokale Einstellungen\temp\{D4FB1EFD-C011-464F-9B23-FD6C1DA6514C}\fsgk.sys --> c:\dokumente und einstellungen\Stefan\Lokale Einstellungen\temp\{D4FB1EFD-C011-464F-9B23-FD6C1DA6514C}\fsgk.sys [?]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\programme\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance --> c:\programme\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance [?]

--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - ntnbtx

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2010-03-29 c:\windows\Tasks\1-Klick-Wartung.job
- c:\programme\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 12:54]

2010-03-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-03-29 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-03 19:13]

2010-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-06-18 19:13]

2010-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-06-18 19:13]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mSearch Bar = hxxp://www.google.com/ie
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://de.search.yahoo.com
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} - hxxps://stream.web.de/mail/activex/mail_upload_11213.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game03.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\dokumente und einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\1thcnwgy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - component: c:\dokumente und einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\1thcnwgy.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\programme\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programme\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\programme\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programme\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************
Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien:

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1844237615-162531612-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1844237615-162531612-839522115-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-1844237615-162531612-839522115-1003)
@Allowed: (Read) (S-1-5-21-1844237615-162531612-839522115-1003)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1844237615-162531612-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:65,dc,21,bd,70,8f,5f,c0,82,a8,ed,9a,ca,2c,0a,76,31,a4,65,88,fa,ff,4d,
8e,fb,0c,fe,ad,49,cc,e9,be,f3,f0,56,7a,44,92,b6,1c,46,cf,aa,e0,a3,0d,97,7b,\
"??"=hex:6d,77,c1,5e,09,b0,35,eb,ea,b5,6c,b2,8e,1f,6c,34

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\CurrentControlSet]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\USER\LocalSystem]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]
"7040C10900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\MrvGINA.dll

- - - - - - - > 'Explorer.exe'(1720)
c:\windows\system32\webcheck.dll
.
Zeit der Fertigstellung: 2010-03-29 16:53:54
ComboFix-quarantined-files.txt 2010-03-29 14:53
ComboFix2.txt 2010-03-29 13:57
ComboFix3.txt 2010-03-29 13:33
ComboFix4.txt 2010-03-29 11:15
ComboFix5.txt 2010-03-29 14:50

Vor Suchlauf: 27 Verzeichnis(se), 24.497.872.896 Bytes frei
Nach Suchlauf: 28 Verzeichnis(se), 24.476.008.448 Bytes frei

- - End Of File - - 31CAC50974940B1CA7F9F239112B4C3B
__________
Danke für Eure super Unterstützung!
Lg Stefan
Seitenanfang Seitenende
29.03.2010, 17:28
raman
Moderator

Beiträge: 7805
#9 Dann versuch es mit diesem Script:

killall::
rootkit::
c:\windows\system32\drivers\ntnbtx.sys
C:\WINDOWS\system32\ntnue.dll
driver::
ntnbtx
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
29.03.2010, 18:30
Okto1967
Member

Themenstarter

Beiträge: 156
#10 Hallo Ralf,

es scheint weg zu sein. Ganz lieben Dank an Dich.

Hier aber noch der Report:

ComboFix 10-03-28.03 - Stefan 29.03.2010 18:17:11.18.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2047.1555 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Stefan\Desktop\test.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Stefan\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NTNBTX
-------\Service_ntnbtx


((((((((((((((((((((((( Dateien erstellt von 2010-02-28 bis 2010-03-29 ))))))))))))))))))))))))))))))
.

2010-03-29 14:50 . 2010-03-29 14:53 -------- d-----w- C:\test24792t
2010-03-29 13:52 . 2010-03-29 13:57 -------- d-----w- C:\test5799t
2010-03-29 13:29 . 2010-03-29 13:33 -------- d-----w- C:\test
2010-03-29 10:13 . 2010-03-29 10:13 388096 ----a-r- c:\dokumente und einstellungen\Stefan\Anwendungsdaten\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-29 10:13 . 2010-03-29 10:13 -------- d-----w- c:\programme\TrendMicro
2010-03-28 10:51 . 2010-03-28 10:51 -------- d-sh--w- c:\dokumente und einstellungen\LocalService\IETldCache
2010-03-26 12:31 . 2010-03-26 12:31 -------- d-----w- c:\dokumente und einstellungen\Stefan\Anwendungsdaten\Canneverbe Limited
2010-03-17 16:05 . 2010-03-17 16:25 -------- d-----w- c:\programme\PCPitstop
2010-03-17 16:05 . 2010-03-17 16:05 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\PCPitstop
2010-03-17 16:03 . 2010-03-17 16:03 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\NVIDIA Corporation
2010-03-17 16:03 . 2010-03-17 16:03 -------- d-----w- c:\programme\NVIDIA Corporation
2010-03-17 15:57 . 2010-03-17 16:01 -------- d-----w- c:\dokumente und einstellungen\Stefan\Anwendungsdaten\GetRightToGo
2010-03-10 15:31 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-06 08:46 . 2010-03-29 13:01 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\AlfBanCo3
2010-03-06 08:46 . 2010-03-06 08:46 -------- d-----w- c:\programme\ALFBanCo3
2010-03-04 11:47 . 2010-03-04 11:47 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\StarMoney 7.0
2010-03-04 11:45 . 2010-03-04 11:45 -------- d-----w- c:\programme\Business Objects
2010-03-04 11:45 . 2010-03-04 11:45 -------- d-----w- c:\programme\Gemeinsame Dateien\StarFinanz
2010-02-28 19:06 . 2010-02-28 19:06 -------- d-----w- c:\programme\House-Manager-TS

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-29 13:01 . 2010-02-11 18:45 -------- d-----w- c:\dokumente und einstellungen\Stefan\Anwendungsdaten\ALFBanCo3
2010-03-29 06:05 . 2009-07-02 15:32 -------- d-----w- c:\programme\casa70
2010-03-28 17:18 . 2008-10-14 05:51 -------- d-----w- c:\programme\Yahoo!
2010-03-28 16:33 . 2008-10-20 11:27 -------- d-----w- c:\programme\CCleaner
2010-03-28 12:28 . 2009-12-30 15:53 -------- d-----w- c:\dokumente und einstellungen\Stefan\Anwendungsdaten\vlc
2010-03-28 10:28 . 2001-08-18 10:00 89702 ----a-w- c:\windows\system32\perfc007.dat
2010-03-28 10:28 . 2001-08-18 10:00 471630 ----a-w- c:\windows\system32\perfh007.dat
2010-03-26 12:31 . 2009-10-15 18:14 -------- d-----w- c:\programme\CDBurnerXP
2010-03-14 11:53 . 2008-11-02 17:07 -------- d-----w- c:\programme\Haufe
2010-03-14 11:46 . 2008-10-02 17:21 -------- d--h--w- c:\programme\InstallShield Installation Information
2010-03-14 11:29 . 2009-09-29 11:40 -------- d-----w- c:\programme\WIN-CASA2009
2010-03-14 09:59 . 2010-02-21 18:50 -------- d-----w- c:\dokumente und einstellungen\Stefan\Anwendungsdaten\Zylom
2010-03-14 08:23 . 2008-10-08 12:24 -------- d-----w- c:\programme\eMule
2010-03-10 22:30 . 2008-10-08 12:07 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help
2010-03-04 18:01 . 2008-10-02 19:23 77408 ----a-w- c:\dokumente und einstellungen\Stefan\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-03-04 11:46 . 2009-07-23 09:50 -------- d-----w- c:\programme\Common Files
2010-02-28 18:58 . 2008-11-02 17:08 -------- d-----w- c:\dokumente und einstellungen\Stefan\Anwendungsdaten\Haufe
2010-02-24 12:59 . 2008-10-06 12:21 -------- d-----w- c:\programme\Gemeinsame Dateien\Adobe
2010-02-23 20:36 . 2009-09-01 08:30 -------- d-----w- c:\programme\Zylom Games
2010-02-22 07:24 . 2008-10-02 18:54 -------- d-----w- c:\programme\Google
2010-02-21 18:50 . 2010-02-21 18:50 -------- d-----w- c:\dokumente und einstellungen\Stefan\Anwendungsdaten\Skip-Bo
2010-02-19 15:16 . 2010-02-19 15:16 -------- d-----w- c:\programme\Sykosch
2010-02-16 10:40 . 2010-02-16 10:35 -------- d-----w- c:\programme\PDFCreator
2010-02-04 12:33 . 2010-02-04 12:33 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2010-02-04 12:33 . 2010-02-04 12:33 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-02-04 12:33 . 2010-02-04 12:30 -------- d-----w- c:\programme\TuneUp Utilities 2009
2010-02-04 12:30 . 2010-02-04 12:30 -------- d-----w- c:\dokumente und einstellungen\Stefan\Anwendungsdaten\TuneUp Software
2010-02-04 12:30 . 2010-02-04 12:30 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TuneUp Software
2010-02-02 19:32 . 2009-06-28 10:18 -------- d-----w- c:\programme\MS-Buchhalter
2010-02-02 10:50 . 2009-12-07 14:03 -------- d-----w- c:\programme\Haushaltsbuch
2010-01-11 21:17 . 2010-01-11 21:17 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-11 21:17 . 2010-01-11 21:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-11 21:17 . 2010-01-11 21:17 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-01-11 21:17 . 2010-01-11 21:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-11 21:17 . 2010-01-11 21:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-11 21:17 . 2010-01-11 21:17 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-12-31 16:50 . 2001-08-18 10:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 12:55 . 2009-12-31 12:55 60516 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-31 12:29 . 2009-12-31 12:29 79144 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-30 13:42 . 2009-12-30 13:42 33848 ----a-w- c:\windows\system32\drivers\nchssvad.sys
.

((((((((((((((((((((((((((((( SnapShot_2010-03-29_11.14.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-29 16:21 . 2010-03-29 16:21 16384 c:\windows\temp\Perflib_Perfdata_7a4.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"lxdumon.exe"="c:\programme\Lexmark 5600-6600 Series\lxdumon.exe" [2008-09-10 676520]
"EzPrint"="c:\programme\Lexmark 5600-6600 Series\ezprint.exe" [2008-09-10 131752]
"Lexmark 5600-6600 Series Fax Server"="c:\programme\Lexmark 5600-6600 Series\fm3032.exe" [2008-09-10 311976]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"HP Component Manager"="c:\programme\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2009-11-10 417792]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
ALF-BanCo 3 Reminder.lnk - c:\programme\ALFBanCo3\AlfReminder3.exe [2010-3-6 360448]
NETGEAR WG311v3 Smart Wizard.lnk - c:\programme\NETGEAR\WG311v3\wlancfg5.exe [2006-4-11 1503232]

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Lexware professional Datenbankserver starten.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Lexware professional Datenbankserver starten.lnk
backup=c:\windows\pss\Lexware professional Datenbankserver starten.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\eMule\\emule.exe"=
"c:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programme\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\lxducoms.exe"=
"c:\\Programme\\Microsoft Office\\Office10\\FRONTPG.EXE"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3050:TCP"= 3050:TCP:*;)isabled:firebird
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5000:TCP"= 5000:TCP:5000t
"5001:TCP"= 5001:TCP:5001t
"5002:TCP"= 5002:TCP:5002t
"5003:TCP"= 5003:TCP:5003t
"5004:TCP"= 5004:TCP:5004t
"5000:UDP"= 5000:UDP:5000u
"5001:UDP"= 5001:UDP:5001u
"5002:UDP"= 5002:UDP:5002u
"5003:UDP"= 5003:UDP:5003u
"5004:UDP"= 5004:UDP:5004u

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [15.02.2009 20:32 26624]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [20.10.2008 12:44 28544]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [12.08.2009 19:25 108289]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\programme\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance --> c:\programme\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance [?]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [27.04.2009 10:53 98984]
S?2 gupdate1c9f048f07d96a6;Google Update Service (gupdate1c9f048f07d96a6);c:\programme\Google\Update\GoogleUpdate.exe [18.06.2009 21:14 133104]
S2 Tdlpt;Tdlpt;\??\c:\windows\system32\drivers\Tdlpt.sys --> c:\windows\system32\drivers\Tdlpt.sys [?]
S2 Wlansvc;@%SystemRoot%\System32\wlansvc.dll,-257;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [18.08.2001 12:00 14336]
S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [26.01.2009 13:16 94208]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\dokumente und einstellungen\Stefan\Lokale Einstellungen\temp\{D4FB1EFD-C011-464F-9B23-FD6C1DA6514C}\fsgk.sys --> c:\dokumente und einstellungen\Stefan\Lokale Einstellungen\temp\{D4FB1EFD-C011-464F-9B23-FD6C1DA6514C}\fsgk.sys [?]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\programme\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance --> c:\programme\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2010-03-29 c:\windows\Tasks\1-Klick-Wartung.job
- c:\programme\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 12:54]

2010-03-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-03-29 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-03 19:13]

2010-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-06-18 19:13]

2010-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-06-18 19:13]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mSearch Bar = hxxp://www.google.com/ie
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://de.search.yahoo.com
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} - hxxps://stream.web.de/mail/activex/mail_upload_11213.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game03.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\dokumente und einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\1thcnwgy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - component: c:\dokumente und einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\1thcnwgy.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\programme\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programme\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\programme\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programme\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************
Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien:

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1844237615-162531612-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1844237615-162531612-839522115-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-1844237615-162531612-839522115-1003)
@Allowed: (Read) (S-1-5-21-1844237615-162531612-839522115-1003)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1844237615-162531612-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:65,dc,21,bd,70,8f,5f,c0,82,a8,ed,9a,ca,2c,0a,76,31,a4,65,88,fa,ff,4d,
8e,fb,0c,fe,ad,49,cc,e9,be,f3,f0,56,7a,44,92,b6,1c,46,cf,aa,e0,a3,0d,97,7b,\
"??"=hex:6d,77,c1,5e,09,b0,35,eb,ea,b5,6c,b2,8e,1f,6c,34

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\CurrentControlSet]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\USER\LocalSystem]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]
"7040C10900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\MrvGINA.dll

- - - - - - - > 'Explorer.exe'(212)
c:\windows\system32\webcheck.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Firebird\Firebird_2_1\bin\fbguard.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\windows\system32\lxducoms.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
c:\programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
c:\programme\CDBurnerXP\NMSAccessU.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\fxssvc.exe
c:\windows\system32\lxducoms.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-03-29 18:23:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-03-29 16:23
ComboFix2.txt 2010-03-29 14:53
ComboFix3.txt 2010-03-29 13:57
ComboFix4.txt 2010-03-29 13:33
ComboFix5.txt 2010-03-29 16:16

Vor Suchlauf: 28 Verzeichnis(se), 24.491.483.136 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 24.443.826.176 Bytes frei

- - End Of File - - 5B772947047E6BFCC2667DF35EEBA003
__________
Danke für Eure super Unterstützung!
Lg Stefan
Seitenanfang Seitenende
29.03.2010, 19:33
Okto1967
Member

Themenstarter

Beiträge: 156
#11 Ich muss mich korrigieren.

Er meldet sich nun einfach so. Vorher war es nur wenn ich einen Browser öffnete, doch nun kommt die Virusmeldung auch so.

Gibt es noch was was ich tun kann?
__________
Danke für Eure super Unterstützung!
Lg Stefan
Seitenanfang Seitenende
29.03.2010, 19:37
raman
Moderator

Beiträge: 7805
#12 Nutze bitte Malwarebytes. Aktualisiere es und mache einen quickscan.
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
29.03.2010, 19:50
raman
Moderator

Beiträge: 7805
#13 Aktualisiere bitte dein Antivir, mit dem neusten Update werden Treiber(sys) und dll gefunden!
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
30.03.2010, 07:43
Okto1967
Member

Themenstarter

Beiträge: 156
#14 Guten Morgen Ralf,

Malwarebytes durchgeführt,
Antivier auf neusten Stand gebracht.

Bisher scheint alles wieder ruhig und sauber zu sein.

Danke für deine tolle Unterstützung. Ihr seid wirklich die Besten!

Viele Grüße
Stefan
__________
Danke für Eure super Unterstützung!
Lg Stefan
Seitenanfang Seitenende
30.03.2010, 08:19
raman
Moderator

Beiträge: 7805
#15 Mache bitte trotzdem noch einen Gmer scan und poste den Report
http://board.protecus.de/t23188.htm
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 12