Virus?,Trojaner: richtx64.exe, URLSearchHook

Jazzaquarium · 11.01.2010, 13:48

Hallo Zusammen,

erstmal vorweg: Danke für die Möglichkeit dieses Forums und dass kostenlos und kompetent. Das finde ich nicht selbstverständlich und deswegen erstmal dieses Danke vorneweg.

Also mein Rechner hat sich etwas sehr Gemeines eingefangen.
Symptome: Rechner schaltet sich immer wieder aus (neustart) DCOM-Server-Problem:
Habe das Problem jetzt erstmal unterdrückt (cmd shutdown -a) damit ich überhaupt hier ins Forum komme. Kann allerdings im Moment keine Ordner jedweder Art öffnen.

Hab ein Logfile gemacht und schon online analysieren lassen er findet zwei schädliche Einträge:

R3 - URLSearchHook: (no name) - - (no file)

O4 - HKCU\..\Run: [richtx64.exe] C:\Users\JAZZAQ~1\AppData\Local\Temp\richtx64.exe

Also hier erstmal der komplette Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:20:08, on 11.01.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18349)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\G DATA InternetSecurity\Firewall\GDFirewallTray.exe
C:\Program Files\G DATA InternetSecurity\AVKTray\AVKTray.exe
C:\Windows\VM305_STI.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wermgr.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,c:\program files\g data internetsecurity\avkkid\avkcks.exe
O1 - Hosts: ::1 localhost
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity\Webfilter\AVKWebIE.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity\Webfilter\AVKWebIE.dll
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files\SieMaSoft\Wecker\msdxm.ocx (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA InternetSecurity\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\G DATA InternetSecurity\AVKTray\AVKTray.exe"
O4 - HKLM\..\Run: [BigDog305] C:\Windows\VM305_STI.EXE A4 TECH PC Camera V
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
O4 - HKCU\..\Run: [richtx64.exe] C:\Users\JAZZAQ~1\AppData\Local\Temp\richtx64.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: G DATA Firewall Tray.lnk = ?
O13 - Gopher Prefix:
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G DATA Scheduler (AVKService) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity\AVK\AVKService.exe
O23 - Service: AntiVirus Wächter (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: G DATA Personal Firewall (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity\Firewall\GDFwSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 6389 bytes

Habe schon versucht SUPERAntiSpyware zu installieren sowie Mbam (Malwarebytes), beides ohne Erfolg. Lies sich nicht installieren.
Auch das Servicepack2 sowie andere Windowsupdates lassen sich nicht installieren.

Ich wäre sehr sehr erfreut wenn irgendjemand eine Idee für mein Problem und dessen Behebung hätte.

Vielen Dank.

P.S.: Mir ist bewußt dass die sicherste und wahrscheinlich auch einfachste Lösung wäre den Rechner neu aufzusetzen aber dies möchte ich erst versuchen wenn ich alle anderen Möglichkeiten ausgeschöpft habe.

cosinus · 11.01.2010, 14:16

Hallo und

Bitte mal den Avenger anwenden

Vorbereitungen:
a) Deaktiviere den Hintergrundwächter vom Virenscanner.
b) Stöpsele alle externen Datenträger vom Rechner ab.

Danach:

1.) Lade Dir von hier Avenger:
Swandog46's Public Anti-Malware Tools (Download, linksseitig)

2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen:

3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld:

Code:

ATTFilter

files to delete:
C:\Users\JAZZAQ~1\AppData\Local\Temp\richtx64.exe
C:\Users\JAZZAQ~1\AppData\Local\Temp\sdra64.exe
C:\Users\JAZZAQ~1\AppData\Local\Temp\settdebugx.exe

folders to delete:
C:\Program Files\Malware Defense

drivers to delete:
H8SRTD.SYS

4.) Geh in "The Avenger" nun oben auf "Load Script", dort auf "Paste from Clipboard".

5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein.

6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso.

7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier.

Jazzaquarium · 11.01.2010, 14:37

Hier erstmal der Log:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "H8SRTd.sys" found!
ImagePath: \systemroot\system32\drivers\H8SRTovttxiihmw.sys
Driver disabled successfully.

Rootkit scan completed.

Error: file "C:\Users\JAZZAQ~1\AppData\Local\Temp\richtx64.exe" not found!
Deletion of file "C:\Users\JAZZAQ~1\AppData\Local\Temp\richtx64.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Users\JAZZAQ~1\AppData\Local\Temp\sdra64.exe" not found!
Deletion of file "C:\Users\JAZZAQ~1\AppData\Local\Temp\sdra64.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Users\JAZZAQ~1\AppData\Local\Temp\settdebugx.exe" not found!
Deletion of file "C:\Users\JAZZAQ~1\AppData\Local\Temp\settdebugx.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: folder "C:\Program Files\Malware Defense" not found!
Deletion of folder "C:\Program Files\Malware Defense" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Driver "H8SRTD.SYS" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Konnte das Virenprogramm auf normalem Wege nicht ausschalten habe deswegen den Taskmanag. bemüht.
Status jetzt: Rechner fährt sich nicht mehr runter.
Kann wieder Einstellungen am Virenprogramm vornehmen.

cosinus · 11.01.2010, 14:38

Bitte jetzt unmittelbar nach dem Avenger Malwarebytes ausführen!

Jazzaquarium · 11.01.2010, 16:07

So scann ist abgeschloßen, er ist auch fündig geworden.

Hier der Log:

Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3539
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

11.01.2010 16:00:00
mbam-log-2010-01-11 (15-59-51).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 303128
Laufzeit: 1 hour(s), 18 minute(s), 59 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 9

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\richtx64.exe (Trojan.Agent) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Program Files\samplitude7_pro\UNWISE.EXE (Malware.Packer.Morphine) -> No action taken.
C:\Windows\System32\H8SRTbfpgxswfqd.dll (Trojan.FakeAlert) -> No action taken.
C:\Windows\System32\H8SRTbkwuqwyxqp.dll (Trojan.Vundo) -> No action taken.
C:\Windows\System32\H8SRTjpnomvwcbu.dll (Trojan.Vundo) -> No action taken.
C:\Windows\System32\drivers\H8SRTovttxiihmw.sys (Malware.Packer) -> No action taken.
C:\Windows\System32\krl32mainweq.dll (Trojan.DNSChanger) -> No action taken.
C:\Windows\System32\H8SRTexpqcvrkhs.dat (Rootkit.TDSS) -> No action taken.
C:\Users\jazzaquarium\AppData\Local\Temp\H8SRT756d.tmp (Rootkit.TDSS) -> No action taken.
C:\Users\jazzaquarium\AppData\Local\Temp\H8SRT7bd3.tmp (Rootkit.TDSS) -> No action taken.

Habe sie gelöscht und den Rechner neu gestartet.

cosinus · 11.01.2010, 16:08

Hast Du die Funde entfernt?

Edit: Ja hast Du

Mach bitte frische Logs mit RSIT und poste sie.

Jazzaquarium · 11.01.2010, 16:17

So da ist der Log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by jazzaquarium at 2010-01-11 16:14:07
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 67 GB (43%) free of 157 GB
Total RAM: 3071 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:14:09, on 11.01.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18349)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\G DATA InternetSecurity\Firewall\GDFirewallTray.exe
C:\Program Files\G DATA InternetSecurity\AVKTray\AVKTray.exe
C:\Windows\VM305_STI.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\jazzaquarium\Desktop\RSIT.exe
C:\Program Files\jazzaquarium.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,c:\program files\g data internetsecurity\avkkid\avkcks.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity\Webfilter\AVKWebIE.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity\Webfilter\AVKWebIE.dll
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files\SieMaSoft\Wecker\msdxm.ocx (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA InternetSecurity\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\G DATA InternetSecurity\AVKTray\AVKTray.exe"
O4 - HKLM\..\Run: [BigDog305] C:\Windows\VM305_STI.EXE A4 TECH PC Camera V
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: G DATA Firewall Tray.lnk = ?
O13 - Gopher Prefix:
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G DATA Scheduler (AVKService) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity\AVK\AVKService.exe
O23 - Service: AntiVirus Wächter (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: G DATA Personal Firewall (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity\Firewall\GDFwSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 6099 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}]
G DATA WebFilter - C:\Program Files\G DATA InternetSecurity\Webfilter\AVKWebIE.dll [2007-10-22 652872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-17 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-17 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0124123D-61B4-456f-AF86-78C53A0790C5} - G DATA WebFilter - C:\Program Files\G DATA InternetSecurity\Webfilter\AVKWebIE.dll [2007-10-22 652872]
{8E718888-423F-11D2-876E-00A0C9082467} - @msdxmLC.dll,-1@1031,&Radio - C:\Program Files\SieMaSoft\Wecker\msdxm.ocx []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-07-08 13535776]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-07-08 92704]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-08-27 6281760]
"GDFirewallTray"=C:\Program Files\G DATA InternetSecurity\Firewall\GDFirewallTray.exe [2007-10-25 1189552]
"AVKTray"=C:\Program Files\G DATA InternetSecurity\AVKTray\AVKTray.exe [2007-12-04 603720]
"BigDog305"=C:\Windows\VM305_STI.EXE [2005-08-05 61440]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"SoftAuto.exe"=C:\Program Files\Creative\Software Update 3\SoftAuto.exe [2008-08-13 405504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EADM\Core.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6.5\ICQ.exe silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
G DATA Firewall Tray.lnk - C:\Program Files\G DATA InternetSecurity\Firewall\GDFirewallTray.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb2713e5-4453-11de-9226-002185c6a4b9}]
shell\AutoRun\command - K:\Autorun.exe

======List of files/folders created in the last 1 months======

2010-01-11 16:10:27 ----D---- C:\rsit
2010-01-11 16:10:27 ----A---- C:\Program Files\jazzaquarium.exe
2010-01-11 14:38:27 ----D---- C:\Users\jazzaquarium\AppData\Roaming\Malwarebytes
2010-01-11 14:38:23 ----D---- C:\ProgramData\Malwarebytes
2010-01-11 14:38:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-11 14:26:25 ----A---- C:\avexport.bat
2010-01-04 13:49:59 ----A---- C:\Users\jazzaquarium\AppData\Roaming\vispa.ini
2010-01-04 13:42:18 ----D---- C:\Users\jazzaquarium\AppData\Roaming\InstallShield
2010-01-03 16:43:40 ----A---- C:\Program Files\HijackThis.exe
2010-01-03 16:43:17 ----D---- C:\Program Files\Trend Micro
2009-12-26 20:27:01 ----D---- C:\Windows\system32\EventProviders
2009-12-24 13:32:16 ----RHD---- C:\Users\jazzaquarium\AppData\Roaming\SecuROM
2009-12-23 07:15:21 ----D---- C:\Program Files\Panda Security
2009-12-23 06:51:43 ----A---- C:\Windows\ntbtlog.txt
2009-12-23 04:03:54 ----A---- C:\ProgramData\sysReserve.ini
2009-12-17 13:22:14 ----D---- C:\Program Files\vghd
2009-12-17 13:22:13 ----D---- C:\Users\jazzaquarium\AppData\Roaming\vghd
2009-12-15 18:35:54 ----D---- C:\Program Files\Cineast
2009-12-14 20:43:02 ----D---- C:\Program Files\MyDefrag v4.2.6
2009-12-14 20:43:02 ----A---- C:\Windows\system32\MyDefragScreenSaver.exe
2009-12-14 03:02:08 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-14 03:02:07 ----A---- C:\Windows\system32\httpapi.dll
2009-12-13 22:09:15 ----A---- C:\Windows\system32\winhttp.dll
2009-12-13 22:09:07 ----A---- C:\Windows\system32\occache.dll
2009-12-13 22:09:07 ----A---- C:\Windows\system32\mshtml.dll
2009-12-13 22:09:06 ----A---- C:\Windows\system32\wininet.dll
2009-12-13 22:09:06 ----A---- C:\Windows\system32\urlmon.dll
2009-12-13 22:09:06 ----A---- C:\Windows\system32\ieframe.dll
2009-12-13 22:09:05 ----A---- C:\Windows\system32\iertutil.dll
2009-12-13 22:09:05 ----A---- C:\Windows\system32\ieapfltr.dll
2009-12-13 22:09:04 ----A---- C:\Windows\system32\mstime.dll
2009-12-13 22:09:04 ----A---- C:\Windows\system32\msfeeds.dll
2009-12-13 22:09:04 ----A---- C:\Windows\system32\jsproxy.dll
2009-12-13 22:09:04 ----A---- C:\Windows\system32\ieUnatt.exe
2009-12-13 22:09:04 ----A---- C:\Windows\system32\ieencode.dll
2009-12-13 22:09:04 ----A---- C:\Windows\system32\iedkcs32.dll
2009-12-13 22:09:04 ----A---- C:\Windows\system32\ieaksie.dll
2009-12-13 22:07:44 ----A---- C:\Windows\system32\rastls.dll
2009-12-13 22:07:44 ----A---- C:\Windows\system32\raschap.dll

======List of files/folders modified in the last 1 months======

2010-01-11 16:14:09 ----D---- C:\Windows\Temp
2010-01-11 16:14:08 ----RD---- C:\Program Files
2010-01-11 16:13:42 ----D---- C:\Program Files\Mozilla Firefox
2010-01-11 16:10:29 ----D---- C:\Windows\Prefetch
2010-01-11 16:06:44 ----D---- C:\Windows\System32
2010-01-11 16:06:44 ----D---- C:\Windows\inf
2010-01-11 16:06:44 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-11 16:01:19 ----D---- C:\Windows\system32\drivers
2010-01-11 16:01:19 ----D---- C:\Windows\Setup
2010-01-11 16:00:07 ----D---- C:\Program Files\samplitude7_pro
2010-01-11 14:53:38 ----SHD---- C:\System Volume Information
2010-01-11 14:38:23 ----HD---- C:\ProgramData
2010-01-11 13:54:09 ----A---- C:\Windows\NeroDigital.ini
2010-01-05 06:19:07 ----D---- C:\Program Files\Yahoo!
2010-01-04 13:50:27 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-04 13:50:27 ----D---- C:\Program Files\Electronic Arts
2010-01-04 13:46:01 ----D---- C:\Program Files\Zylom Games
2010-01-04 13:44:23 ----SHD---- C:\Windows\Installer
2010-01-04 13:44:17 ----D---- C:\Windows\system32\Tasks
2010-01-04 13:44:13 ----D---- C:\Program Files\Common Files
2010-01-04 13:44:11 ----D---- C:\ProgramData\Skype
2010-01-04 13:42:09 ----D---- C:\ProgramData\eMule
2010-01-04 13:42:02 ----D---- C:\ProgramData\Electronic Arts
2010-01-04 00:40:43 ----D---- C:\Windows\system32\LogFiles
2010-01-03 18:32:18 ----D---- C:\Windows\Microsoft.NET
2010-01-03 18:32:16 ----RSD---- C:\Windows\assembly
2010-01-03 18:32:14 ----D---- C:\Windows\rescache
2010-01-03 18:25:08 ----D---- C:\ProgramData\NVIDIA
2010-01-03 18:21:58 ----D---- C:\Windows\winsxs
2010-01-03 18:18:05 ----D---- C:\Windows\system32\catroot
2010-01-03 18:13:55 ----D---- C:\Windows
2010-01-03 18:13:18 ----D---- C:\Windows\servicing
2010-01-03 18:13:18 ----D---- C:\Windows\ehome
2010-01-03 18:13:18 ----D---- C:\Program Files\Windows Sidebar
2010-01-03 18:13:18 ----D---- C:\Program Files\Windows Photo Gallery
2010-01-03 18:13:18 ----D---- C:\Program Files\Windows Media Player
2010-01-03 18:13:18 ----D---- C:\Program Files\Windows Mail
2010-01-03 18:13:18 ----D---- C:\Program Files\Windows Journal
2010-01-03 18:13:18 ----D---- C:\Program Files\Windows Defender
2010-01-03 18:13:18 ----D---- C:\Program Files\Windows Collaboration
2010-01-03 18:13:18 ----D---- C:\Program Files\Windows Calendar
2010-01-03 18:13:18 ----D---- C:\Program Files\Movie Maker
2010-01-03 18:13:18 ----D---- C:\Program Files\Internet Explorer
2010-01-03 18:13:18 ----D---- C:\Program Files\Common Files\System
2010-01-03 18:13:15 ----D---- C:\Windows\system32\XPSViewer
2010-01-03 18:13:15 ----D---- C:\Windows\system32\sk-SK
2010-01-03 18:13:15 ----D---- C:\Windows\system32\lv-LV
2010-01-03 18:13:15 ----D---- C:\Windows\system32\ko-KR
2010-01-03 18:13:15 ----D---- C:\Windows\system32\hr-HR
2010-01-03 18:13:15 ----D---- C:\Windows\system32\et-EE
2010-01-03 18:13:15 ----D---- C:\Windows\system32\en-US
2010-01-03 18:13:15 ----D---- C:\Windows\system32\da-DK
2010-01-03 18:13:15 ----D---- C:\Windows\IME
2010-01-03 18:13:14 ----D---- C:\Windows\system32\zh-TW
2010-01-03 18:13:14 ----D---- C:\Windows\system32\zh-CN
2010-01-03 18:13:14 ----D---- C:\Windows\system32\wbem
2010-01-03 18:13:14 ----D---- C:\Windows\system32\uk-UA
2010-01-03 18:13:14 ----D---- C:\Windows\system32\tr-TR
2010-01-03 18:13:14 ----D---- C:\Windows\system32\th-TH
2010-01-03 18:13:14 ----D---- C:\Windows\system32\sv-SE
2010-01-03 18:13:14 ----D---- C:\Windows\system32\sr-Latn-CS
2010-01-03 18:13:14 ----D---- C:\Windows\system32\SLUI
2010-01-03 18:13:14 ----D---- C:\Windows\system32\sl-SI
2010-01-03 18:13:14 ----D---- C:\Windows\system32\setup
2010-01-03 18:13:14 ----D---- C:\Windows\system32\ru-RU
2010-01-03 18:13:14 ----D---- C:\Windows\system32\ro-RO
2010-01-03 18:13:14 ----D---- C:\Windows\system32\pt-PT
2010-01-03 18:13:14 ----D---- C:\Windows\system32\pt-BR
2010-01-03 18:13:14 ----D---- C:\Windows\system32\pl-PL
2010-01-03 18:13:14 ----D---- C:\Windows\system32\oobe
2010-01-03 18:13:14 ----D---- C:\Windows\system32\nl-NL
2010-01-03 18:13:14 ----D---- C:\Windows\system32\nb-NO
2010-01-03 18:13:14 ----D---- C:\Windows\system32\migwiz
2010-01-03 18:13:14 ----D---- C:\Windows\system32\migration
2010-01-03 18:13:14 ----D---- C:\Windows\system32\manifeststore
2010-01-03 18:13:14 ----D---- C:\Windows\system32\lt-LT
2010-01-03 18:13:14 ----D---- C:\Windows\system32\ja-JP
2010-01-03 18:13:14 ----D---- C:\Windows\system32\it-IT
2010-01-03 18:13:14 ----D---- C:\Windows\system32\hu-HU
2010-01-03 18:13:14 ----D---- C:\Windows\system32\he-IL
2010-01-03 18:13:14 ----D---- C:\Windows\system32\fr-FR
2010-01-03 18:13:14 ----D---- C:\Windows\system32\fi-FI
2010-01-03 18:13:14 ----D---- C:\Windows\system32\es-ES
2010-01-03 18:13:14 ----D---- C:\Windows\system32\el-GR
2010-01-03 18:13:14 ----D---- C:\Windows\system32\de-DE
2010-01-03 18:13:14 ----D---- C:\Windows\system32\cs-CZ
2010-01-03 18:13:14 ----D---- C:\Windows\system32\bg-BG
2010-01-03 18:13:14 ----D---- C:\Windows\system32\ar-SA
2010-01-03 18:13:14 ----D---- C:\Windows\system32\AdvancedInstallers
2010-01-03 18:13:12 ----RSD---- C:\Windows\Fonts
2010-01-03 18:13:12 ----D---- C:\Windows\AppPatch
2010-01-03 18:13:10 ----D---- C:\Windows\system32\Boot
2010-01-03 18:11:26 ----D---- C:\Windows\system32\RTCOM
2010-01-03 18:05:48 ----D---- C:\Windows\system32\catroot2
2010-01-03 17:39:37 ----D---- C:\Users\jazzaquarium\AppData\Roaming\dvdcss
2010-01-03 15:37:20 ----D---- C:\Users\jazzaquarium\AppData\Roaming\Creative
2009-12-30 19:21:58 ----D---- C:\Users\jazzaquarium\AppData\Roaming\CorelHomeOffice
2009-12-22 06:05:34 ----D---- C:\Program Files\Wecker6

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 gdwfpcd;G DATA WFP CD; C:\Windows\system32\DRIVERS\gdwfpcd32.sys [2007-10-04 39880]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-11-04 281760]
R2 GDTdiInterceptor;GDTdiInterceptor; \??\C:\Windows\system32\drivers\GDTdiIcpt.sys [2008-10-28 41928]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-11-04 25888]
R3 GDMnIcpt;GDMnIcpt; \??\C:\Windows\system32\drivers\MiniIcpt.sys [2008-10-28 46024]
R3 GDPkIcpt;GDPkIcpt; \??\C:\Windows\system32\drivers\PktIcpt.sys [2008-10-28 42952]
R3 HookCentre;HookCentre; \??\C:\Windows\system32\drivers\HookCentre.sys [2008-10-28 32200]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-08-27 2163032]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-07-08 1050656]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-07-08 7468672]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2008-07-22 15872]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 aemi7yuz;aemi7yuz; C:\Windows\system32\drivers\aemi7yuz.sys []
S3 camvid20;Philips ToUcam Camera; Video; C:\Windows\system32\DRIVERS\camdrv21.sys [2004-05-19 253909]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 ezplay;VSO Software ezplay; C:\Windows\System32\Drivers\ezplay.sys [2009-05-19 94208]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr73.sys [2007-07-27 351232]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver; C:\Windows\system32\DRIVERS\wg111v3.sys []
S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088]
S3 ZSMC0305;A4 TECH PC Camera V; C:\Windows\System32\Drivers\usbVM305.sys [2006-05-08 391688]
S4 ahcix86s;ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [2008-05-27 173576]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2007-09-29 308248]
S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2008-04-03 76688]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVKProxy;G DATA AntiVirus Proxy; C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe [2007-12-04 722504]
R2 AVKService;G DATA Scheduler; C:\Program Files\G DATA InternetSecurity\AVK\AVKService.exe [2007-12-04 427592]
R2 AVKWCtl;AntiVirus Wächter; C:\Program Files\G DATA InternetSecurity\AVK\AVKWCtl.exe [2007-12-04 1095240]
R2 CTDevice_Srv;CT Device Query service; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [2007-04-02 61440]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-07-08 118784]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [2008-04-25 303104]
R3 GDFwSvc;G DATA Personal Firewall; C:\Program Files\G DATA InternetSecurity\Firewall\GDFwSvc.exe [2007-10-24 1496648]
S3 CTUPnPSv;Creative Centrale Media Server; C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-08-16 382248]
S3 UPnPService;UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-17 138168]
S4 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-08-08 836904]

-----------------EOF-----------------

cosinus · 11.01.2010, 19:57

Bitte nun CF anwenden:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Jazzaquarium · 11.01.2010, 20:33

Also habe CCleaner nach Anleitung ausgeführt und danach Combofix.

Hier der Log

ComboFix 10-01-11.01 - jazzaquarium 11.01.2010 20:21:20.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3071.1884 [GMT 1:00]
ausgeführt von:: c:\users\jazzaquarium\Desktop\cofi.exe
AV: G DATA AntiVirus 2008 *On-access scanning disabled* (Updated) {71310606-6F3B-49F2-9A81-8315AA75FBB3}
FW: G DATA Personal Firewall *enabled* {6E6F4BA6-C07D-443F-A130-0A57DA59A082}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2955575093-3628665754-2128127200-500
c:\program files\jazzaquarium.exe
c:\users\jazzaquarium\AppData\Roaming\inst.exe
c:\windows\system32\srcr.dat

.
((((((((((((((((((((((( Dateien erstellt von 2009-12-11 bis 2010-01-11 ))))))))))))))))))))))))))))))
.

2010-01-11 19:04 . 2010-01-11 19:04 -------- d-----w- c:\program files\CCleaner
2010-01-11 18:10 . 2010-01-11 18:10 -------- d-----w- c:\users\jazzaquarium\AppData\Roaming\Participatory Culture Foundation
2010-01-11 15:10 . 2010-01-11 15:10 -------- d-----w- C:\rsit
2010-01-11 13:38 . 2010-01-11 13:38 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-11 13:38 . 2010-01-11 13:38 -------- d-----w- c:\users\jazzaquarium\AppData\Roaming\Malwarebytes
2010-01-11 13:38 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-11 13:38 . 2010-01-11 13:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-11 13:38 . 2010-01-11 13:38 -------- d-----w- c:\programdata\Malwarebytes
2010-01-11 13:38 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-11 13:26 . 2010-01-11 13:26 261 ----a-w- C:\avexport.bat
2010-01-04 12:42 . 2010-01-04 12:42 -------- d-----w- c:\users\jazzaquarium\AppData\Roaming\InstallShield
2010-01-03 15:43 . 2010-01-03 15:43 396288 ----a-w- c:\program files\HijackThis.exe
2010-01-03 15:43 . 2010-01-03 15:43 -------- d-----w- c:\program files\Trend Micro
2009-12-26 19:27 . 2009-12-26 19:27 -------- d-----w- c:\windows\system32\EventProviders
2009-12-24 12:32 . 2009-12-24 12:32 -------- d--h--r- c:\users\jazzaquarium\AppData\Roaming\SecuROM
2009-12-23 06:15 . 2010-01-11 18:21 -------- d-----w- c:\program files\Panda Security
2009-12-23 00:07 . 2009-12-23 00:07 1239816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-17 12:22 . 2009-12-23 05:39 7 ----a-w- c:\windows\sbacknt.bin
2009-12-17 12:22 . 2009-12-17 12:22 -------- d-----w- c:\program files\vghd
2009-12-17 12:22 . 2009-12-17 12:22 152904 ----a-w- c:\windows\system32\vghd.scr
2009-12-17 12:22 . 2009-12-17 12:22 -------- d-----w- c:\users\jazzaquarium\AppData\Roaming\vghd
2009-12-15 17:35 . 2010-01-04 12:46 -------- d-----w- c:\program files\Cineast
2009-12-14 02:02 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-14 02:02 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-14 02:02 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-13 21:07 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2009-12-13 21:07 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-11 19:17 . 2008-01-21 07:15 618204 ----a-w- c:\windows\system32\perfh007.dat
2010-01-11 19:17 . 2008-01-21 07:15 122636 ----a-w- c:\windows\system32\perfc007.dat
2010-01-11 15:14 . 2010-01-03 15:44 6100 ----a-w- c:\program files\hijackthis.log
2010-01-11 15:00 . 2009-01-03 20:55 -------- d-----w- c:\program files\samplitude7_pro
2010-01-05 05:19 . 2009-06-12 13:27 -------- d-----w- c:\program files\Yahoo!
2010-01-04 12:50 . 2009-05-25 19:41 -------- d-----w- c:\program files\Electronic Arts
2010-01-04 12:50 . 2008-10-28 10:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-04 12:46 . 2009-02-02 15:23 -------- d-----w- c:\program files\Zylom Games
2010-01-04 12:44 . 2009-01-25 19:42 -------- d-----w- c:\programdata\Skype
2010-01-04 12:42 . 2008-12-18 17:20 -------- d-----w- c:\programdata\eMule
2010-01-04 12:42 . 2009-05-25 19:54 -------- d-----w- c:\programdata\Electronic Arts
2010-01-03 17:25 . 2008-10-28 10:23 -------- d-----w- c:\programdata\NVIDIA
2010-01-03 17:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-01-03 17:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-01-03 17:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-01-03 17:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-01-03 17:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-01-03 17:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-01-03 17:13 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-03 16:59 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-01-03 16:39 . 2009-01-04 15:35 -------- d-----w- c:\users\jazzaquarium\AppData\Roaming\dvdcss
2010-01-03 14:37 . 2009-12-03 15:09 -------- d-----w- c:\users\jazzaquarium\AppData\Roaming\Creative
2009-12-30 18:21 . 2009-01-03 16:45 -------- d-----w- c:\users\jazzaquarium\AppData\Roaming\CorelHomeOffice
2009-12-22 05:05 . 2009-05-19 18:47 -------- d-----w- c:\program files\Wecker6
2009-12-04 13:56 . 2009-12-04 13:56 -------- d-----w- c:\program files\Microsoft
2009-12-03 15:09 . 2009-12-03 15:09 -------- d-----w- c:\programdata\Creative
2009-12-03 15:09 . 2009-12-03 15:09 -------- d--h--w- c:\programdata\{615DB4DC-B7C1-4125-9858-78EF460B76D2}
2009-12-03 15:08 . 2009-12-03 15:08 -------- d-----w- c:\program files\Creative
2009-12-03 15:08 . 2009-12-03 15:09 2422433 ----a-w- c:\programdata\{615DB4DC-B7C1-4125-9858-78EF460B76D2}\setup.exe
2009-12-03 15:08 . 2009-12-03 15:08 -------- d--h--w- c:\programdata\{9BA38AC8-8A1E-463A-97ED-AE291D3E1A06}
2009-11-25 13:15 . 2009-11-25 13:15 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-11-25 13:07 . 2009-11-25 13:07 0 ----a-w- c:\windows\nsreg.dat
2009-11-25 13:07 . 2009-11-25 13:07 -------- d-----w- c:\users\jazzaquarium\AppData\Roaming\Thunderbird
2009-11-23 13:08 . 2008-10-28 10:11 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-07 14:50 . 2008-12-17 15:58 63120 ----a-w- c:\users\jazzaquarium\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-06 15:59 . 2009-05-19 08:56 94208 ----a-w- c:\users\jazzaquarium\AppData\Roaming\ezplay.sys
2009-11-06 15:59 . 2009-05-19 08:56 94208 ----a-w- c:\users\jazzaquarium\AppData\Roaming\ezplay.sys
2009-11-06 15:59 . 2009-05-19 08:56 47360 ----a-w- c:\users\jazzaquarium\AppData\Roaming\pcouffin.sys
2009-11-06 15:59 . 2009-05-19 08:56 47360 ----a-w- c:\users\jazzaquarium\AppData\Roaming\pcouffin.sys
2009-11-04 21:13 . 2009-11-04 21:13 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-11-04 21:13 . 2009-11-04 21:13 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-11-02 19:42 . 2009-10-02 17:09 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41 . 2009-11-26 02:00 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 13:20 . 2009-12-13 21:09 833024 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16 . 2009-12-13 21:09 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 10:55 . 2009-12-13 21:09 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-10-18 09:35 . 2009-10-18 09:35 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-10-16 14:50 . 2009-11-11 05:51 2520888 ----a-w- c:\users\jazzaquarium\AppData\Roaming\Mozilla\Firefox\Profiles\r7kmmnkq.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-08 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-08 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-27 6281760]
"GDFirewallTray"="c:\program files\G DATA InternetSecurity\Firewall\GDFirewallTray.exe" [2007-10-25 1189552]
"AVKTray"="c:\program files\G DATA InternetSecurity\AVKTray\AVKTray.exe" [2007-12-04 603720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
G DATA Firewall Tray.lnk - c:\program files\G DATA InternetSecurity\Firewall\GDFirewallTray.exe [2008-10-28 1189552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

R1 gdwfpcd;G DATA WFP CD;c:\windows\System32\drivers\gdwfpcd32.sys [28.10.2008 11:13 39880]
R2 AVKProxy;G DATA AntiVirus Proxy;c:\program files\Common Files\G DATA\AVKProxy\AVKProxy.exe [28.10.2008 11:13 722504]
R2 AVKWCtl;AntiVirus Wächter;c:\program files\G DATA InternetSecurity\AVK\AVKWCtl.exe [28.10.2008 11:13 1095240]
R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\System32\drivers\GDTdiIcpt.sys [28.10.2008 11:13 41928]
R3 GDFwSvc;G DATA Personal Firewall;c:\program files\G DATA InternetSecurity\Firewall\GDFwSvc.exe [28.10.2008 11:13 1496648]
R3 GDMnIcpt;GDMnIcpt;c:\windows\System32\drivers\MiniIcpt.sys [28.10.2008 11:13 46024]
R3 GDPkIcpt;GDPkIcpt;c:\windows\System32\drivers\PktIcpt.sys [28.10.2008 11:20 42952]
R3 HookCentre;HookCentre;c:\windows\System32\drivers\HookCentre.sys [28.10.2008 11:13 32200]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [19.05.2009 10:00 721904]
S2 AVKService;G DATA Scheduler;c:\program files\G DATA InternetSecurity\AVK\AVKService.exe [28.10.2008 11:13 427592]
S3 camvid20;Philips ToUcam Camera; Video;c:\windows\System32\drivers\camdrv21.sys [25.01.2009 19:18 253909]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21.05.2008 12:42 64000]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr73.sys [17.12.2008 17:37 351232]
S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [28.10.2008 11:15 544768]
S3 ZSMC0305;A4 TECH PC Camera V;c:\windows\System32\drivers\usbVM305.sys [08.05.2006 16:24 391688]
S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [28.10.2008 11:14 1527900]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
FF - ProfilePath - c:\users\jazzaquarium\AppData\Roaming\Mozilla\Firefox\Profiles\r7kmmnkq.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\jazzaquarium\AppData\Roaming\Mozilla\Firefox\Profiles\r7kmmnkq.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\users\jazzaquarium\AppData\Roaming\Mozilla\Firefox\Profiles\r7kmmnkq.default\extensions\wildpocketsloader@simopsstudios.com\plugins\npWildPocketsLo ader.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKU-Default-Run-fsc-reg - c:\fsc-reg\fscreg.exe
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-ICQ - c:\program files\ICQ6.5\ICQ.exe
MSConfigStartUp-Messenger (Yahoo!) - c:\program files\Yahoo!\Messenger\YahooMessenger.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-11 20:25
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2010-01-11 20:26:47
ComboFix-quarantined-files.txt 2010-01-11 19:26

Vor Suchlauf: 19 Verzeichnis(se), 75.794.886.656 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 75.736.817.664 Bytes frei

- - End Of File - - 4C1636476002958E8D734A9E412DBA9F

Jazzaquarium · 12.01.2010, 14:50

Ist der Rechner damit wieder Clean? Soweit man das sagen kann?

cosinus · 12.01.2010, 14:58

Zitat:

c:\windows\system32\vghd.scr

Bitte diese Datei bei Virustotal auswerten und Link posten.

Danach:
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

ATTFilter

DirLook::
c:\program files\vghd
c:\programdata\eMule

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Jazzaquarium · 12.01.2010, 15:08

Hier die Auswertung der Datei:

PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x230E
timedatestamp.....: 0x4A9D352D (Tue Sep 1 16:52:29 2009)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x639E 0x7000 6.19 2b52898e4b2c31add2c75825366ebed2
.rdata 0x8000 0x17BA 0x2000 4.23 cf7bcfddabe7fffc065e2030f90b342e
.data 0xA000 0x1CF8 0x1000 1.20 8222deb8ba9ab1102b76c87fe5fef41b
.rsrc 0xC000 0x180F8 0x19000 5.98 2187fff541a175b59894a849b89fca34

( 6 imports )

> advapi32.dll: RegQueryValueExA, RegOpenKeyA, RegCloseKey
> comctl32.dll: InitCommonControlsEx
> gdi32.dll: CreateCompatibleDC, SelectObject, BitBlt, GetStockObject, GetClipBox, DeleteDC
> kernel32.dll: SetStdHandle, SetFilePointer, GetLocaleInfoA, LCMapStringW, LCMapStringA, ReadFile, CloseHandle, CreateProcessA, WinExec, FlushFileBuffers, GetStringTypeW, GetStringTypeA, RtlUnwind, GetProcAddress, GetModuleHandleA, FreeLibrary, LoadLibraryA, GetTickCount, GetSystemPowerStatus, UnhandledExceptionFilter, GetVersionExA, ExitProcess, GetStartupInfoA, GetCommandLineA, TerminateProcess, GetCurrentProcess, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, GetModuleFileNameA, WriteFile, GetStdHandle, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetLastError, GetEnvironmentStringsW, SetHandleCount, GetFileType, HeapDestroy, HeapCreate, VirtualFree, HeapFree, MultiByteToWideChar, HeapAlloc, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, HeapReAlloc, HeapSize, GetACP, GetOEMCP, GetCPInfo, Sleep
> shlwapi.dll: SHGetValueA, SHSetValueA
> user32.dll: FindWindowA, ShowWindow, LoadImageA, GetDC, InvalidateRect, ReleaseDC, GetWindowRect, SystemParametersInfoA, PostQuitMessage, SetCursor, DefWindowProcA, IsWindow, GetParent, DialogBoxParamA, SendMessageA, PeekMessageA, DispatchMessageA, TranslateMessage, GetMessageA, CreateWindowExA, RegisterClassA, RegisterWindowMessageA, SetForegroundWindow, GetSystemMetrics, GetClientRect, LoadIconA, CharNextA, EnumWindows, MoveWindow, GetCursorPos, GetAsyncKeyState, PostMessageA, MessageBoxA, GetWindowTextA, GetForegroundWindow

( 0 exports )
TrID : File type identification
Win64 Executable Generic (54.6%)
Win32 Executable MS Visual C++ (generic) (24.0%)
Windows Screen Saver (8.3%)
Win32 Executable Generic (5.4%)
Win32 Dynamic Link Library (generic) (4.8%)
ssdeep: 1536:vyhPATguCxTyU67mI4cPBHznntRh2vj9PxluQjsJxLroVZzbBo:vyVATguCr6CJcZHznQ1xl3jsJxLroDK
PEiD : -
RDS : NSRL Reference Data Set

Ich nehme an sie gehört zu Gdata.

Combofix folgt jetzt

cosinus · 12.01.2010, 15:12

Wurde in der Datei was gefunden?

Jazzaquarium · 12.01.2010, 15:29

Nein O Funde enschuldige vergaß ich zu schreiben.

Hier die Combofixauswertung in Abschnitten da riesig.

ComboFix 10-01-11.04 - jazzaquarium 12.01.2010 15:17:15.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3071.2129 [GMT 1:00]
ausgeführt von:: c:\users\jazzaquarium\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\jazzaquarium\Desktop\CFScript.txt
AV: G DATA AntiVirus 2008 *On-access scanning enabled* (Updated) {71310606-6F3B-49F2-9A81-8315AA75FBB3}
FW: G DATA Personal Firewall *enabled* {6E6F4BA6-C07D-443F-A130-0A57DA59A082}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((( Dateien erstellt von 2009-12-12 bis 2010-01-12 ))))))))))))))))))))))))))))))
.

2010-01-12 14:22 . 2010-01-12 14:22 -------- d-----w- c:\users\jazzaquarium\AppData\Local\temp
2010-01-12 14:22 . 2010-01-12 14:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-12 14:22 . 2010-01-12 14:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-12 13:56 . 2010-01-12 13:56 -------- d-----w- c:\windows\system32\eu-ES
2010-01-12 13:56 . 2010-01-12 13:56 -------- d-----w- c:\windows\system32\ca-ES
2010-01-12 13:56 . 2010-01-12 13:56 -------- d-----w- c:\windows\system32\vi-VN
2010-01-12 13:02 . 2009-11-18 16:30 557056 ----a-w- c:\users\jazzaquarium\AppData\Roaming\Mozilla\Firefox\Profiles\r7kmmnkq.default\extensions\wildpocketsloader@simopsstudios.com\plugins\npWildPocketsLo ader.dll
2010-01-11 19:11 . 2010-01-11 19:26 -------- d-----w- C:\cofi
2010-01-11 19:04 . 2010-01-11 19:04 -------- d-----w- c:\program files\CCleaner
2010-01-11 18:10 . 2010-01-11 18:10 -------- d-----w- c:\users\jazzaquarium\AppData\Roaming\Participatory Culture Foundation
2010-01-11 15:10 . 2010-01-11 15:10 -------- d-----w- C:\rsit
2010-01-11 13:38 . 2010-01-11 13:38 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-11 13:38 . 2010-01-11 13:38 -------- d-----w- c:\users\jazzaquarium\AppData\Roaming\Malwarebytes
2010-01-11 13:38 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-11 13:38 . 2010-01-11 13:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-11 13:38 . 2010-01-11 13:38 -------- d-----w- c:\programdata\Malwarebytes
2010-01-11 13:38 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-11 13:26 . 2010-01-11 13:26 261 ----a-w- C:\avexport.bat
2010-01-04 12:42 . 2010-01-04 12:42 -------- d-----w- c:\users\jazzaquarium\AppData\Roaming\InstallShield
2010-01-03 15:43 . 2010-01-03 15:43 396288 ----a-w- c:\program files\HijackThis.exe
2010-01-03 15:43 . 2010-01-03 15:43 -------- d-----w- c:\program files\Trend Micro
2009-12-26 19:27 . 2009-12-26 19:27 -------- d-----w- c:\windows\system32\EventProviders
2009-12-24 12:32 . 2009-12-24 12:32 -------- d--h--r- c:\users\jazzaquarium\AppData\Roaming\SecuROM
2009-12-23 06:15 . 2010-01-11 18:21 -------- d-----w- c:\program files\Panda Security
2009-12-23 00:07 . 2009-12-23 00:07 1239816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-17 12:22 . 2009-12-23 05:39 7 ----a-w- c:\windows\sbacknt.bin
2009-12-17 12:22 . 2009-12-17 12:22 -------- d-----w- c:\program files\vghd
2009-12-17 12:22 . 2009-12-17 12:22 152904 ----a-w- c:\windows\system32\vghd.scr
2009-12-17 12:22 . 2009-12-17 12:22 -------- d-----w- c:\users\jazzaquarium\AppData\Roaming\vghd
2009-12-15 17:35 . 2010-01-04 12:46 -------- d-----w- c:\program files\Cineast
2009-12-14 02:02 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-14 02:02 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-13 21:09 . 2009-10-27 13:16 78336 ----a-w- c:\windows\system32\ieencode.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-12 14:19 . 2008-01-21 07:15 618204 ----a-w- c:\windows\system32\perfh007.dat
2010-01-12 14:19 . 2008-01-21 07:15 122636 ----a-w- c:\windows\system32\perfc007.dat
2010-01-12 14:02 . 2008-10-28 10:23 -------- d-----w- c:\programdata\NVIDIA
2010-01-12 13:56 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-01-12 13:56 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-12 13:56 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-01-12 13:56 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-01-12 13:56 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-01-12 13:56 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-01-12 13:56 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-01-12 13:56 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-01-11 15:14 . 2010-01-03 15:44 6100 ----a-w- c:\program files\hijackthis.log
2010-01-11 15:00 . 2009-01-03 20:55 -------- d-----w- c:\program files\samplitude7_pro
2010-01-05 05:19 . 2009-06-12 13:27 -------- d-----w- c:\program files\Yahoo!
2010-01-04 12:50 . 2009-05-25 19:41 -------- d-----w- c:\program files\Electronic Arts
2010-01-04 12:50 . 2008-10-28 10:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-04 12:46 . 2009-02-02 15:23 -------- d-----w- c:\program files\Zylom Games
2010-01-04 12:44 . 2009-01-25 19:42 -------- d-----w- c:\programdata\Skype
2010-01-04 12:42 . 2008-12-18 17:20 -------- d-----w- c:\programdata\eMule
2010-01-04 12:42 . 2009-05-25 19:54 -------- d-----w- c:\programdata\Electronic Arts
2010-01-03 16:39 . 2009-01-04 15:35 -------- d-----w- c:\users\jazzaquarium\AppData\Roaming\dvdcss
2010-01-03 14:37 . 2009-12-03 15:09 -------- d-----w- c:\users\jazzaquarium\AppData\Roaming\Creative
2009-12-30 18:21 . 2009-01-03 16:45 -------- d-----w- c:\users\jazzaquarium\AppData\Roaming\CorelHomeOffice
2009-12-22 05:05 . 2009-05-19 18:47 -------- d-----w- c:\program files\Wecker6
2009-12-04 13:56 . 2009-12-04 13:56 -------- d-----w- c:\program files\Microsoft
2009-12-03 15:09 . 2009-12-03 15:09 -------- d-----w- c:\programdata\Creative
2009-12-03 15:09 . 2009-12-03 15:09 -------- d--h--w- c:\programdata\{615DB4DC-B7C1-4125-9858-78EF460B76D2}
2009-12-03 15:08 . 2009-12-03 15:08 -------- d-----w- c:\program files\Creative
2009-12-03 15:08 . 2009-12-03 15:09 2422433 ----a-w- c:\programdata\{615DB4DC-B7C1-4125-9858-78EF460B76D2}\setup.exe
2009-12-03 15:08 . 2009-12-03 15:08 -------- d--h--w- c:\programdata\{9BA38AC8-8A1E-463A-97ED-AE291D3E1A06}
2009-11-25 13:15 . 2009-11-25 13:15 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-11-25 13:07 . 2009-11-25 13:07 0 ----a-w- c:\windows\nsreg.dat
2009-11-25 13:07 . 2009-11-25 13:07 -------- d-----w- c:\users\jazzaquarium\AppData\Roaming\Thunderbird
2009-11-23 13:08 . 2008-10-28 10:11 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-07 14:50 . 2008-12-17 15:58 63120 ----a-w- c:\users\jazzaquarium\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-06 15:59 . 2009-05-19 08:56 94208 ----a-w- c:\users\jazzaquarium\AppData\Roaming\ezplay.sys
2009-11-06 15:59 . 2009-05-19 08:56 94208 ----a-w- c:\users\jazzaquarium\AppData\Roaming\ezplay.sys
2009-11-06 15:59 . 2009-05-19 08:56 47360 ----a-w- c:\users\jazzaquarium\AppData\Roaming\pcouffin.sys
2009-11-06 15:59 . 2009-05-19 08:56 47360 ----a-w- c:\users\jazzaquarium\AppData\Roaming\pcouffin.sys
2009-11-04 21:13 . 2009-11-04 21:13 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-11-04 21:13 . 2009-11-04 21:13 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-11-02 19:42 . 2009-10-02 17:09 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-18 09:35 . 2009-10-18 09:35 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-10-16 14:50 . 2009-11-11 05:51 2520888 ----a-w- c:\users\jazzaquarium\AppData\Roaming\Mozilla\Firefox\Profiles\r7kmmnkq.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\vghd ----

2009-12-17 12:22 . 2009-12-17 12:22 196608 ----a-w- c:\program files\vghd\WindowsEx.dll
2009-12-17 12:22 . 2009-12-17 12:22 38400 ----a-w- c:\program files\vghd\Windows.dll
2009-12-17 12:22 . 2009-12-17 12:22 152936 ----a-w- c:\program files\vghd\VirtuaGirl_Downloader.exe
2009-12-17 12:22 . 2009-12-17 12:22 839680 ----a-w- c:\program files\vghd\vhd.dll
2009-12-17 12:22 . 2009-12-17 12:22 423248 ----a-w- c:\program files\vghd\vghd.exe
2009-12-17 12:22 . 2009-12-17 12:22 54632 ----a-w- c:\program files\vghd\uninstall.exe
2009-12-17 12:22 . 2009-12-17 12:22 45056 ----a-w- c:\program files\vghd\System.dll
2009-12-17 12:22 . 2009-12-17 12:22 8704 ----a-w- c:\program files\vghd\Sql.dll
2009-12-17 12:22 . 2009-12-17 12:22 344064 ----a-w- c:\program files\vghd\msvcr70.dll
2009-12-17 12:22 . 2009-12-17 12:22 606208 ----a-w- c:\program files\vghd\dxmodules.dll

---- Directory of c:\programdata\eMule ----

((((((((((((((((((((((((((((( SnapShot@2010-01-11_19.25.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:24 . 2008-01-21 02:24 38912 c:\windows\System32\xolehlp.dll
- 2009-04-15 17:40 . 2008-06-06 03:27 38912 c:\windows\System32\xolehlp.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 56320 c:\windows\System32\xmlfilter.dll
- 2008-10-28 09:46 . 2008-05-27 05:18 56320 c:\windows\System32\xmlfilter.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 50688 c:\windows\System32\wsnmp32.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 50688 c:\windows\System32\wsnmp32.dll
- 2008-10-28 09:56 . 2008-05-08 21:59 90112 c:\windows\System32\wshext.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 90112 c:\windows\System32\wshext.dll
- 2006-11-02 08:55 . 2006-11-02 09:46 34304 c:\windows\System32\wshbth.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 34304 c:\windows\System32\wshbth.dll
- 2008-10-28 09:46 . 2008-05-27 05:18 29184 c:\windows\System32\wsepno.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 29184 c:\windows\System32\wsepno.dll
- 2006-11-02 09:16 . 2006-11-02 09:46 20992 c:\windows\System32\wsdchngr.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 20992 c:\windows\System32\wsdchngr.dll
- 2008-01-21 02:23 . 2008-01-21 02:23 61440 c:\windows\System32\wscsvc.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 61440 c:\windows\System32\wscsvc.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 17920 c:\windows\System32\wscisvif.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 33280 c:\windows\System32\wscapi.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 83456 c:\windows\System32\wlgpclnt.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 83456 c:\windows\System32\wlgpclnt.dll
+ 2009-09-08 21:01 . 2009-04-11 06:28 68096 c:\windows\System32\wlanhlp.dll
- 2008-01-21 02:23 . 2008-01-21 02:23 68096 c:\windows\System32\wlanhlp.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 19968 c:\windows\System32\winrnr.dll
- 2006-11-02 08:45 . 2006-11-02 09:46 19968 c:\windows\System32\winrnr.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 31232 c:\windows\System32\whealogr.dll
- 2008-01-21 02:25 . 2008-01-21 02:25 31232 c:\windows\System32\whealogr.dll
+ 2008-01-21 01:58 . 2010-01-12 14:15 47296 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-01-12 14:15 81662 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-01-21 02:24 . 2008-01-21 02:24 61952 c:\windows\System32\wbem\xml\wmi2xml.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 61952 c:\windows\System32\wbem\xml\wmi2xml.dll
- 2008-01-21 02:23 . 2008-01-21 02:23 83968 c:\windows\System32\wbem\wmiutils.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 83968 c:\windows\System32\wbem\wmiutils.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 47104 c:\windows\System32\wbem\WmiPerfInst.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 47104 c:\windows\System32\wbem\WmiPerfInst.dll
- 2008-01-21 02:23 . 2008-01-21 02:23 74752 c:\windows\System32\wbem\WMICOOKR.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 74752 c:\windows\System32\wbem\WMICOOKR.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 90112 c:\windows\System32\wbem\WmiApRpl.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 90112 c:\windows\System32\wbem\WmiApRpl.dll
- 2008-01-21 02:23 . 2008-01-21 02:23 49152 c:\windows\System32\wbem\wbemsvc.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 49152 c:\windows\System32\wbem\wbemsvc.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 30208 c:\windows\System32\wbem\wbemprox.dll
- 2008-01-21 02:23 . 2008-01-21 02:23 30208 c:\windows\System32\wbem\wbemprox.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 37888 c:\windows\System32\wbem\unsecapp.exe
- 2008-01-21 02:23 . 2008-01-21 02:23 37888 c:\windows\System32\wbem\unsecapp.exe
+ 2009-12-05 14:06 . 2009-04-11 06:28 57856 c:\windows\System32\wbem\NCProv.dll
- 2008-01-21 02:23 . 2008-01-21 02:23 57856 c:\windows\System32\wbem\NCProv.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 35840 c:\windows\System32\wbem\KrnlProv.dll
- 2006-11-02 08:41 . 2006-11-02 09:46 35840 c:\windows\System32\wbem\KrnlProv.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 20480 c:\windows\System32\version.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 20480 c:\windows\System32\version.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 17408 c:\windows\System32\vdmdbg.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 17408 c:\windows\System32\vdmdbg.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 29184 c:\windows\System32\uxsms.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 99840 c:\windows\System32\ulib.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 99840 c:\windows\System32\ulib.dll
+ 2009-12-05 14:06 . 2009-02-18 18:39 35680 c:\windows\System32\TsWpfWrp.exe
+ 2009-12-05 14:06 . 2009-04-11 06:28 38400 c:\windows\System32\TSTheme.exe
+ 2009-08-11 23:01 . 2009-04-11 06:28 53248 c:\windows\System32\tsgqec.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 53248 c:\windows\System32\tsgqec.dll
- 2008-01-21 02:23 . 2008-01-21 02:23 63488 c:\windows\System32\tscupgrd.exe
+ 2009-12-05 14:06 . 2009-04-11 06:28 63488 c:\windows\System32\tscupgrd.exe
+ 2009-12-05 14:06 . 2009-04-11 06:28 12288 c:\windows\System32\tsbyuv.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 55808 c:\windows\System32\Storprop.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 55808 c:\windows\System32\Storprop.dll
- 2008-10-28 09:45 . 2008-02-29 04:12 14848 c:\windows\System32\srdelayed.exe
+ 2008-01-21 02:25 . 2008-01-21 02:25 14848 c:\windows\System32\srdelayed.exe
- 2008-10-28 09:45 . 2008-02-29 06:53 40960 c:\windows\System32\srclient.dll
+ 2008-01-21 02:25 . 2008-01-21 02:25 40960 c:\windows\System32\srclient.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 11776 c:\windows\System32\spwinsat.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 13312 c:\windows\System32\spcmsg.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 64000 c:\windows\System32\smss.exe
- 2008-10-28 10:04 . 2008-07-16 01:27 64000 c:\windows\System32\smss.exe
+ 2009-12-05 14:06 . 2009-04-11 06:28 83456 c:\windows\System32\SMBHelperClass.dll
- 2008-01-21 02:23 . 2008-01-21 02:23 83456 c:\windows\System32\SMBHelperClass.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 67584 c:\windows\System32\slwmi.dll
- 2008-01-21 02:25 . 2008-01-21 02:25 12288 c:\windows\System32\slwga.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 12288 c:\windows\System32\slwga.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 60928 c:\windows\System32\SLUINotify.dll
+ 2009-12-05 14:06 . 2009-02-18 18:39 92918 c:\windows\System32\slmgr.vbs
- 2008-01-21 02:25 . 2008-01-21 02:25 42496 c:\windows\System32\slcinst.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 42496 c:\windows\System32\slcinst.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 66048 c:\windows\System32\setup\tssysprep.dll
- 2008-10-28 09:44 . 2008-02-29 06:53 46592 c:\windows\System32\setbcdlocale.dll
+ 2008-01-21 02:24 . 2008-01-21 02:24 46592 c:\windows\System32\setbcdlocale.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 69632 c:\windows\System32\sendmail.dll
- 2008-01-21 02:23 . 2008-01-21 02:23 69632 c:\windows\System32\sendmail.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 72704 c:\windows\System32\secur32.dll
- 2009-08-13 11:00 . 2009-06-15 15:24 72704 c:\windows\System32\secur32.dll
+ 2009-12-05 14:06 . 2009-04-11 06:27 87552 c:\windows\System32\SearchFilterHost.exe
- 2008-10-28 09:46 . 2008-05-27 05:17 87552 c:\windows\System32\SearchFilterHost.exe
- 2008-01-21 02:24 . 2008-01-21 02:24 95232 c:\windows\System32\SCardSvr.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 95232 c:\windows\System32\SCardSvr.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 57344 c:\windows\System32\samlib.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 57344 c:\windows\System32\samlib.dll
- 2006-11-02 08:57 . 2006-11-02 09:46 36352 c:\windows\System32\rtutils.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 36352 c:\windows\System32\rtutils.dll
- 2008-10-28 09:46 . 2008-05-27 05:18 38400 c:\windows\System32\rtffilt.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 38400 c:\windows\System32\rtffilt.dll
- 2008-01-21 02:25 . 2008-01-21 02:25 53248 c:\windows\System32\rrinstaller.exe
+ 2009-09-08 21:01 . 2009-04-11 06:27 53248 c:\windows\System32\rrinstaller.exe
+ 2008-01-21 02:24 . 2008-01-21 02:24 17920 c:\windows\System32\ROUTE.EXE
- 2009-09-08 21:02 . 2009-08-14 14:16 17920 c:\windows\System32\ROUTE.EXE
+ 2009-12-05 14:06 . 2009-04-11 06:27 43520 c:\windows\System32\rekeywiz.exe
+ 2009-12-05 14:06 . 2009-04-11 06:28 67584 c:\windows\System32\regapi.dll
- 2008-01-21 02:23 . 2008-01-21 02:23 67584 c:\windows\System32\regapi.dll
+ 2009-12-05 14:06 . 2009-04-11 06:27 61952 c:\windows\System32\reg.exe
- 2008-01-21 02:24 . 2008-01-21 02:24 69632 c:\windows\System32\rastapi.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 69632 c:\windows\System32\rastapi.dll
+ 2009-12-05 14:06 . 2009-04-11 06:27 16896 c:\windows\System32\rasdial.exe
- 2006-11-02 08:58 . 2006-11-02 09:45 16896 c:\windows\System32\rasdial.exe
- 2008-01-21 02:24 . 2008-01-21 02:24 52736 c:\windows\System32\rasdiag.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 52736 c:\windows\System32\rasdiag.dll
+ 2009-12-05 14:06 . 2009-04-11 06:32 50664 c:\windows\System32\PSHED.DLL
- 2008-10-28 09:46 . 2008-05-27 05:18 71680 c:\windows\System32\propdefs.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 71680 c:\windows\System32\propdefs.dll
- 2009-04-15 17:40 . 2009-03-03 04:39 26112 c:\windows\System32\printfilterpipelineprxy.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 26112 c:\windows\System32\printfilterpipelineprxy.dll
+ 2009-12-05 14:07 . 2009-02-18 18:39 41344 c:\windows\System32\PresentationHostProxy.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 98816 c:\windows\System32\powrprof.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 94720 c:\windows\System32\PortableDeviceClassExtension.dll
- 2008-01-21 02:25 . 2008-01-21 02:25 94720 c:\windows\System32\PortableDeviceClassExtension.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 69632 c:\windows\System32\PNPXAssoc.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 69632 c:\windows\System32\PNPXAssoc.dll
+ 2009-12-05 14:06 . 2009-04-11 06:27 33280 c:\windows\System32\PnPutil.exe
- 2008-01-21 02:24 . 2008-01-21 02:24 58368 c:\windows\System32\PnPUnattend.exe
+ 2009-12-05 14:06 . 2009-04-11 06:27 58368 c:\windows\System32\PnPUnattend.exe
- 2006-11-02 08:35 . 2006-11-02 09:46 31744 c:\windows\System32\perfdisk.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 31744 c:\windows\System32\perfdisk.dll
- 2008-10-28 09:58 . 2008-04-05 03:34 15360 c:\windows\System32\pacerprf.dll
+ 2006-11-02 08:57 . 2006-11-02 09:46 15360 c:\windows\System32\pacerprf.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 88576 c:\windows\System32\olepro32.dll
- 2008-01-21 02:23 . 2008-01-21 02:23 88576 c:\windows\System32\olepro32.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 97792 c:\windows\System32\oleprn.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 40960 c:\windows\System32\odbcconf.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 40960 c:\windows\System32\odbcconf.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 35840 c:\windows\System32\ocsetup.exe
+ 2009-12-05 14:06 . 2009-04-11 06:27 35840 c:\windows\System32\ocsetup.exe
+ 2009-12-05 14:06 . 2009-04-11 06:27 82944 c:\windows\System32\nslookup.exe
- 2008-01-21 02:24 . 2008-01-21 02:24 82944 c:\windows\System32\nslookup.exe
+ 2009-12-05 14:06 . 2009-04-11 06:27 74752 c:\windows\System32\newdev.exe
- 2006-11-02 08:33 . 2006-11-02 09:45 74752 c:\windows\System32\newdev.exe
- 2008-01-21 02:24 . 2008-01-21 02:24 39936 c:\windows\System32\networkitemfactory.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 39936 c:\windows\System32\networkitemfactory.dll
- 2009-09-08 21:02 . 2009-08-14 14:16 27136 c:\windows\System32\NETSTAT.EXE
+ 2006-11-02 08:58 . 2006-11-02 09:45 27136 c:\windows\System32\NETSTAT.EXE
+ 2009-12-05 14:06 . 2009-04-11 06:28 19968 c:\windows\System32\NcdProp.dll
- 2008-01-21 02:23 . 2008-01-21 02:23 19968 c:\windows\System32\NcdProp.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 13136 c:\windows\System32\MUI\0407\mscorees.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 84992 c:\windows\System32\mstlsapi.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 43008 c:\windows\System32\msstrc.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 33280 c:\windows\System32\mssprxy.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 87040 c:\windows\System32\mssitlb.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 11776 c:\windows\System32\msshooks.dll
- 2008-10-28 09:46 . 2008-05-27 05:17 11776 c:\windows\System32\msshooks.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 60416 c:\windows\System32\msscntrs.dll
- 2008-10-28 09:46 . 2008-05-27 05:17 60416 c:\windows\System32\msscntrs.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 35328 c:\windows\System32\msscb.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 61440 c:\windows\System32\msjter40.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 24576 c:\windows\System32\msjint40.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 16384 c:\windows\System32\msisip.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 31232 c:\windows\System32\msimtf.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 31232 c:\windows\System32\msimtf.dll
+ 2009-12-05 14:06 . 2009-04-11 06:27 73216 c:\windows\System32\msiexec.exe
- 2008-10-28 09:47 . 2008-04-18 02:33 73216 c:\windows\System32\msiexec.exe
- 2008-01-21 02:24 . 2008-01-21 02:24 52224 c:\windows\System32\msfeedsbs.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 52224 c:\windows\System32\msfeedsbs.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 85504 c:\windows\System32\msctfui.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 84992 c:\windows\System32\msctfp.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 19456 c:\windows\System32\MsCtfMonitor.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 19456 c:\windows\System32\MsCtfMonitor.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 80720 c:\windows\System32\mscories.dll
- 2008-01-21 02:23 . 2008-01-21 02:23 21504 c:\windows\System32\msacm32.drv
+ 2009-12-05 14:06 . 2009-04-11 06:27 21504 c:\windows\System32\msacm32.drv
+ 2006-11-02 08:58 . 2006-11-02 09:45 11264 c:\windows\System32\MRINFO.EXE
- 2009-09-08 21:02 . 2009-08-14 14:16 11264 c:\windows\System32\MRINFO.EXE
- 2008-01-21 02:24 . 2008-01-21 02:24 97792 c:\windows\System32\mprapi.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 97792 c:\windows\System32\mprapi.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 68608 c:\windows\System32\mpr.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 68608 c:\windows\System32\mpr.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 12800 c:\windows\System32\mmcico.dll
- 2006-11-02 09:03 . 2006-11-02 09:46 12800 c:\windows\System32\mmcico.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 52224 c:\windows\System32\mmci.dll
- 2006-11-02 09:03 . 2006-11-02 09:46 52224 c:\windows\System32\mmci.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 41984 c:\windows\System32\mimefilt.dll
- 2008-01-21 02:23 . 2008-01-21 02:23 38912 c:\windows\System32\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\imkrmig.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 38912 c:\windows\System32\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\imkrmig.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 79872 c:\windows\System32\migwiz\dlmanifests\Microsoft-Windows-shmig-DL\shmig.dll
- 2008-01-21 02:23 . 2008-01-21 02:23 79872 c:\windows\System32\migwiz\dlmanifests\Microsoft-Windows-shmig-DL\shmig.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 44544 c:\windows\System32\migwiz\dlmanifests\Microsoft-Windows-IE-ESC\EscMigPlugin.dll
- 2008-12-19 04:39 . 2008-02-22 05:01 64512 c:\windows\System32\migration\WininetPlugin.dll
+ 2009-06-10 18:17 . 2009-04-11 06:28 64512 c:\windows\System32\migration\WininetPlugin.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 79872 c:\windows\System32\migration\shmig.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 79872 c:\windows\System32\migration\shmig.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 38912 c:\windows\System32\migration\imkrmig.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 38912 c:\windows\System32\migration\imkrmig.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 73216 c:\windows\System32\migration\bthmigplugin.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 73216 c:\windows\System32\migration\bthmigplugin.dll
- 2008-01-21 02:23 . 2008-01-21 02:23 17408 c:\windows\System32\midimap.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 17408 c:\windows\System32\midimap.dll
- 2008-01-21 02:25 . 2008-01-21 02:25 98816 c:\windows\System32\mfps.dll
+ 2009-09-08 21:01 . 2009-04-11 06:28 98816 c:\windows\System32\mfps.dll
- 2008-01-21 02:25 . 2008-01-21 02:25 24576 c:\windows\System32\mfpmp.exe
+ 2009-09-08 21:01 . 2009-04-11 06:27 24576 c:\windows\System32\mfpmp.exe
+ 2009-12-05 14:06 . 2009-04-11 06:27 57344 c:\windows\System32\logman.exe
+ 2009-12-05 14:06 . 2009-04-11 06:27 94720 c:\windows\System32\logagent.exe
- 2008-12-19 04:39 . 2008-06-23 01:58 94720 c:\windows\System32\logagent.exe
+ 2009-12-05 14:06 . 2009-04-11 06:28 48128 c:\windows\System32\l2nacp.dll
+ 2009-12-05 14:06 . 2009-04-11 06:32 19944 c:\windows\System32\kdusb.dll
+ 2009-12-05 14:06 . 2009-04-11 06:32 17384 c:\windows\System32\kdcom.dll
+ 2009-12-05 14:06 . 2009-04-11 06:32 17896 c:\windows\System32\kd1394.dll
+ 2009-06-10 18:17 . 2009-04-11 06:28 27648 c:\windows\System32\jsproxy.dll
+ 2009-12-05 14:06 . 2009-04-11 04:39 16384 c:\windows\System32\iscsilog.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 91648 c:\windows\System32\IPHLPAPI.DLL
+ 2009-12-05 14:06 . 2009-04-11 06:28 91648 c:\windows\System32\IPHLPAPI.DLL
- 2008-01-21 02:23 . 2008-01-21 02:23 26624 c:\windows\System32\ipconfig.exe
+ 2009-12-05 14:06 . 2009-04-11 06:27 26624 c:\windows\System32\ipconfig.exe
+ 2009-12-05 14:06 . 2009-02-18 18:38 99680 c:\windows\System32\infocardapi.dll
- 2008-01-21 02:25 . 2008-01-21 02:25 15360 c:\windows\System32\inetppui.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 15360 c:\windows\System32\inetppui.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 17920 c:\windows\System32\IME\shared\res\padrs412.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 17920 c:\windows\System32\IME\shared\res\padrs412.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 18944 c:\windows\System32\IME\shared\res\padrs411.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 18944 c:\windows\System32\IME\shared\res\padrs411.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 15360 c:\windows\System32\IME\shared\imever.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 15360 c:\windows\System32\IME\shared\imever.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 32768 c:\windows\System32\IME\shared\IMEPADSM.DLL
+ 2009-12-05 14:06 . 2009-04-11 06:28 32768 c:\windows\System32\IME\shared\IMEPADSM.DLL
+ 2009-12-05 14:06 . 2009-04-11 06:28 31744 c:\windows\System32\IME\shared\imecfm.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 31744 c:\windows\System32\IME\shared\imecfm.dll
- 2006-11-02 08:38 . 2006-11-02 09:46 29696 c:\windows\System32\IME\shared\IMEAPIS.DLL
+ 2009-12-05 14:06 . 2009-04-11 06:28 29696 c:\windows\System32\IME\shared\IMEAPIS.DLL
+ 2009-12-05 14:06 . 2009-04-11 06:28 53760 c:\windows\System32\IME\IMESC5\PMIGRATE.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 53760 c:\windows\System32\IME\IMESC5\PMIGRATE.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 87552 c:\windows\System32\IME\IMESC5\IMSCPROP.exe
+ 2009-12-05 14:06 . 2009-04-11 06:27 87552 c:\windows\System32\IME\IMESC5\IMSCPROP.exe
+ 2009-12-05 14:06 . 2009-04-11 06:28 52736 c:\windows\System32\IME\imekr8\imkrudt.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 52736 c:\windows\System32\IME\imekr8\imkrudt.dll
+ 2009-12-05 14:06 . 2009-04-11 06:27 44544 c:\windows\System32\IME\IMEJP10\IMJPUEX.EXE
+ 2009-12-05 14:06 . 2009-04-11 06:27 24064 c:\windows\System32\IME\IMEJP10\imjppdmg.exe
- 2008-01-21 02:24 . 2008-01-21 02:24 24064 c:\windows\System32\IME\IMEJP10\imjppdmg.exe
+ 2009-12-05 14:06 . 2009-04-11 06:27 60416 c:\windows\System32\IME\IMEJP10\IMJPMGR.EXE
- 2008-01-21 02:24 . 2008-01-21 02:24 60416 c:\windows\System32\IME\IMEJP10\IMJPMGR.EXE
+ 2009-12-05 14:06 . 2009-04-11 06:27 59392 c:\windows\System32\IME\IMEJP10\IMJPDSVR.EXE
- 2008-01-21 02:24 . 2008-01-21 02:24 59392 c:\windows\System32\IME\IMEJP10\IMJPDSVR.EXE
+ 2009-12-05 14:06 . 2009-04-11 06:28 37888 c:\windows\System32\IME\IMEJP10\IMJPDCTP.DLL
+ 2009-12-05 14:06 . 2009-04-11 06:28 29696 c:\windows\System32\ifmon.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 29696 c:\windows\System32\ifmon.dll
+ 2006-11-02 08:49 . 2006-11-02 09:45 26624 c:\windows\System32\ieUnatt.exe
- 2009-12-13 21:09 . 2009-10-27 10:55 26624 c:\windows\System32\ieUnatt.exe
+ 2009-12-05 14:06 . 2009-04-11 06:28 76288 c:\windows\System32\iassvcs.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 33792 c:\windows\System32\iaspolcy.dll
+ 2008-01-21 02:24 . 2008-01-21 02:24 17408 c:\windows\System32\iashost.exe
- 2009-04-15 17:40 . 2009-03-03 02:38 17408 c:\windows\System32\iashost.exe
+ 2009-12-05 14:06 . 2009-04-11 06:28 70656 c:\windows\System32\iashlpr.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 47104 c:\windows\System32\iasdatastore.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 57344 c:\windows\System32\iasads.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 58880 c:\windows\System32\iasacct.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 26112 c:\windows\System32\hidserv.dll
+ 2009-12-05 14:06 . 2009-04-11 06:27 80384 c:\windows\System32\hdwwiz.exe
- 2006-11-02 08:33 . 2006-11-02 09:45 80384 c:\windows\System32\hdwwiz.exe
+ 2009-12-05 14:06 . 2009-04-11 06:28 41472 c:\windows\System32\hbaapi.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 16896 c:\windows\System32\gpupdate.exe
+ 2009-12-05 14:06 . 2009-04-11 06:27 16896 c:\windows\System32\gpupdate.exe
+ 2009-12-05 14:06 . 2009-04-11 06:28 75264 c:\windows\System32\gpapi.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 75264 c:\windows\System32\gpapi.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 28672 c:\windows\System32\FwRemoteSvr.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 28672 c:\windows\System32\FwRemoteSvr.dll
+ 2009-12-05 14:06 . 2009-04-11 06:27 41984 c:\windows\System32\ftp.exe
- 2008-01-21 02:24 . 2008-01-21 02:24 41984 c:\windows\System32\ftp.exe
- 2009-07-15 13:59 . 2009-06-15 15:20 72704 c:\windows\System32\fontsub.dll
+ 2008-01-21 02:24 . 2008-01-21 02:24 72704 c:\windows\System32\fontsub.dll
+ 2006-11-02 08:58 . 2006-11-02 09:45 10240 c:\windows\System32\finger.exe
- 2009-09-08 21:02 . 2009-08-14 14:16 10240 c:\windows\System32\finger.exe
+ 2009-12-05 14:06 . 2009-04-11 06:27 60928 c:\windows\System32\findstr.exe
+ 2009-12-05 14:06 . 2009-04-11 06:28 54272 c:\windows\System32\feclient.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 54272 c:\windows\System32\feclient.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 67072 c:\windows\System32\fdWSD.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 67072 c:\windows\System32\fdWSD.dll
- 2008-01-21 02:23 . 2008-01-21 02:23 69120 c:\windows\System32\fdWCN.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 69120 c:\windows\System32\fdWCN.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 68096 c:\windows\System32\fdSSDP.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 68096 c:\windows\System32\fdSSDP.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 24064 c:\windows\System32\fdProxy.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 53760 c:\windows\System32\fdeploy.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 53760 c:\windows\System32\fdeploy.dll
+ 2009-12-05 14:07 . 2009-04-11 06:28 88064 c:\windows\System32\fdBth.dll
+ 2009-12-05 14:06 . 2009-04-11 06:27 19968 c:\windows\System32\fc.exe
- 2006-11-02 08:32 . 2006-11-02 09:45 19968 c:\windows\System32\fc.exe
+ 2009-12-05 14:06 . 2009-04-11 06:28 20992 c:\windows\System32\ExplorerFrame.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 20992 c:\windows\System32\ExplorerFrame.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 37376 c:\windows\System32\EhStorPwdMgr.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 93696 c:\windows\System32\eappgnui.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 93696 c:\windows\System32\eappgnui.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 81920 c:\windows\System32\dwm.exe
+ 2009-12-05 14:06 . 2009-04-11 06:27 81920 c:\windows\System32\dwm.exe
+ 2009-12-05 14:06 . 2009-04-11 06:28 52224 c:\windows\System32\DriverStore\FileRepository\wudfusbcciddriver.inf_d7a408ce\WUDFUsbccidDriver.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 54272 c:\windows\System32\DriverStore\FileRepository\wsdscdrv.inf_5eb2c3a6\WSDScPrx.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 56320 c:\windows\System32\DriverStore\FileRepository\wsdprint.inf_b05b5e02\WSDPrPxy.dll
+ 2008-01-21 02:23 . 2008-01-21 02:23 16896 c:\windows\System32\DriverStore\FileRepository\wsdprint.inf_b05b5e02\WSDPrint.sys
+ 2008-01-21 02:23 . 2008-01-21 02:23 39936 c:\windows\System32\DriverStore\FileRepository\wpdmtp.inf_f36c5e95\WpdUsb.sys
+ 2008-01-21 02:23 . 2008-01-21 02:23 60928 c:\windows\System32\DriverStore\FileRepository\wpdmtp.inf_f36c5e95\WpdMtpUS.dll
+ 2008-01-21 02:23 . 2008-01-21 02:23 66560 c:\windows\System32\DriverStore\FileRepository\wpdmtp.inf_f36c5e95\WpdMtpIP.dll
+ 2008-01-21 02:23 . 2008-01-21 02:23 33280 c:\windows\System32\DriverStore\FileRepository\wpdmtp.inf_f36c5e95\WpdConns.dll
+ 2009-12-05 14:06 . 2009-04-11 04:42 31616 c:\windows\System32\DriverStore\FileRepository\winusb.inf_c07c5ec4\winusb.sys
+ 2009-12-05 14:06 . 2009-04-11 04:42 73216 c:\windows\System32\DriverStore\FileRepository\wdma_usb.inf_dc7189cc\USBAUDIO.sys
+ 2009-12-05 14:06 . 2009-04-11 04:42 31616 c:\windows\System32\DriverStore\FileRepository\wceusbsh.inf_2fb04100\winusb.sys
+ 2009-12-05 14:06 . 2009-04-11 04:42 65536 c:\windows\System32\DriverStore\FileRepository\usbstor.inf_72a6a3e5\USBSTOR.SYS
+ 2008-01-21 02:23 . 2008-01-21 02:23 23552 c:\windows\System32\DriverStore\FileRepository\usbport.inf_2c537348\usbuhci.sys
+ 2009-12-05 14:06 . 2009-04-11 04:42 19456 c:\windows\System32\DriverStore\FileRepository\usbport.inf_2c537348\usbohci.sys
+ 2009-12-05 14:06 . 2009-04-11 04:42 39936 c:\windows\System32\DriverStore\FileRepository\usbport.inf_2c537348\usbehci.sys
+ 2008-01-21 02:23 . 2008-01-21 02:23 15872 c:\windows\System32\DriverStore\FileRepository\usbport.inf_2c537348\hcrstco.dll
+ 2009-12-05 14:06 . 2009-04-11 04:38 30208 c:\windows\System32\DriverStore\FileRepository\usbccid.inf_54511730\usbccid.sys
+ 2008-01-21 02:23 . 2008-01-21 02:23 73216 c:\windows\System32\DriverStore\FileRepository\usb.inf_e9aaaa78\usbccgp.sys
+ 2009-12-05 14:06 . 2009-04-11 04:42 31616 c:\windows\System32\DriverStore\FileRepository\transfercable.inf_9c53df5f\x86\winusb.sys
+ 2009-12-05 14:06 . 2009-04-11 05:06 19968 c:\windows\System32\DriverStore\FileRepository\sti.inf_0bb72b9f\WSDScan.sys
+ 2008-01-21 02:23 . 2008-01-21 02:23 89088 c:\windows\System32\DriverStore\FileRepository\sti.inf_0bb72b9f\wiafbdrv.dll
+ 2008-01-21 02:23 . 2008-01-21 02:23 35328 c:\windows\System32\DriverStore\FileRepository\sti.inf_0bb72b9f\usbscan.sys
+ 2008-01-21 02:23 . 2008-01-21 02:23 14848 c:\windows\System32\DriverStore\FileRepository\sti.inf_0bb72b9f\scsiscan.sys
+ 2009-12-05 14:06 . 2009-04-11 04:39 11776 c:\windows\System32\DriverStore\FileRepository\sffdisk.inf_f081f8b7\sffp_sd.sys
+ 2009-12-05 14:06 . 2009-04-11 04:39 12288 c:\windows\System32\DriverStore\FileRepository\sffdisk.inf_f081f8b7\sffp_mmc.sys
+ 2008-01-21 02:23 . 2008-01-21 02:23 13312 c:\windows\System32\DriverStore\FileRepository\sffdisk.inf_f081f8b7\sffdisk.sys
+ 2009-12-05 14:06 . 2009-04-11 04:19 89088 c:\windows\System32\DriverStore\FileRepository\sdbus.inf_cbadf2d2\sdbus.sys
+ 2009-12-05 14:06 . 2009-04-11 06:32 82408 c:\windows\System32\DriverStore\FileRepository\sbp2.inf_dd2a3429\sbp2port.sys
+ 2009-12-05 14:06 . 2009-04-11 06:28 17408 c:\windows\System32\DriverStore\FileRepository\ntprint.inf_fceaf475\I386\PJLMON.DLL
+ 2009-12-05 14:06 . 2009-04-11 04:46 15872 c:\windows\System32\DriverStore\FileRepository\netrndis.inf_e5fc9df6\usb8023x.sys
+ 2009-12-05 14:06 . 2009-04-11 04:46 33280 c:\windows\System32\DriverStore\FileRepository\netrndis.inf_e5fc9df6\rndismpx.sys
+ 2008-01-21 02:23 . 2008-01-21 02:23 20024 c:\windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\viaide.sys
+ 2009-12-05 14:06 . 2009-04-11 06:32 43496 c:\windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\pciidex.sys
+ 2009-12-05 14:06 . 2009-04-11 06:32 14312 c:\windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\pciide.sys
+ 2009-12-05 14:06 . 2009-04-11 06:32 27112 c:\windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\msahci.sys
+ 2008-01-21 02:23 . 2008-01-21 02:23 17976 c:\windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\intelide.sys
+ 2008-01-21 02:23 . 2008-01-21 02:23 19000 c:\windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\cmdide.sys
+ 2009-12-05 14:06 . 2009-04-11 06:32 19944 c:\windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
+ 2008-01-21 02:23 . 2008-01-21 02:23 17976 c:\windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\amdide.sys
+ 2008-01-21 02:23 . 2008-01-21 02:23 17464 c:\windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\aliide.sys
+ 2009-12-05 14:06 . 2009-04-11 06:32 93160 c:\windows\System32\DriverStore\FileRepository\msdsm.inf_2952f7e7\msdsm.sys
+ 2009-12-05 14:06 . 2009-04-11 04:42 27648 c:\windows\System32\DriverStore\FileRepository\mdmcpq.inf_a4839249\usbser.sys
+ 2009-12-05 14:06 . 2009-04-11 04:43 41472 c:\windows\System32\DriverStore\FileRepository\mdmbtmdm.inf_ab57df1e\bthmodem.sys
+ 2008-01-21 02:23 . 2008-01-21 02:23 52792 c:\windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\volmgr.sys
+ 2008-01-21 02:23 . 2008-01-21 02:23 56888 c:\windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\VIAAGP.SYS
+ 2008-01-21 02:23 . 2008-01-21 02:23 60984 c:\windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\ULIAGPKX.SYS
+ 2009-12-05 14:06 . 2009-04-11 06:32 53224 c:\windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\termdd.sys
+ 2008-01-21 02:23 . 2008-01-21 02:23 15288 c:\windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\swenum.sys
+ 2008-01-21 02:23 . 2008-01-21 02:23 22632 c:\windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\streamci.dll
+ 2008-01-21 02:23 . 2008-01-21 02:23 55864 c:\windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\SISAGP.SYS
+ 2008-01-21 02:23 . 2008-01-21 02:23 31288 c:\windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\mssmbios.sys
+ 2008-01-21 02:23 . 2008-01-21 02:23 16440 c:\windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\msisadrv.sys
+ 2008-01-21 02:23 . 2008-01-21 02:23 49720 c:\windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\isapnp.sys
+ 2008-01-21 02:23 . 2008-01-21 02:23 57400 c:\windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AMDAGP.SYS
+ 2008-01-21 02:23 . 2008-01-21 02:23 56376 c:\windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
+ 2009-12-05 14:06 . 2009-04-11 04:38 17408 c:\windows\System32\DriverStore\FileRepository\keyboard.inf_f55d5e51\kbdhid.sys
+ 2008-01-21 02:23 . 2008-01-21 02:23 35384 c:\windows\System32\DriverStore\FileRepository\keyboard.inf_f55d5e51\kbdclass.sys
+ 2008-01-21 02:23 . 2008-01-21 02:23 54784 c:\windows\System32\DriverStore\FileRepository\keyboard.inf_f55d5e51\i8042prt.sys
+ 2009-12-05 14:06 . 2009-04-11 04:39 16384 c:\windows\System32\DriverStore\FileRepository\iscsi.inf_7cf731e4\iscsilog.dll
+ 2009-12-05 14:06 . 2009-04-11 04:27 64512 c:\windows\System32\DriverStore\FileRepository\ipmidrv.inf_a46ca46a\IPMIDrv.sys
+ 2009-12-05 14:06 . 2009-04-11 04:42 12800 c:\windows\System32\DriverStore\FileRepository\input.inf_45f308e6\hidusb.sys
+ 2008-01-21 02:23 . 2008-01-21 02:23 25472 c:\windows\System32\DriverStore\FileRepository\input.inf_45f308e6\hidparse.sys
+ 2008-01-21 02:23 . 2008-01-21 02:23 21504 c:\windows\System32\DriverStore\FileRepository\input.inf_45f308e6\hidir.sys
+ 2009-12-05 14:06 . 2009-04-11 04:42 39424 c:\windows\System32\DriverStore\FileRepository\input.inf_45f308e6\hidclass.sys
+ 2009-12-05 14:07 . 2009-04-11 06:32 69096 c:\windows\System32\DriverStore\FileRepository\hpcisss.inf_3d49a363\HpCISSs.sys
+ 2009-12-05 14:06 . 2009-04-11 04:43 30720 c:\windows\System32\DriverStore\FileRepository\hidbth.inf_e1bc61a9\hidbth.sys
+ 2009-12-05 14:06 . 2009-04-11 06:32 53736 c:\windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
+ 2009-12-05 14:06 . 2009-04-11 04:20 26112 c:\windows\System32\DriverStore\FileRepository\clusdisk.inf_1f8551c9\ClusDisk.sys
+ 2009-12-05 14:06 . 2009-04-11 04:39 67072 c:\windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
+ 2009-12-05 14:06 . 2009-04-11 04:43 29696 c:\windows\System32\DriverStore\FileRepository\bthprint.inf_fa0c9014\BTHPRINT.SYS
+ 2009-12-05 14:06 . 2009-04-11 04:43 29696 c:\windows\System32\DriverStore\FileRepository\bth.inf_00899617\BTHUSB.SYS
+ 2009-12-05 14:06 . 2009-04-11 04:43 22528 c:\windows\System32\DriverStore\FileRepository\bth.inf_00899617\bthenum.sys
+ 2008-01-21 02:23 . 2008-01-21 02:23 13568 c:\windows\System32\DriverStore\FileRepository\brmfcsto.inf_502e686e\BrFiltLo.sys
+ 2008-01-21 02:23 . 2008-01-21 02:23 11264 c:\windows\System32\DriverStore\FileRepository\acpi.inf_62085e44\wmiacpi.sys
+ 2008-01-21 02:23 . 2008-01-21 02:23 20792 c:\windows\System32\DriverStore\FileRepository\acpi.inf_62085e44\compbatt.sys
+ 2008-01-21 02:23 . 2008-01-21 02:23 28216 c:\windows\System32\DriverStore\FileRepository\acpi.inf_62085e44\battc.sys
+ 2009-12-05 14:06 . 2009-04-11 04:43 62208 c:\windows\System32\DriverStore\FileRepository\1394.inf_5e025c7c\ohci1394.sys
+ 2008-01-21 02:23 . 2008-01-21 02:23 53376 c:\windows\System32\DriverStore\FileRepository\1394.inf_5e025c7c\1394bus.sys
+ 2009-12-05 14:06 . 2009-04-11 04:22 33280 c:\windows\System32\drivers\watchdog.sys
+ 2009-12-05 14:06 . 2009-04-11 04:42 65536 c:\windows\System32\drivers\USBSTOR.SYS
- 2008-01-21 02:23 . 2008-01-21 02:23 19456 c:\windows\System32\drivers\usbohci.sys
+ 2009-12-05 14:06 . 2009-04-11 04:42 19456 c:\windows\System32\drivers\usbohci.sys
+ 2009-12-05 14:06 . 2009-04-11 04:42 39936 c:\windows\System32\drivers\usbehci.sys
+ 2009-12-05 14:06 . 2009-04-11 04:42 25856 c:\windows\System32\drivers\USBCAMD2.sys
+ 2009-12-05 14:06 . 2009-04-11 04:42 25856 c:\windows\System32\drivers\USBCAMD.sys
+ 2009-12-05 14:06 . 2009-04-11 04:42 73216 c:\windows\System32\drivers\USBAUDIO.sys
- 2008-01-21 02:24 . 2008-01-21 02:24 15872 c:\windows\System32\drivers\usb8023.sys
+ 2009-12-05 14:06 . 2009-04-11 04:46 15872 c:\windows\System32\drivers\usb8023.sys
+ 2009-12-05 14:06 . 2009-04-11 06:32 53224 c:\windows\System32\drivers\termdd.sys
+ 2009-12-05 14:06 . 2009-04-11 04:45 72192 c:\windows\System32\drivers\tdx.sys
+ 2009-12-05 14:06 . 2009-04-11 04:46 30720 c:\windows\System32\drivers\tcpipreg.sys
+ 2009-12-05 14:06 . 2009-04-11 04:42 52992 c:\windows\System32\drivers\stream.sys
- 2008-01-21 02:24 . 2008-01-21 02:24 52992 c:\windows\System32\drivers\stream.sys
+ 2009-12-05 14:06 . 2009-04-11 04:15 98816 c:\windows\System32\drivers\srvnet.sys
+ 2009-12-05 14:06 . 2009-04-11 04:45 66560 c:\windows\System32\drivers\smb.sys
- 2008-01-21 02:25 . 2008-01-21 02:25 66560 c:\windows\System32\drivers\smb.sys
+ 2009-12-05 14:06 . 2009-04-11 04:46 33280 c:\windows\System32\drivers\RNDISMP.sys
- 2008-01-21 02:24 . 2008-01-21 02:24 33280 c:\windows\System32\drivers\RNDISMP.sys
+ 2009-12-05 14:06 . 2009-04-11 04:46 69120 c:\windows\System32\drivers\rassstp.sys
- 2008-01-21 02:25 . 2008-01-21 02:25 69120 c:\windows\System32\drivers\rassstp.sys
+ 2009-12-05 14:06 . 2009-04-11 04:46 41472 c:\windows\System32\drivers\raspppoe.sys
- 2008-01-21 02:24 . 2008-01-21 02:24 41472 c:\windows\System32\drivers\raspppoe.sys
+ 2009-12-05 14:06 . 2009-04-11 06:32 43496 c:\windows\System32\drivers\pciidex.sys
+ 2009-12-05 14:06 . 2009-04-11 06:32 14312 c:\windows\System32\drivers\pciide.sys
+ 2009-12-05 14:06 . 2009-04-11 06:32 54248 c:\windows\System32\drivers\partmgr.sys
- 2008-10-28 09:58 . 2008-04-05 01:21 72192 c:\windows\System32\drivers\pacer.sys
+ 2009-12-05 14:06 . 2009-04-11 04:45 72192 c:\windows\System32\drivers\pacer.sys
+ 2009-12-05 14:06 . 2009-04-11 04:43 62208 c:\windows\System32\drivers\ohci1394.sys
+ 2009-12-05 14:06 . 2009-04-11 04:14 35328 c:\windows\System32\drivers\npfs.sys
+ 2009-12-05 14:06 . 2009-04-11 06:32 48104 c:\windows\System32\drivers\mup.sys
+ 2009-12-05 14:06 . 2009-04-11 04:14 79360 c:\windows\System32\drivers\mrxsmb20.sys
+ 2009-12-05 14:06 . 2009-04-11 04:38 17408 c:\windows\System32\drivers\kbdhid.sys
+ 2009-12-05 14:06 . 2009-04-11 04:42 12800 c:\windows\System32\drivers\hidusb.sys
+ 2009-12-05 14:06 . 2009-04-11 04:42 39424 c:\windows\System32\drivers\hidclass.sys
+ 2009-12-05 14:06 . 2009-04-11 06:32 99816 c:\windows\System32\drivers\FWPKCLNT.SYS
- 2008-01-21 02:24 . 2008-01-21 02:24 76288 c:\windows\System32\drivers\dxg.sys
+ 2009-12-05 14:06 . 2009-04-11 04:23 76288 c:\windows\System32\drivers\dxg.sys
+ 2009-12-05 14:06 . 2009-04-11 06:32 27624 c:\windows\System32\drivers\Dumpata.sys
+ 2009-12-05 14:06 . 2009-04-11 04:39 19456 c:\windows\System32\drivers\Diskdump.sys
+ 2009-12-05 14:06 . 2009-04-11 06:32 53736 c:\windows\System32\drivers\disk.sys
- 2008-01-21 02:24 . 2008-01-21 02:24 75264 c:\windows\System32\drivers\dfsc.sys
+ 2009-12-05 14:06 . 2009-04-11 04:14 75264 c:\windows\System32\drivers\dfsc.sys
+ 2009-12-05 14:06 . 2009-04-11 06:32 35304 c:\windows\System32\drivers\crashdmp.sys
+ 2009-12-05 14:06 . 2009-04-11 04:39 67072 c:\windows\System32\drivers\cdrom.sys
- 2008-01-21 02:23 . 2008-01-21 02:23 67072 c:\windows\System32\drivers\cdrom.sys
- 2008-01-21 02:23 . 2008-01-21 02:23 93696 c:\windows\System32\drivers\bridge.sys
+ 2009-12-05 14:06 . 2009-04-11 05:42 93696 c:\windows\System32\drivers\bridge.sys
+ 2009-12-05 14:06 . 2009-04-11 06:32 19944 c:\windows\System32\drivers\atapi.sys
+ 2009-12-05 14:06 . 2009-04-11 06:28 75264 c:\windows\System32\dot3msm.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 49664 c:\windows\System32\dot3cfg.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 49664 c:\windows\System32\dot3cfg.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 86528 c:\windows\System32\dnsrslvr.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 86528 c:\windows\System32\dnsrslvr.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 54784 c:\windows\System32\dimsroam.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 54784 c:\windows\System32\dimsroam.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 93512 c:\windows\System32\dfshim.dll
+ 2009-12-05 14:07 . 2009-04-11 06:27 65536 c:\windows\System32\DevicePairingWizard.exe
+ 2009-12-05 14:06 . 2009-04-11 06:28 54784 c:\windows\System32\DevicePairingProxy.dll
+ 2009-12-05 14:06 . 2009-04-11 06:27 26112 c:\windows\System32\DeviceEject.exe
+ 2006-11-02 08:38 . 2006-11-02 09:46 10240 c:\windows\System32\dciman32.dll
- 2009-07-15 13:59 . 2009-06-15 15:20 10240 c:\windows\System32\dciman32.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 61440 c:\windows\System32\davclnt.dll
- 2008-12-19 04:39 . 2008-06-26 03:29 45056 c:\windows\System32\dataclen.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 45056 c:\windows\System32\dataclen.dll
+ 2009-12-05 14:06 . 2009-04-11 06:27 46080 c:\windows\System32\csrstub.exe
- 2008-01-21 02:24 . 2008-01-21 02:24 46080 c:\windows\System32\csrstub.exe
+ 2009-12-05 14:06 . 2009-04-11 06:28 22016 c:\windows\System32\cscdll.dll
- 2008-01-21 02:25 . 2008-01-21 02:25 22016 c:\windows\System32\cscdll.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 31744 c:\windows\System32\cscapi.dll
- 2008-01-21 02:25 . 2008-01-21 02:25 31744 c:\windows\System32\cscapi.dll
+ 2009-12-05 14:06 . 2009-04-11 06:27 69120 c:\windows\System32\conime.exe
- 2008-01-21 02:24 . 2008-01-21 02:24 69120 c:\windows\System32\conime.exe
- 2008-12-17 15:47 . 2010-01-11 19:04 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-17 15:47 . 2010-01-12 13:59 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-17 15:47 . 2010-01-11 19:04 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-17 15:47 . 2010-01-12 13:59 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-05 14:06 . 2009-04-11 06:27 57856 c:\windows\System32\compcln.exe
+ 2009-12-05 14:06 . 2009-04-11 06:27 49152 c:\windows\System32\cmmon32.exe
+ 2009-12-05 14:06 . 2009-04-11 06:27 58368 c:\windows\System32\cipher.exe
- 2008-01-21 02:24 . 2008-01-21 02:24 58368 c:\windows\System32\cipher.exe
- 2006-11-02 08:38 . 2006-11-02 09:46 10752 c:\windows\System32\CHxReadingStringIME.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 10752 c:\windows\System32\CHxReadingStringIME.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 40448 c:\windows\System32\certprop.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 40448 c:\windows\System32\certprop.dll
+ 2009-12-05 14:06 . 2009-04-11 06:21 37376 c:\windows\System32\cdd.dll
+ 2009-12-05 14:06 . 2009-04-11 06:27 44032 c:\windows\System32\cbsra.exe
- 2008-01-21 02:24 . 2008-01-21 02:24 44032 c:\windows\System32\cbsra.exe
- 2006-11-02 08:55 . 2006-11-02 09:44 34304 c:\windows\System32\bthudtask.exe
+ 2009-12-05 14:06 . 2009-04-11 06:27 34304 c:\windows\System32\bthudtask.exe
+ 2009-12-05 14:06 . 2009-04-11 06:28 40960 c:\windows\System32\bthserv.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 45568 c:\windows\System32\bthci.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 45568 c:\windows\System32\bthci.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 31744 c:\windows\System32\bitsigd.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 31744 c:\windows\System32\bitsigd.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 79872 c:\windows\System32\authz.dll
+ 2009-12-05 14:06 . 2009-04-11 06:27 88576 c:\windows\System32\audiodg.exe
+ 2009-07-15 13:59 . 2009-04-11 06:28 34304 c:\windows\System32\atmlib.dll
- 2006-11-02 08:38 . 2006-11-02 09:46 34304 c:\windows\System32\atmlib.dll
+ 2006-11-02 08:58 . 2006-11-02 09:44 19968 c:\windows\System32\ARP.EXE
- 2009-09-08 21:02 . 2009-08-14 14:16 19968 c:\windows\System32\ARP.EXE
+ 2009-12-05 14:06 . 2009-04-11 06:28 28672 c:\windows\System32\Apphlpdm.dll
- 2009-09-02 21:22 . 2009-08-28 12:39 28672 c:\windows\System32\Apphlpdm.dll
+ 2008-01-21 02:24 . 2008-01-21 02:24 13824 c:\windows\System32\apilogen.dll
- 2009-04-15 17:40 . 2009-03-17 03:38 13824 c:\windows\System32\apilogen.dll
+ 2008-01-21 02:24 . 2008-01-21 02:24 24064 c:\windows\System32\amxread.dll
- 2009-04-15 17:40 . 2009-03-17 03:38 24064 c:\windows\System32\amxread.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 75264 c:\windows\System32\adsmsext.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 39424 c:\windows\servicing\TrustedInstaller.exe
+ 2009-12-05 14:06 . 2009-04-11 06:28 39424 c:\windows\servicing\TrustedInstaller.exe
+ 2009-11-27 06:24 . 2010-01-12 05:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-27 06:24 . 2010-01-11 13:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-27 06:24 . 2010-01-12 05:24 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-27 06:24 . 2010-01-11 13:22 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-27 06:24 . 2010-01-11 13:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-27 06:24 . 2010-01-12 05:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-26 02:19 . 2010-01-11 15:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-26 02:19 . 2010-01-12 13:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-26 02:19 . 2010-01-11 15:01 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-26 02:19 . 2010-01-12 13:00 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-26 02:19 . 2010-01-11 15:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-26 02:19 . 2010-01-12 13:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

Jazzaquarium · 12.01.2010, 15:34

weiter:

+ 2009-12-05 14:06 . 2009-02-18 18:39 23408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe
+ 2009-12-05 14:06 . 2009-02-18 18:39 43904 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2009-12-05 14:06 . 2009-02-18 18:39 32768 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
- 2009-06-19 10:17 . 2008-06-20 01:14 32768 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2009-12-05 14:06 . 2009-02-18 18:39 68960 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2009-12-05 14:06 . 2009-02-18 18:38 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
- 2009-06-19 10:17 . 2008-06-20 01:14 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
- 2009-06-19 10:17 . 2008-06-20 01:14 73728 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2009-12-05 14:06 . 2009-02-18 18:38 73728 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2009-12-05 14:06 . 2009-02-18 18:38 18288 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2009-12-05 14:06 . 2009-02-18 18:39 38744 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\de\WsatConfig.resources.dll
- 2009-06-19 10:25 . 2008-07-04 02:02 36864 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\de\System.ServiceModel.Install.Resources.dll
+ 2009-12-05 14:06 . 2009-02-18 18:39 36864 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\de\System.ServiceModel.Install.Resources.dll
+ 2009-12-05 14:06 . 2009-02-18 18:39 16744 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\de\SMSvcHost.resources.dll
+ 2009-12-05 14:06 . 2009-02-18 18:39 25456 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\de\ServiceModelReg.resources.dll
- 2009-06-19 10:25 . 2008-07-04 02:02 28672 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\de\Microsoft.Transactions.Bridge.Resources.dll
+ 2009-12-05 14:06 . 2009-02-18 18:39 28672 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\de\Microsoft.Transactions.Bridge.Resources.dll
+ 2009-12-05 14:06 . 2009-02-18 18:39 42856 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\de\ComSvcConfig.resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
- 2009-06-19 10:10 . 2008-07-27 18:03 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
- 2009-06-19 10:10 . 2008-07-27 18:03 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
- 2009-06-19 10:10 . 2008-07-27 18:03 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
- 2009-06-19 10:10 . 2008-07-27 18:03 16896 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2008-01-21 02:24 . 2008-01-21 02:24 16896 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
- 2009-06-19 10:11 . 2008-07-27 18:03 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2009-12-05 14:06 . 2009-03-30 04:42 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- 2009-06-19 10:10 . 2008-07-27 18:03 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2009-12-05 14:06 . 2009-03-30 04:42 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2009-12-05 14:06 . 2009-03-30 04:42 85320 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 97592 c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2009-12-05 14:06 . 2009-03-30 04:42 29504 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0407\mscorsecr.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 66368 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2009-12-05 14:06 . 2009-03-30 04:42 74048 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 90960 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 43344 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 80208 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- 2009-06-19 10:10 . 2008-07-27 18:03 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2009-12-05 14:06 . 2009-03-30 04:42 94544 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
- 2009-06-19 10:10 . 2008-07-27 18:03 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-06-19 10:10 . 2008-07-27 18:03 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
- 2009-06-19 10:10 . 2008-07-27 18:03 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
- 2009-06-19 10:11 . 2008-07-27 18:03 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
- 2009-06-19 10:11 . 2008-07-27 18:03 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
- 2009-06-19 10:10 . 2008-07-27 18:03 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2009-12-05 14:06 . 2009-03-30 04:42 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- 2009-06-19 10:10 . 2008-07-27 18:03 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
- 2009-06-19 10:11 . 2008-07-27 18:03 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2009-12-05 14:06 . 2009-03-30 04:42 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2009-12-05 14:06 . 2009-03-30 04:42 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
- 2009-06-19 10:10 . 2008-07-27 18:03 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 15688 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 33080 c:\windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
+ 2009-12-05 14:06 . 2009-03-30 04:42 59720 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
- 2009-06-19 10:22 . 2008-07-27 18:03 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Web.Services.Resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Web.Services.Resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Web.Mobile.resources.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Web.Mobile.resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Transactions.resources.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Transactions.resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.ServiceProcess.Resources.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.ServiceProcess.Resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Security.Resources.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Security.Resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 11776 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Runtime.Serialization.Formatters.Soap.Resources.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 11776 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Runtime.Serialization.Formatters.Soap.Resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Runtime.Remoting.Resources.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Runtime.Remoting.Resources.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 61440 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Messaging.Resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 61440 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Messaging.Resources.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Management.Resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Management.Resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.EnterpriseServices.Resources.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.EnterpriseServices.Resources.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Drawing.Resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Drawing.Resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.DirectoryServices.Resources.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.DirectoryServices.Resources.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.DirectoryServices.Protocols.resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.DirectoryServices.Protocols.resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\system.data.sqlxml.resources.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\system.data.sqlxml.resources.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 49152 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Configuration.resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 49152 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Configuration.resources.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Configuration.Install.Resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Configuration.Install.Resources.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\sysglobl.resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\sysglobl.resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 93008 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\ShFusRes.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 11264 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\Regasm.resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 11264 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\Regasm.resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\MSBuild.resources.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\MSBuild.resources.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 61440 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\Microsoft.VisualBasic.resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 61440 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\Microsoft.VisualBasic.resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 45056 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\Microsoft.JScript.Resources.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 45056 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\Microsoft.JScript.Resources.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\Microsoft.Build.Utilities.Resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\Microsoft.Build.Utilities.Resources.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\Microsoft.Build.Engine.resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\Microsoft.Build.Engine.resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\caspol.resources.dll
- 2009-06-19 10:22 . 2008-07-27 18:03 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\caspol.resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\aspnet_regsql.resources.dll
- 2009-06-19 10:22 . 2008-07-27 18:03 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\aspnet_regsql.resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 90944 c:\windows\Microsoft.NET\Framework\v2.0.50727\DE\aspnet_rc.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 32064 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2009-12-05 14:06 . 2009-03-30 04:42 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
- 2009-06-19 10:10 . 2008-07-27 18:03 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
- 2009-06-19 10:10 . 2008-07-27 18:03 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 77112 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2009-12-05 14:06 . 2009-03-30 04:42 86360 c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 30528 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2009-12-05 14:06 . 2009-03-30 04:42 31048 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2009-12-05 14:06 . 2009-03-30 04:42 30024 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2009-12-05 14:06 . 2009-03-30 04:42 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
- 2009-06-19 10:10 . 2008-07-27 18:03 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2009-12-05 14:06 . 2009-03-30 04:42 30552 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 14168 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 18760 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
- 2009-06-19 10:10 . 2008-07-27 18:03 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2009-12-05 14:06 . 2009-03-30 04:42 55616 c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2009-12-05 14:06 . 2009-03-30 04:42 95544 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
- 2009-06-19 10:10 . 2008-07-27 18:03 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 11072 c:\windows\Microsoft.NET\Framework\v2.0.50727\1031\CvtResUI.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 27984 c:\windows\Microsoft.NET\Framework\v2.0.50727\1031\alinkui.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 93504 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2008-01-21 02:24 . 2008-01-21 02:24 16896 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
- 2009-06-19 10:10 . 2008-07-27 18:03 16896 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
- 2009-06-19 10:10 . 2008-07-27 18:03 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2008-01-21 02:24 . 2008-01-21 02:24 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
- 2009-06-19 10:10 . 2008-07-27 18:03 16896 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2008-01-21 02:23 . 2008-01-21 02:23 16896 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 79696 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
- 2006-11-02 10:25 . 2010-01-03 17:13 86016 c:\windows\inf\infstor.dat
+ 2006-11-02 10:25 . 2010-01-12 13:56 86016 c:\windows\inf\infstor.dat
+ 2006-11-02 10:25 . 2010-01-12 13:56 51200 c:\windows\inf\infpub.dat
- 2006-11-02 10:25 . 2010-01-03 17:13 51200 c:\windows\inf\infpub.dat
+ 2009-12-05 14:06 . 2009-04-11 06:28 91136 c:\windows\ehome\MFCongestionController.dll
- 2008-01-21 02:25 . 2008-01-21 02:25 91136 c:\windows\ehome\MFCongestionController.dll
+ 2009-12-05 14:06 . 2009-04-11 06:27 82944 c:\windows\ehome\Mcx2Prov.exe
- 2008-01-21 02:25 . 2008-01-21 02:25 82944 c:\windows\ehome\Mcx2Prov.exe
+ 2009-12-05 14:06 . 2009-04-11 06:31 79872 c:\windows\ehome\mcstoredb.dll
+ 2010-01-12 14:02 . 2010-01-12 14:02 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\e9421ef836aa4ff7b3ee8b447c4e6bf8\UIAutomationProvider.ni.dll
+ 2010-01-12 14:02 . 2010-01-12 14:02 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\532c2b963925149aec2a7c6279fe0168\PresentationFontCache.ni.exe
+ 2010-01-12 14:02 . 2010-01-12 14:02 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\4c9923cefc3ac18a2219d93babeb7a1e\PresentationCFFRasterizer.ni.dll
- 2010-01-03 17:07 . 2010-01-03 17:07 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\1f8716cb1e90566b6748073d98494b54\Microsoft.VisualC.ni.dll
+ 2010-01-12 14:02 . 2010-01-12 14:02 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\1f8716cb1e90566b6748073d98494b54\Microsoft.VisualC.ni.dll
+ 2010-01-12 14:02 . 2010-01-12 14:02 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5b0159d1e1269d2da867b576bd6359d5\Accessibility.ni.dll
- 2009-06-19 10:17 . 2008-06-20 01:14 94208 c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2009-12-05 14:06 . 2009-02-18 18:39 94208 c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2009-06-19 10:25 . 2008-07-04 02:03 90112 c:\windows\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_de_31bf3856ad364e35\WindowsBase.resources.dll
+ 2009-12-05 14:06 . 2009-02-25 01:16 90112 c:\windows\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_de_31bf3856ad364e35\WindowsBase.resources.dll
+ 2009-12-05 14:06 . 2009-02-18 18:39 98304 c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2009-06-19 10:17 . 2008-06-20 01:14 98304 c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2009-12-05 14:06 . 2009-02-25 01:16 10240 c:\windows\assembly\GAC_MSIL\UIAutomationTypes.resources\3.0.0.0_de_31bf3856ad364e35\UIAutomationTypes.resources.dll
- 2009-06-19 10:25 . 2008-07-04 02:03 10240 c:\windows\assembly\GAC_MSIL\UIAutomationTypes.resources\3.0.0.0_de_31bf3856ad364e35\UIAutomationTypes.resources.dll
- 2009-06-19 10:17 . 2008-06-20 01:14 40960 c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2009-12-05 14:06 . 2009-02-18 18:39 40960 c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2009-06-19 10:25 . 2008-07-04 02:03 12288 c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders.resources\3.0.0.0_de_31bf3856ad364e35\UIAutomationClientsideProviders.resources.dll
+ 2009-12-05 14:06 . 2009-02-25 01:16 12288 c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders.resources\3.0.0.0_de_31bf3856ad364e35\UIAutomationClientsideProviders.resources.dll
- 2009-06-19 10:25 . 2008-07-04 02:03 36864 c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime.resources\3.0.0.0_de_31bf3856ad364e35\System.Workflow.Runtime.resources.dll
+ 2009-12-05 14:06 . 2009-02-18 18:39 36864 c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime.resources\3.0.0.0_de_31bf3856ad364e35\System.Workflow.Runtime.resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 81920 c:\windows\assembly\GAC_MSIL\System.Web.Services.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Web.Services.Resources.dll
- 2009-06-19 10:22 . 2008-07-27 18:03 81920 c:\windows\assembly\GAC_MSIL\System.Web.Services.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Web.Services.Resources.dll
- 2009-06-19 10:10 . 2008-07-27 18:03 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 81920 c:\windows\assembly\GAC_MSIL\System.Web.Mobile.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Web.Mobile.resources.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 81920 c:\windows\assembly\GAC_MSIL\System.Web.Mobile.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Web.Mobile.resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 28672 c:\windows\assembly\GAC_MSIL\System.Transactions.resources\2.0.0.0_de_b77a5c561934e089\System.Transactions.resources.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 28672 c:\windows\assembly\GAC_MSIL\System.Transactions.resources\2.0.0.0_de_b77a5c561934e089\System.Transactions.resources.dll
- 2009-06-19 10:25 . 2008-07-04 02:03 65536 c:\windows\assembly\GAC_MSIL\System.Speech.resources\3.0.0.0_de_31bf3856ad364e35\System.Speech.resources.dll
+ 2009-12-05 14:06 . 2009-02-25 01:16 65536 c:\windows\assembly\GAC_MSIL\System.Speech.resources\3.0.0.0_de_31bf3856ad364e35\System.Speech.resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 40960 c:\windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.Resources.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 40960 c:\windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.Resources.dll
- 2009-06-19 10:17 . 2008-06-20 01:14 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2009-12-05 14:06 . 2009-02-18 18:38 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2009-06-19 10:17 . 2008-06-20 01:14 73728 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2009-12-05 14:06 . 2009-02-18 18:38 73728 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
- 2009-06-19 10:25 . 2008-07-04 02:02 36864 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.Install.Resources.dll
+ 2009-12-05 14:06 . 2009-02-18 18:39 36864 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.Install.Resources.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 28672 c:\windows\assembly\GAC_MSIL\System.Security.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Security.Resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 28672 c:\windows\assembly\GAC_MSIL\System.Security.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Security.Resources.dll
- 2009-06-19 10:25 . 2008-07-04 02:02 98304 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
+ 2009-12-05 14:06 . 2009-02-18 18:39 98304 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 11776 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatter s.Soap.Resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 11776 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatter s.Soap.Resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 32768 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.Resources.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 32768 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.Resources.dll
+ 2009-12-05 14:06 . 2009-02-25 01:16 16896 c:\windows\assembly\GAC_MSIL\System.Printing.resources\3.0.0.0_de_31bf3856ad364e35\System.Printing.resources.dll
- 2009-06-19 10:25 . 2008-07-04 02:03 16896 c:\windows\assembly\GAC_MSIL\System.Printing.resources\3.0.0.0_de_31bf3856ad364e35\System.Printing.resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 61440 c:\windows\assembly\GAC_MSIL\System.Messaging.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Messaging.Resources.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 61440 c:\windows\assembly\GAC_MSIL\System.Messaging.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Messaging.Resources.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 13824 c:\windows\assembly\GAC_MSIL\system.management.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Management.Resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 13824 c:\windows\assembly\GAC_MSIL\system.management.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Management.Resources.dll
- 2009-06-19 10:25 . 2008-07-04 02:02 11776 c:\windows\assembly\GAC_MSIL\System.IO.Log.resources\3.0.0.0_de_b03f5f7f11d50a3a\System.IO.Log.Resources.dll
+ 2009-12-05 14:06 . 2009-02-18 18:39 11776 c:\windows\assembly\GAC_MSIL\System.IO.Log.resources\3.0.0.0_de_b03f5f7f11d50a3a\System.IO.Log.Resources.dll
- 2009-06-19 10:25 . 2008-07-04 02:02 53248 c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors.resources\3.0.0.0_de_b77a5c561934e089\System.IdentityModel.Selectors.Resources.dll
+ 2009-12-05 14:06 . 2009-02-18 18:39 53248 c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors.resources\3.0.0.0_de_b77a5c561934e089\System.IdentityModel.Selectors.Resources.dll
+ 2009-12-05 14:06 . 2009-02-18 18:39 65536 c:\windows\assembly\GAC_MSIL\System.IdentityModel.resources\3.0.0.0_de_b77a5c561934e089\System.IdentityModel.Resources.dll
- 2009-06-19 10:25 . 2008-07-04 02:02 65536 c:\windows\assembly\GAC_MSIL\System.IdentityModel.resources\3.0.0.0_de_b77a5c561934e089\System.IdentityModel.Resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 32768 c:\windows\assembly\GAC_MSIL\System.EnterpriseServices.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.EnterpriseServices.Resources.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 32768 c:\windows\assembly\GAC_MSIL\System.EnterpriseServices.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.EnterpriseServices.Resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 24576 c:\windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Drawing.Resources.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 24576 c:\windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Drawing.Resources.dll
- 2009-06-19 10:10 . 2008-07-27 18:03 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 40960 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.DirectoryServices.Resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 40960 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.DirectoryServices.Resources.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 28672 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.DirectoryServices.Protocols.resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 28672 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.DirectoryServices.Protocols.resources.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 36864 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml.resources\2.0.0.0_de_b77a5c561934e089\system.data.sqlxml.resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 36864 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml.resources\2.0.0.0_de_b77a5c561934e089\system.data.sqlxml.resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 49152 c:\windows\assembly\GAC_MSIL\SYSTEM.CONFIGURATION.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Configuration.resources.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 49152 c:\windows\assembly\GAC_MSIL\SYSTEM.CONFIGURATION.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Configuration.resources.dll
- 2009-06-19 10:10 . 2008-07-27 18:03 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 28672 c:\windows\assembly\GAC_MSIL\System.Configuration.Install.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Configuration.Install.Resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 28672 c:\windows\assembly\GAC_MSIL\System.Configuration.Install.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Configuration.Install.Resources.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 10752 c:\windows\assembly\GAC_MSIL\sysglobl.resources\2.0.0.0_de_b03f5f7f11d50a3a\sysglobl.resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 10752 c:\windows\assembly\GAC_MSIL\sysglobl.resources\2.0.0.0_de_b03f5f7f11d50a3a\sysglobl.resources.dll
+ 2009-12-05 14:06 . 2009-02-25 01:16 36864 c:\windows\assembly\GAC_MSIL\ReachFramework.resources\3.0.0.0_de_31bf3856ad364e35\ReachFramework.resources.dll
- 2009-06-19 10:25 . 2008-07-04 02:03 36864 c:\windows\assembly\GAC_MSIL\ReachFramework.resources\3.0.0.0_de_31bf3856ad364e35\ReachFramework.resources.dll
+ 2009-12-05 14:06 . 2009-02-18 18:39 43904 c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
- 2009-06-19 10:17 . 2008-06-20 01:14 32768 c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2009-12-05 14:06 . 2009-02-18 18:39 32768 c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
- 2009-06-19 10:25 . 2008-07-04 02:02 53248 c:\windows\assembly\GAC_MSIL\PresentationBuildTasks.resources\3.0.0.0_de_31bf3856ad364e35\PresentationBuildTasks.resources.dll
+ 2009-12-05 14:06 . 2009-02-25 01:16 53248 c:\windows\assembly\GAC_MSIL\PresentationBuildTasks.resources\3.0.0.0_de_31bf3856ad364e35\PresentationBuildTasks.resources.dll
- 2008-01-21 07:12 . 2008-01-21 07:12 36864 c:\windows\assembly\GAC_MSIL\MMCEx.Resources\3.0.0.0_de_31bf3856ad364e35\MMCEx.Resources.dll
+ 2009-12-05 14:06 . 2009-04-11 06:43 36864 c:\windows\assembly\GAC_MSIL\MMCEx.Resources\3.0.0.0_de_31bf3856ad364e35\MMCEx.Resources.dll
- 2009-06-19 10:10 . 2008-07-27 18:03 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-06-19 10:10 . 2008-07-27 18:03 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-06-19 10:10 . 2008-07-27 18:03 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 61440 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 61440 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
+ 2009-12-05 14:06 . 2009-02-18 18:39 28672 c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge.resources\3.0.0.0_de_b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Resources.dll
- 2009-06-19 10:25 . 2008-07-04 02:02 28672 c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge.resources\3.0.0.0_de_b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Resources.dll
- 2008-01-21 07:12 . 2008-01-21 07:12 28672 c:\windows\assembly\GAC_MSIL\Microsoft.ManagementConsole.Resources\3.0.0.0_de_31bf3856ad364e35\Microsoft.ManagementConsole.Resources.dll
+ 2009-12-05 14:06 . 2009-04-11 06:43 28672 c:\windows\assembly\GAC_MSIL\Microsoft.ManagementConsole.Resources\3.0.0.0_de_31bf3856ad364e35\Microsoft.ManagementConsole.Resources.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 45056 c:\windows\assembly\GAC_MSIL\Microsoft.Jscript.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.JScript.Resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 45056 c:\windows\assembly\GAC_MSIL\Microsoft.Jscript.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.JScript.Resources.dll
- 2009-06-19 10:11 . 2008-07-27 18:03 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 10752 c:\windows\assembly\GAC_MSIL\microsoft.build.utilities.resources\2.0.0.0_de_b03f5f7f11d50a3a\Microsoft.Build.Utilities.Resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 10752 c:\windows\assembly\GAC_MSIL\microsoft.build.utilities.resources\2.0.0.0_de_b03f5f7f11d50a3a\Microsoft.Build.Utilities.Resources.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-06-19 10:11 . 2008-07-27 18:03 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 53248 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\2.0.0.0_de_b03f5f7f11d50a3a\Microsoft.Build.Engine.resources.dll
- 2009-06-19 10:23 . 2008-07-27 18:03 53248 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\2.0.0.0_de_b03f5f7f11d50a3a\Microsoft.Build.Engine.resources.dll
- 2009-06-19 10:10 . 2008-07-27 18:03 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-06-19 10:10 . 2008-07-27 18:03 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-06-19 10:10 . 2008-07-27 18:03 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-12-05 14:06 . 2009-04-11 06:31 79872 c:\windows\assembly\GAC_32\mcstoredb\6.0.6000.0__31bf3856ad364e35\mcstoredb.dll
- 2009-06-19 10:10 . 2008-07-27 18:03 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-12-05 14:06 . 2009-03-30 04:42 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-06-19 10:10 . 2008-07-27 18:03 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-04-15 17:40 . 2009-03-17 03:38 40960 c:\windows\AppPatch\apihex86.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 40960 c:\windows\AppPatch\apihex86.dll
+ 2008-12-22 17:48 . 2010-01-11 20:31 2778 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-12-17 16:48 . 2010-01-12 14:15 9696 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2513930204-1434379566-472214267-1000_UserData.bin
- 2009-11-26 02:00 . 2009-10-29 09:41 2048 c:\windows\System32\tzres.dll
+ 2006-11-02 06:58 . 2006-11-02 06:58 2048 c:\windows\System32\tzres.dll
+ 2006-11-02 08:58 . 2006-11-02 09:45 9728 c:\windows\System32\TCPSVCS.EXE
- 2009-09-08 21:02 . 2009-08-14 14:16 9728 c:\windows\System32\TCPSVCS.EXE
+ 2009-12-05 14:06 . 2009-04-11 06:28 7680 c:\windows\System32\spwmp.dll
- 2009-08-11 23:01 . 2009-07-14 12:58 7680 c:\windows\System32\spwmp.dll
+ 2009-12-05 14:06 . 2009-04-11 04:27 2560 c:\windows\System32\msimsg.dll
- 2008-10-28 09:47 . 2008-04-18 02:33 2560 c:\windows\System32\msimsg.dll
- 2006-11-02 12:35 . 2006-11-02 12:35 2048 c:\windows\System32\mferror.dll
+ 2009-09-08 21:01 . 2009-04-11 04:54 2048 c:\windows\System32\mferror.dll
- 2009-08-13 11:00 . 2009-06-15 12:57 9728 c:\windows\System32\lsass.exe
+ 2008-01-21 02:24 . 2008-01-21 02:24 9728 c:\windows\System32\lsass.exe
+ 2009-12-05 14:06 . 2009-02-18 18:38 9048 c:\windows\System32\icardres.dll
+ 2006-11-02 08:58 . 2006-11-02 09:45 8704 c:\windows\System32\HOSTNAME.EXE
- 2009-09-08 21:02 . 2009-08-14 14:16 8704 c:\windows\System32\HOSTNAME.EXE
+ 2009-12-05 14:06 . 2009-04-11 06:28 9728 c:\windows\System32\fdBthProxy.dll
+ 2009-12-05 14:06 . 2009-04-11 06:22 7168 c:\windows\System32\f3ahvoas.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 7168 c:\windows\System32\f3ahvoas.dll
- 2009-08-11 23:01 . 2009-07-14 12:59 4096 c:\windows\System32\dxmasf.dll
+ 2009-12-05 14:06 . 2009-04-11 06:28 4096 c:\windows\System32\dxmasf.dll
+ 2008-01-21 02:23 . 2008-01-21 02:23 5632 c:\windows\System32\DriverStore\FileRepository\wdmaudio.inf_84db3286\drmkaud.sys
+ 2008-01-21 02:23 . 2008-01-21 02:23 5888 c:\windows\System32\DriverStore\FileRepository\usbport.inf_2c537348\usbd.sys
+ 2008-01-21 02:23 . 2008-01-21 02:23 8704 c:\windows\System32\DriverStore\FileRepository\usbport.inf_2c537348\hccoin.dll
+ 2008-01-21 02:23 . 2008-01-21 02:23 9216 c:\windows\System32\DriverStore\FileRepository\sti.inf_0bb72b9f\serscan.sys
+ 2008-01-21 02:23 . 2008-01-21 02:23 6656 c:\windows\System32\DriverStore\FileRepository\keyboard.inf_f55d5e51\kbd106.dll
+ 2008-01-21 02:23 . 2008-01-21 02:23 5248 c:\windows\System32\DriverStore\FileRepository\brmfcsto.inf_502e686e\BrFiltUp.sys
+ 2009-12-05 14:06 . 2009-04-11 04:19 6656 c:\windows\System32\DriverStore\FileRepository\acpi.inf_62085e44\errdev.sys
+ 2010-01-12 14:13 . 2010-01-12 14:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-01-11 19:12 . 2010-01-11 19:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-01-11 19:12 . 2010-01-11 19:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-01-12 14:13 . 2010-01-12 14:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

11.01.2010, 14:38	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Virus?,Trojaner: richtx64.exe, URLSearchHook Bitte jetzt unmittelbar nach dem Avenger Malwarebytes ausführen! __________________ Logfiles bitte immer in CODE-Tags posten

11.01.2010, 16:08	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Virus?,Trojaner: richtx64.exe, URLSearchHook Hast Du die Funde entfernt? Edit: Ja hast Du Mach bitte frische Logs mit RSIT und poste sie. __________________ --> Virus?,Trojaner: richtx64.exe, URLSearchHook

12.01.2010, 15:12	#13
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Virus?,Trojaner: richtx64.exe, URLSearchHook Wurde in der Datei was gefunden? __________________ Logfiles bitte immer in CODE-Tags posten

Virus?,Trojaner: richtx64.exe, URLSearchHook

Log-Analyse und Auswertung: Virus?,Trojaner: richtx64.exe, URLSearchHook