|
Plagegeister aller Art und deren Bekämpfung: Virus/Rootki Problem:R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxySWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
04.10.2010, 17:16 | #1 |
| Virus/Rootki Problem:R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyS Hallo! neues Mitglied erbittet Hilfe bei Problem ^^ Also mit diesem Problem habe ich mich zunächst an ein anderer Forum (ja Schande über mich) gewandt (Giga.de). Dort hat man mir auch früher schonmal geholfen. Die größten Schwierigkeiten konnte ich mit deren Hilfe auch beseitigen =) ABER als es dann zu den letzten Schritten kam wurden mein Problem und ich wohl vergessen und mir wäre das irgendwie unangenehm, meinen Helfer extra zu errinnern... Aufjedenfall vermute ich, dass sich noch immer auf meinem Netbook ein Rootkit befindet und ich kriegs nicht weg >.> Ich bin mir jetzt ehrlich gesagt nicht sicher ob ich die gesamte Vorgeschichte meines Viruses auch posten sollte... Das lasse ich erstmal... auf Anfrage, werd ich das aber natürlich nachholen! Im Folgenden werde ich dann ein HJT Logfile, ein neues OTL und von den letzten Scans, die ich im Rahmen der letzten Bearbeitung bei Giga.de ausführen sollte hochladen. --HJT Logfile mit Verweis auf mein Problem: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:05:22, on 04.10.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17055) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe C:\Programme\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programme\DAEMON Tools Lite\daemon.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\System32\svchost.exe C:\Programme\OpenOffice.org 3\program\soffice.exe C:\Programme\OpenOffice.org 3\program\soffice.bin C:\WINDOWS\system32\SearchProtocolHost.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Java\jre6\bin\jucheck.exe C:\Dokumente und Einstellungen\***\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555 O4 - HKLM\..\Run: [HDAudDeck] C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe 1 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: Windows Search.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe -- End of file - 4267 bytes Code:
ATTFilter R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555 ---OTL Logfiles neueste: OTL.txt Code:
ATTFilter OTL logfile created on: 04.10.2010 17:39:50 - Run 7 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.015,00 Mb Total Physical Memory | 457,00 Mb Available Physical Memory | 45,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 149,05 Gb Total Space | 104,21 Gb Free Space | 69,92% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NETBOOK Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010.08.19 14:29:30 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2010.05.21 17:01:17 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe PRC - [2010.05.21 13:29:08 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\***\Desktop\HiJackThis.exe PRC - [2009.09.21 14:07:11 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre6\bin\jucheck.exe PRC - [2009.04.23 06:47:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2009.04.23 06:46:40 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2008.08.08 14:11:12 | 000,490,952 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\daemon.exe PRC - [2008.05.26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Desktop Search\WindowsSearch.exe PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (SafeList) ========== MOD - [2010.05.21 17:01:17 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe MOD - [2008.04.14 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2004.10.22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - [2010.02.11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2009.12.06 19:02:50 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2009.12.06 19:02:49 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.12.06 18:12:52 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.07.10 11:03:04 | 001,381,632 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2008.07.10 10:33:00 | 000,306,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8187Se.sys -- (rtl8187Se) DRV - [2008.04.14 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008.04.14 01:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2008.02.15 13:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.19 14:29:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.19 14:29:43 | 000,000,000 | ---D | M] [2009.12.02 18:48:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2010.10.04 17:12:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\165y198c.default\extensions [2009.12.03 00:23:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Dome\Anwendungsdaten\Mozilla\Firefox\Profiles\165y198c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.11.29 09:38:13 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.08.19 14:29:35 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.08.19 14:29:35 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.08.19 14:29:35 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.08.19 14:29:35 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.08.19 14:29:35 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.08.04 23:16:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows Search.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.09.18 21:19:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== ========== Files - Modified Within 30 Days ========== [2010.10.04 16:57:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.10.04 16:57:40 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.10.04 16:57:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.10.04 16:57:30 | 1064,685,568 | -HS- | M] () -- C:\hiberfil.sys [2010.09.05 01:07:35 | 003,932,160 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT [2010.09.05 01:07:35 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini [2010.09.05 01:07:29 | 005,359,762 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\IconCache.db ========== Files Created - No Company Name ========== [2009.12.12 18:24:05 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2009.12.06 18:12:52 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009.11.28 22:55:46 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009.11.28 22:55:39 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009.09.22 14:31:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009.09.21 10:45:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Belinea.ini [2009.09.18 14:13:29 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll [2009.06.26 16:51:30 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008.05.26 22:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008.05.26 22:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008.05.26 22:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2008.02.15 13:21:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll ========== LOP Check ========== [2010.08.05 08:32:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\96B0EE00D6ADE293A7082DD46387B32C [2009.12.06 18:12:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools [2009.11.29 13:57:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org [2009.11.29 13:11:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ScummVM [2009.12.21 14:14:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Teeworlds [2009.09.21 15:13:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Desktop Search [2009.11.30 18:29:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Search ========== Purity Check ========== < End of report > Code:
ATTFilter OTL logfile created on: 04.10.2010 17:39:50 - Run 7 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.015,00 Mb Total Physical Memory | 457,00 Mb Available Physical Memory | 45,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 149,05 Gb Total Space | 104,21 Gb Free Space | 69,92% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NETBOOK Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010.08.19 14:29:30 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2010.05.21 17:01:17 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe PRC - [2010.05.21 13:29:08 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\***\Desktop\HiJackThis.exe PRC - [2009.09.21 14:07:11 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre6\bin\jucheck.exe PRC - [2009.04.23 06:47:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2009.04.23 06:46:40 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2008.08.08 14:11:12 | 000,490,952 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\daemon.exe PRC - [2008.05.26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Desktop Search\WindowsSearch.exe PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (SafeList) ========== MOD - [2010.05.21 17:01:17 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe MOD - [2008.04.14 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2004.10.22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - [2010.02.11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2009.12.06 19:02:50 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2009.12.06 19:02:49 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.12.06 18:12:52 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.07.10 11:03:04 | 001,381,632 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2008.07.10 10:33:00 | 000,306,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8187Se.sys -- (rtl8187Se) DRV - [2008.04.14 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008.04.14 01:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2008.02.15 13:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.19 14:29:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.19 14:29:43 | 000,000,000 | ---D | M] [2009.12.02 18:48:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2010.10.04 17:12:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\165y198c.default\extensions [2009.12.03 00:23:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\165y198c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.11.29 09:38:13 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.08.19 14:29:35 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.08.19 14:29:35 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.08.19 14:29:35 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.08.19 14:29:35 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.08.19 14:29:35 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.08.04 23:16:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows Search.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.09.18 21:19:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== ========== Files - Modified Within 30 Days ========== [2010.10.04 16:57:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.10.04 16:57:40 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.10.04 16:57:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.10.04 16:57:30 | 1064,685,568 | -HS- | M] () -- C:\hiberfil.sys [2010.09.05 01:07:35 | 003,932,160 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT [2010.09.05 01:07:35 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini [2010.09.05 01:07:29 | 005,359,762 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\IconCache.db ========== Files Created - No Company Name ========== [2009.12.12 18:24:05 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2009.12.06 18:12:52 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009.11.28 22:55:46 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009.11.28 22:55:39 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009.09.22 14:31:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009.09.21 10:45:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Belinea.ini [2009.09.18 14:13:29 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll [2009.06.26 16:51:30 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008.05.26 22:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008.05.26 22:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008.05.26 22:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2008.02.15 13:21:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll ========== LOP Check ========== [2010.08.05 08:32:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\96B0EE00D6ADE293A7082DD46387B32C [2009.12.06 18:12:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools [2009.11.29 13:57:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org [2009.11.29 13:11:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ScummVM [2009.12.21 14:14:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Teeworlds [2009.09.21 15:13:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Desktop Search [2009.11.30 18:29:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Search ========== Purity Check ========== < End of report > So nun das interessantere und zwar hab ich da noch 2 weitere Scans. Einmal von GMER das von GMER ist etwas älter... aber ich hab seitdem wirklich nichts an meinem Netbook gemacht also wird sich da doch nichts geändert haben, denke ich. Naja und dann eben noch von RootRepeal. das erste Logfile vom automatische Scan von GMER: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net Rootkit quick scan 2010-08-09 19:47:09 Windows 5.1.2600 Service Pack 3 Running: s11580co.exe; Driver: C:\DOKUME~1\***\LOKALE~1\Temp\uwldqpog.sys ---- System - GMER 1.0.15 ---- SSDT spsj.sys ZwEnumerateKey [0xF73A6CA2] SSDT spsj.sys ZwEnumerateValueKey [0xF73A7030] ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 865681F8 ---- EOF - GMER 1.0.15 ---- Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net Rootkit scan 2010-08-09 21:09:59 Windows 5.1.2600 Service Pack 3 Running: s11580co.exe; Driver: C:\DOKUME~1\***\LOKALE~1\Temp\uwldqpog.sys ---- System - GMER 1.0.15 ---- SSDT spmv.sys ZwCreateKey [0xF73880E0] SSDT spmv.sys ZwEnumerateKey [0xF73A6CA2] SSDT spmv.sys ZwEnumerateValueKey [0xF73A7030] SSDT spmv.sys ZwOpenKey [0xF73880C0] SSDT spmv.sys ZwQueryKey [0xF73A7108] SSDT spmv.sys ZwQueryValueKey [0xF73A6F88] SSDT spmv.sys ZwSetValueKey [0xF73A719A] INT 0x62 ? 86569BF8 INT 0x63 ? 86548BF8 INT 0x82 ? 86569BF8 INT 0xA4 ? 86548BF8 INT 0xB4 ? 86548BF8 ---- Kernel code sections - GMER 1.0.15 ---- ? spmv.sys Das System kann die angegebene Datei nicht finden. ! .text USBPORT.SYS!DllUnload F6B7C8AC 5 Bytes JMP 865481D8 .text axvjomqf.SYS F6B2D386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text axvjomqf.SYS F6B2D3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text axvjomqf.SYS F6B2D3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH} .text axvjomqf.SYS F6B2D3C9 1 Byte [2E] .text axvjomqf.SYS F6B2D3C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...] .text ... .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA9ED5300, 0x3B6D8, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF78D0300, 0x1BEE, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\SearchIndexer.exe[1480] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7389040] spmv.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F738913C] spmv.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73890BE] spmv.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73897FC] spmv.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73896D2] spmv.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7399048] spmv.sys IAT \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!KfAcquireSpinLock] C0840CEC IAT \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!READ_PORT_UCHAR] 053C0D74 IAT \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!KeGetCurrentIrql] 57B80974 IAT \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!KfRaiseIrql] 8B000000 IAT \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!KfLowerIrql] 56C35DE5 IAT \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!HalGetInterruptVector] 8D08758B IAT \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!HalTranslateBusAddress] 8D51FC4D IAT \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!KeStallExecutionProcessor] 8D52FD55 IAT \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!KfReleaseSpinLock] 8D51FE4D IAT \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D52FF55 IAT \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!READ_PORT_USHORT] 8D51F84D IAT \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 5052F455 IAT \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!WRITE_PORT_UCHAR] EACAE856 IAT \SystemRoot\System32\Drivers\axvjomqf.SYS[WMILIB.SYS!WmiSystemControl] 0FC08520 IAT \SystemRoot\System32\Drivers\axvjomqf.SYS[WMILIB.SYS!WmiCompleteRequest] 0001B185 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 865681F8 Device \Driver\usbehci \Device\USBPDO-0 865311F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{F17C00ED-C6BC-49D5-A2F0-861DDAB418DF} 86004500 Device \Driver\usbuhci \Device\USBPDO-1 864F51F8 Device \Driver\usbuhci \Device\USBPDO-2 864F51F8 Device \Driver\PCI_PNP9360 \Device\00000046 spmv.sys Device \Driver\usbuhci \Device\USBPDO-3 864F51F8 Device \Driver\usbuhci \Device\USBPDO-4 864F51F8 Device \Driver\Ftdisk \Device\HarddiskVolume1 865DA1F8 Device \Driver\Cdrom \Device\CdRom0 863E41F8 Device \Driver\Cdrom \Device\CdRom1 863E41F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7301B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 [F7301B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [F7301B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\Cdrom \Device\CdRom2 863E41F8 Device \Driver\Cdrom \Device\CdRom3 863E41F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 86004500 Device \Driver\NetBT \Device\NetbiosSmb 86004500 Device \Driver\NetBT \Device\NetBT_Tcpip_{07E6D699-3D91-4155-AC03-B124EE196EF2} 86004500 Device \Driver\usbuhci \Device\USBFDO-0 864F51F8 Device \Driver\usbuhci \Device\USBFDO-1 864F51F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85E53500 Device \Driver\usbuhci \Device\USBFDO-2 864F51F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 85E53500 Device \Driver\usbuhci \Device\USBFDO-3 864F51F8 Device \Driver\usbehci \Device\USBFDO-4 865311F8 Device \Driver\Ftdisk \Device\FtControl 865DA1F8 Device \Driver\sptd \Device\427218110 spmv.sys Device \Driver\axvjomqf \Device\Scsi\axvjomqf1Port2Path0Target0Lun0 86422500 Device \Driver\axvjomqf \Device\Scsi\axvjomqf1 86422500 Device \Driver\axvjomqf \Device\Scsi\axvjomqf1Port2Path0Target2Lun0 86422500 Device \Driver\axvjomqf \Device\Scsi\axvjomqf1Port2Path0Target3Lun0 86422500 Device \Driver\axvjomqf \Device\Scsi\axvjomqf1Port2Path0Target1Lun0 86422500 Device \FileSystem\Cdfs \Cdfs 85E3C500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCF 0x91 0x43 0x7F ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA4 0x3E 0x42 0x54 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA2 0x68 0x37 0x43 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF8 0xCE 0xB2 0xD1 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x42 0x99 0x13 0xCC ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x37 0x77 0xC2 0x6E ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCF 0x91 0x43 0x7F ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA4 0x3E 0x42 0x54 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA2 0x68 0x37 0x43 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF8 0xCE 0xB2 0xD1 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x42 0x99 0x13 0xCC ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x37 0x77 0xC2 0x6E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCF 0x91 0x43 0x7F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA4 0x3E 0x42 0x54 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA2 0x68 0x37 0x43 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF8 0xCE 0xB2 0xD1 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x42 0x99 0x13 0xCC ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x37 0x77 0xC2 0x6E ... ---- EOF - GMER 1.0.15 ---- UND last but not least von Rootrepeal, alle Häkchen aktiviert: Code:
ATTFilter ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2010/10/04 18:04 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xAA355000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7AB8000 Size: 8192 File Visible: No Signed: - Status: - Name: PCI_PNP6070 Image Path: \Driver\PCI_PNP6070 Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xA957F000 Size: 49152 File Visible: No Signed: - Status: - Name: spjc.sys Image Path: spjc.sys Address: 0xF7387000 Size: 1048576 File Visible: No Signed: - Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: C:\Dokumente und Einstellungen\Dome\Anwendungsdaten\Mozilla\Firefox\Profiles\165y198c.default\sessionstore.js Status: Could not get file information (Error 0xc0000008) SSDT ------------------- #: 041 Function Name: NtCreateKey Status: Hooked by "spjc.sys" at address 0xf73880e0 #: 071 Function Name: NtEnumerateKey Status: Hooked by "spjc.sys" at address 0xf73a6ca2 #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "spjc.sys" at address 0xf73a7030 #: 119 Function Name: NtOpenKey Status: Hooked by "spjc.sys" at address 0xf73880c0 #: 160 Function Name: NtQueryKey Status: Hooked by "spjc.sys" at address 0xf73a7108 #: 177 Function Name: NtQueryValueKey Status: Hooked by "spjc.sys" at address 0xf73a6f88 #: 247 Function Name: NtSetValueKey Status: Hooked by "spjc.sys" at address 0xf73a719a Stealth Objects ------------------- Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x865681f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE] Process: System Address: 0x8645a1f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE] Process: System Address: 0x8645a1f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8645a1f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8645a1f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER] Process: System Address: 0x8645a1f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8645a1f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP] Process: System Address: 0x8645a1f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE] Process: System Address: 0x865da1f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ] Process: System Address: 0x865da1f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE] Process: System Address: 0x865da1f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x865da1f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x865da1f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x865da1f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN] Process: System Address: 0x865da1f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP] Process: System Address: 0x865da1f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER] Process: System Address: 0x865da1f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x865da1f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP] Process: System Address: 0x865da1f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE] Process: System Address: 0x85e9a1f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE] Process: System Address: 0x85e9a1f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x85e9a1f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x85e9a1f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP] Process: System Address: 0x85e9a1f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP] Process: System Address: 0x85e9a1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE] Process: System Address: 0x863cf1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE] Process: System Address: 0x863cf1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ] Process: System Address: 0x863cf1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE] Process: System Address: 0x863cf1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x863cf1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x863cf1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x863cf1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN] Process: System Address: 0x863cf1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER] Process: System Address: 0x863cf1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x863cf1f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP] Process: System Address: 0x863cf1f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE] Process: System Address: 0x8652b3e8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE] Process: System Address: 0x8652b3e8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8652b3e8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8652b3e8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER] Process: System Address: 0x8652b3e8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8652b3e8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP] Process: System Address: 0x8652b3e8 Size: 121 Object: Hidden Code [Driver: ae4z893t䵃慄ఉ瑎捦܉@考, IRP_MJ_CREATE] Process: System Address: 0x864241f8 Size: 121 Object: Hidden Code [Driver: ae4z893t䵃慄ఉ瑎捦܉@考, IRP_MJ_CLOSE] Process: System Address: 0x864241f8 Size: 121 Object: Hidden Code [Driver: ae4z893t䵃慄ఉ瑎捦܉@考, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x864241f8 Size: 121 Object: Hidden Code [Driver: ae4z893t䵃慄ఉ瑎捦܉@考, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x864241f8 Size: 121 Object: Hidden Code [Driver: ae4z893t䵃慄ఉ瑎捦܉@考, IRP_MJ_POWER] Process: System Address: 0x864241f8 Size: 121 Object: Hidden Code [Driver: ae4z893t䵃慄ఉ瑎捦܉@考, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x864241f8 Size: 121 Object: Hidden Code [Driver: ae4z893t䵃慄ఉ瑎捦܉@考, IRP_MJ_PNP] Process: System Address: 0x864241f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE] Process: System Address: 0x85e581f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x85e581f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE] Process: System Address: 0x85e581f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ] Process: System Address: 0x85e581f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE] Process: System Address: 0x85e581f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x85e581f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION] Process: System Address: 0x85e581f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA] Process: System Address: 0x85e581f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA] Process: System Address: 0x85e581f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x85e581f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x85e581f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x85e581f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x85e581f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x85e581f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x85e581f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x85e581f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN] Process: System Address: 0x85e581f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x85e581f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP] Process: System Address: 0x85e581f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x85e581f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x85e581f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY] Process: System Address: 0x85e581f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER] Process: System Address: 0x85e581f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x85e581f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x85e581f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x85e581f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA] Process: System Address: 0x85e581f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP] Process: System Address: 0x85e581f8 Size: 121 Object: Hidden Code [Driver: Cdfs敓捁尀ﰀఆ䵃킘ﺠ, IRP_MJ_CREATE] Process: System Address: 0x85e2a1f8 Size: 121 Object: Hidden Code [Driver: Cdfs敓捁尀ﰀఆ䵃킘ﺠ, IRP_MJ_CLOSE] Process: System Address: 0x85e2a1f8 Size: 121 Object: Hidden Code [Driver: Cdfs敓捁尀ﰀఆ䵃킘ﺠ, IRP_MJ_READ] Process: System Address: 0x85e2a1f8 Size: 121 Object: Hidden Code [Driver: Cdfs敓捁尀ﰀఆ䵃킘ﺠ, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x85e2a1f8 Size: 121 Object: Hidden Code [Driver: Cdfs敓捁尀ﰀఆ䵃킘ﺠ, IRP_MJ_SET_INFORMATION] Process: System Address: 0x85e2a1f8 Size: 121 Object: Hidden Code [Driver: Cdfs敓捁尀ﰀఆ䵃킘ﺠ, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x85e2a1f8 Size: 121 Object: Hidden Code [Driver: Cdfs敓捁尀ﰀఆ䵃킘ﺠ, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x85e2a1f8 Size: 121 Object: Hidden Code [Driver: Cdfs敓捁尀ﰀఆ䵃킘ﺠ, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x85e2a1f8 Size: 121 Object: Hidden Code [Driver: Cdfs敓捁尀ﰀఆ䵃킘ﺠ, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x85e2a1f8 Size: 121 Object: Hidden Code [Driver: Cdfs敓捁尀ﰀఆ䵃킘ﺠ, IRP_MJ_SHUTDOWN] Process: System Address: 0x85e2a1f8 Size: 121 Object: Hidden Code [Driver: Cdfs敓捁尀ﰀఆ䵃킘ﺠ, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x85e2a1f8 Size: 121 Object: Hidden Code [Driver: Cdfs敓捁尀ﰀఆ䵃킘ﺠ, IRP_MJ_CLEANUP] Process: System Address: 0x85e2a1f8 Size: 121 Object: Hidden Code [Driver: Cdfs敓捁尀ﰀఆ䵃킘ﺠ, IRP_MJ_PNP] Process: System Address: 0x85e2a1f8 Size: 121 ==EOF== Ok ich gebe zu, das ist nicht wenig aber dann dürften fürs erste keine Fragen offen bleiben . Ich hoffe wirklich, dass mir hier jemand helfen kann und möchte und dass ich nicht wieder vergessen werde Nun gut Spaß beiseite, ich fänds also echt klasse, wenn mir jemand helfen köönnte und lasst euch nicht von der Masse von Infos erschlagen! Grüße Demonico |
04.10.2010, 19:52 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Virus/Rootki Problem:R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyS Wenn Du schon ein Crossposting machst dann musst Du auch netterweise den Link zu dem Strang im anderen Board posten.
__________________
__________________ |
04.10.2010, 19:57 | #3 |
| Virus/Rootki Problem:R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyS Oh tut mir leid hab ich doch glatt das wichtigste vergessen ...
__________________Mit dem Crossposting hab ich mir auch wirklich viel Zeit gelassen, wie man ja an dem Datum der letzten Posts in dem anderen Board sehen kann. Ich wollte das ja auch vermeiden und deshalb eben sichergehen, dass dieser Fall, dass mehrere Foren sich damit beschäftigen nicht eintritt... deswegen hab ich ja auch so lange gewartet Link: hxxp://forum.giga.de/showthread.php?p=1058535628#post1058535628 Geändert von Demonico (04.10.2010 um 20:02 Uhr) |
04.10.2010, 20:13 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Virus/Rootki Problem:R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyS Ist schon ein bisschen her.... Mach als erstes nochmal nen Vollscan mit aktuellem Malwarebytes.
__________________ Logfiles bitte immer in CODE-Tags posten |
04.10.2010, 21:27 | #5 |
| Virus/Rootki Problem:R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyS Ok erledigt hier das Logfile: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4742 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 04.10.2010 22:12:23 mbam-log-2010-10-04 (22-12-23).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|) Durchsuchte Objekte: 188228 Laufzeit: 24 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Dokumente und Einstellungen\Dome\Desktop\RSD 0.61\Reconnector\nc.exe (PUP.KeyLogger) -> No action taken. Gruß, Demonico |
05.10.2010, 19:19 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Virus/Rootki Problem:R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyS Das Programm musst Du doch kennen! Wieso liegt es sonst auf dem Desktop? Diese nc.exe wird aber oft von Malwarebytes bemängelt... Mach mal neue OTL-Logs: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ --> Virus/Rootki Problem:R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyS |
05.10.2010, 19:46 | #7 |
| Virus/Rootki Problem:R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyS Das Programm kenn ich schon deshalb, war ich ja so vorsichtig und habs erstmal nicht gelöscht aber hier der OTL Scan: So das Otl.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.10.2010 20:35:51 - Run 8 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.015,00 Mb Total Physical Memory | 530,00 Mb Available Physical Memory | 52,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 149,05 Gb Total Space | 107,51 Gb Free Space | 72,13% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NETBOOK Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) PRC - C:\Programme\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation) DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (VIAHdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV - (rtl8187Se) -- C:\WINDOWS\system32\drivers\rtl8187Se.sys (Realtek Semiconductor Corporation ) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.19 14:29:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.19 14:29:43 | 000,000,000 | ---D | M] [2009.12.02 18:48:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2010.10.04 17:12:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\165y198c.default\extensions [2009.12.03 00:23:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\165y198c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.11.29 09:38:13 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.08.19 14:29:35 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.08.19 14:29:35 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.08.19 14:29:35 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.08.19 14:29:35 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.08.19 14:29:35 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.08.04 23:16:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [RegistryBooster] C:\Dokumente und Einstellungen\***\Desktop\RegistryBooster\launcher.exe File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows Search.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.09.18 21:19:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.04 21:03:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Uniblue ========== Files - Modified Within 30 Days ========== [2010.10.05 14:47:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.10.05 14:47:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.10.05 14:47:34 | 1064,685,568 | -HS- | M] () -- C:\hiberfil.sys [2010.10.04 22:38:50 | 003,932,160 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT [2010.10.04 22:38:50 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini [2010.10.04 18:03:58 | 000,000,015 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\settings.dat [2010.10.04 16:57:40 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl ========== Files Created - No Company Name ========== [2010.10.04 18:02:18 | 000,000,015 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\settings.dat [2009.12.12 18:24:05 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2009.12.06 18:12:52 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009.11.28 22:55:46 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009.11.28 22:55:39 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009.09.22 14:31:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009.09.21 10:45:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Belinea.ini [2009.09.18 14:13:29 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll [2009.06.26 16:51:30 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008.05.26 22:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008.05.26 22:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008.05.26 22:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2008.02.15 13:21:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll ========== LOP Check ========== [2010.08.05 08:32:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\96B0EE00D6ADE293A7082DD46387B32C [2009.12.06 18:12:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools [2009.11.29 13:57:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org [2009.11.29 13:11:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ScummVM [2009.12.21 14:14:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Teeworlds [2010.10.04 21:03:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Uniblue [2009.09.21 15:13:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Desktop Search [2009.11.30 18:29:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Search ========== Purity Check ========== < End of report > [/code] und die extras.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 05.10.2010 20:35:51 - Run 8 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Dokumente und Einstellungen\Dome\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.015,00 Mb Total Physical Memory | 530,00 Mb Available Physical Memory | 52,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 149,05 Gb Total Space | 107,51 Gb Free Space | 72,13% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NETBOOK Current User Name: Dome Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Programme\Warcraft III\Warcraft III.exe" = C:\Programme\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{37155929-A51F-4BAB-B141-50B341F3299C}" = Desperados 2 "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch "{BFBB91DB-9F0F-4A9C-9669-A97DA3512CF2}" = RealSpeak Solo fur Deutsch - Steffi "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D4EEC21C-04F0-4CF4-8078-82C11E38EF11}" = REALTEK RTL8187SE Wireless LAN Driver "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Belinea_is1" = Belinea "Desperados 2 Update v1.01" = Desperados 2 Update v1.01 "HDMI" = Intel(R) Graphics Media Accelerator Driver "Homeworld2" = Homeworld2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "ScummVM_is1" = ScummVM SVN "VLC media player" = VLC media player 1.0.1 "VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Warcraft III" = Warcraft III: All Products ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 01.08.2010 03:29:01 | Computer Name = NETBOOK | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden. . Error - 02.08.2010 08:34:13 | Computer Name = NETBOOK | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung 0.exe, Version 6.1.0.0, fehlgeschlagenes Modul 0.exe, Version 6.1.0.0, Fehleradresse 0x00004327. Error - 02.08.2010 08:34:37 | Computer Name = NETBOOK | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000. Error - 02.08.2010 13:25:10 | Computer Name = NETBOOK | Source = Application Error | ID = 1004 Description = Fehlgeschlagene Anwendung svchost.exe, Version 0.0.0.0, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000. Error - 07.08.2010 14:44:50 | Computer Name = NETBOOK | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 07.08.2010 14:44:50 | Computer Name = NETBOOK | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 09.08.2010 13:39:57 | Computer Name = NETBOOK | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung s11580co.exe, Version 1.0.15.15281, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 14.08.2010 12:32:01 | Computer Name = NETBOOK | Source = Windows Search Service | ID = 3024 Description = Die Aktualisierung kann nicht gestartet werden, da kein Zugriff auf die Inhaltsquellen bestand. Beheben Sie die Fehler, und starten Sie die Aktualisierung erneut. Kontext: Anwendung, SystemIndex Katalog Error - 19.08.2010 08:49:38 | Computer Name = NETBOOK | Source = Windows Search Service | ID = 3024 Description = Die Aktualisierung kann nicht gestartet werden, da kein Zugriff auf die Inhaltsquellen bestand. Beheben Sie die Fehler, und starten Sie die Aktualisierung erneut. Kontext: Anwendung, SystemIndex Katalog Error - 04.09.2010 19:03:34 | Computer Name = NETBOOK | Source = Windows Search Service | ID = 3024 Description = Die Aktualisierung kann nicht gestartet werden, da kein Zugriff auf die Inhaltsquellen bestand. Beheben Sie die Fehler, und starten Sie die Aktualisierung erneut. Kontext: Anwendung, SystemIndex Katalog [ System Events ] Error - 02.09.2010 11:10:03 | Computer Name = NETBOOK | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler beendet: %%2 Error - 04.09.2010 08:45:01 | Computer Name = NETBOOK | Source = SRService | ID = 104 Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen. Error - 04.09.2010 08:45:06 | Computer Name = NETBOOK | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler beendet: %%2 Error - 04.09.2010 19:00:19 | Computer Name = NETBOOK | Source = SRService | ID = 104 Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen. Error - 04.09.2010 19:00:24 | Computer Name = NETBOOK | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler beendet: %%2 Error - 04.10.2010 10:57:46 | Computer Name = NETBOOK | Source = SRService | ID = 104 Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen. Error - 04.10.2010 10:57:56 | Computer Name = NETBOOK | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler beendet: %%2 Error - 05.10.2010 08:47:49 | Computer Name = NETBOOK | Source = SRService | ID = 104 Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen. Error - 05.10.2010 08:47:53 | Computer Name = NETBOOK | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler beendet: %%2 Error - 05.10.2010 09:01:14 | Computer Name = NETBOOK | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "wuauserv" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {E60687F7-01A1-40AA-86AC-DB1CBF673334} < End of report > [/code] Gruß und Danke Demonico |
05.10.2010, 20:06 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Virus/Rootki Problem:R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyS Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555 [2010.08.05 08:32:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\96B0EE00D6ADE293A7082DD46387B32C :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
05.10.2010, 20:17 | #9 |
| Virus/Rootki Problem:R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyS ok Erledigt ! : Code:
ATTFilter All processes killed ========== OTL ========== HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! C:\Dokumente und Einstellungen\Dome\Anwendungsdaten\96B0EE00D6ADE293A7082DD46387B32C folder moved successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Dome ->Temp folder emptied: 340645842 bytes ->Temporary Internet Files folder emptied: 6230920 bytes ->Java cache emptied: 134541 bytes ->FireFox cache emptied: 86830795 bytes ->Flash cache emptied: 2259 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Flash cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2853182 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 417,00 mb OTL by OldTimer - Version 3.2.5.0 log created on 10052010_211319 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Demonico |
05.10.2010, 21:08 | #10 |
| Virus/Rootki Problem:R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyS Offensichtlich scheint jetzt alles wieder in Ordnung zu sein Jetzt kann ich endlich wieder beruhigt schlafen Also danke vielmals! Ich geb einen aus |
05.10.2010, 21:18 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Virus/Rootki Problem:R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyS Führ nochmal CF aus, mit ner neuen combofix.exe zu cofi.exe umbenannt: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
05.10.2010, 21:53 | #12 |
| Virus/Rootki Problem:R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyS Gesagt getan! Mit dem CCleaner hab ich alles gelöscht und es sind keine unlöschbaren Registries übrig geblieben. Zu Combofix: Erstmal allgemein: Warum musste man die .exe eigentllich umbenennen? Dann als ich Combofix gestartet habe, kam erstmal ne leere Textbox, mit dem Titel Fehler, da hab ich dann auf "ok" gedrückt und das System hat sich neugestartet, dann ging alles ohne Probleme, kp was das jetzt war. Aber hier das Abschlusslog: [Code] Combofix Logfile: Code:
ATTFilter ComboFix 10-10-05.01 - Dome 05.10.2010 22:39:56.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1015.653 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\Dome\Desktop\Cofi.exe . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\dokumente und einstellungen\Administrator\Anwendungsdaten\0200000053a258f3922C.manifest c:\dokumente und einstellungen\Administrator\Anwendungsdaten\0200000053a258f3922O.manifest c:\dokumente und einstellungen\Administrator\Anwendungsdaten\0200000053a258f3922P.manifest c:\dokumente und einstellungen\Administrator\Anwendungsdaten\0200000053a258f3922S.manifest c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr0.dat c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr1.dat c:\dokumente und einstellungen\Dome\Anwendungsdaten\0200000053a258f3922C.manifest c:\dokumente und einstellungen\Dome\Anwendungsdaten\0200000053a258f3922O.manifest c:\dokumente und einstellungen\Dome\Anwendungsdaten\0200000053a258f3922P.manifest c:\dokumente und einstellungen\Dome\Anwendungsdaten\0200000053a258f3922S.manifest ----- BITS: Eventuell infizierte Webseiten ----- hxxp://au.downlj+|Cv+@J:NGD_DQ{zGD_DQ{zGD_DQ{zGD_DQ{z+@J:Nj+|Cv . ((((((((((((((((((((((( Dateien erstellt von 2010-09-05 bis 2010-10-05 )))))))))))))))))))))))))))))) . 2010-10-05 20:28 . 2010-10-05 20:28 -------- d-----w- c:\programme\CCleaner 2010-10-04 19:03 . 2010-10-04 19:03 -------- d-----w- c:\dokumente und einstellungen\Dome\Anwendungsdaten\Uniblue . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-11 20:15 . 2009-11-29 11:58 1 ----a-w- c:\dokumente und einstellungen\Dome\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-08-07 13:12 . 2009-06-26 14:36 477784 ----a-w- c:\windows\system32\perfh007.dat 2010-08-07 13:12 . 2009-06-26 14:36 92164 ----a-w- c:\windows\system32\perfc007.dat . ((((((((((((((((((((((((((((( SnapShot@2010-08-04_21.16.58 ))))))))))))))))))))))))))))))))))))))))) . + 2010-10-05 20:37 . 2010-10-05 20:37 16384 c:\windows\Temp\Perflib_Perfdata_544.dat + 2009-06-26 14:33 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe - 2009-06-26 14:33 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe + 2010-03-30 22:16 . 2010-03-30 22:16 99176 c:\windows\system32\PresentationHostProxy.dll - 2009-06-26 14:30 . 2009-10-29 07:41 44544 c:\windows\system32\pngfilt.dll + 2009-06-26 14:30 . 2010-05-04 17:14 44544 c:\windows\system32\pngfilt.dll - 2009-06-26 14:23 . 2010-05-21 11:48 69278 c:\windows\system32\perfc009.dat + 2009-06-26 14:23 . 2010-08-07 13:12 69278 c:\windows\system32\perfc009.dat + 2009-11-06 23:07 . 2009-11-06 23:07 49488 c:\windows\system32\netfxperf.dll + 2009-11-06 23:07 . 2009-11-06 23:07 11600 c:\windows\system32\mui\0409\mscorees.dll + 2008-04-14 07:52 . 2009-11-27 17:11 17920 c:\windows\system32\msyuv.dll + 2009-06-26 14:29 . 2009-11-27 16:08 28672 c:\windows\system32\msvidc32.dll - 2009-06-26 14:29 . 2008-04-14 12:00 11264 c:\windows\system32\msrle32.dll + 2009-06-26 14:29 . 2009-11-27 16:08 11264 c:\windows\system32\msrle32.dll - 2007-08-13 16:54 . 2009-10-29 07:40 52224 c:\windows\system32\msfeedsbs.dll + 2007-08-13 16:54 . 2010-05-04 17:14 52224 c:\windows\system32\msfeedsbs.dll - 2009-06-26 14:27 . 2009-10-29 07:40 27648 c:\windows\system32\jsproxy.dll + 2009-06-26 14:27 . 2010-05-04 17:14 27648 c:\windows\system32\jsproxy.dll + 2008-04-14 07:52 . 2009-11-27 16:08 48128 c:\windows\system32\iyuv_32.dll + 2007-08-13 16:39 . 2010-05-04 12:39 13824 c:\windows\system32\ieudinit.exe - 2007-08-13 16:39 . 2009-10-28 14:35 13824 c:\windows\system32\ieudinit.exe + 2009-06-26 14:27 . 2010-05-04 17:14 44544 c:\windows\system32\iernonce.dll - 2009-06-26 14:27 . 2009-10-29 07:40 44544 c:\windows\system32\iernonce.dll - 2009-06-26 14:27 . 2009-10-29 07:40 78336 c:\windows\system32\ieencode.dll + 2009-06-26 14:27 . 2010-05-04 17:14 78336 c:\windows\system32\ieencode.dll + 2009-06-26 14:22 . 2010-05-04 12:39 70656 c:\windows\system32\ie4uinit.exe - 2009-06-26 14:22 . 2009-10-28 14:35 70656 c:\windows\system32\ie4uinit.exe - 2007-08-13 16:36 . 2009-10-29 07:40 63488 c:\windows\system32\icardie.dll + 2007-08-13 16:36 . 2010-05-04 17:14 63488 c:\windows\system32\icardie.dll - 2009-06-26 14:26 . 2009-07-29 04:34 81920 c:\windows\system32\fontsub.dll + 2009-06-26 14:26 . 2009-10-15 16:28 81920 c:\windows\system32\fontsub.dll + 2010-08-04 21:22 . 2010-04-29 13:39 38224 c:\windows\system32\drivers\mbamswissarmy.sys + 2010-08-04 21:22 . 2010-04-29 13:39 20952 c:\windows\system32\drivers\mbam.sys - 2009-06-26 14:30 . 2009-10-29 07:41 44544 c:\windows\system32\dllcache\pngfilt.dll + 2009-06-26 14:30 . 2010-05-04 17:14 44544 c:\windows\system32\dllcache\pngfilt.dll + 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\system32\dllcache\msyuv.dll + 2009-06-26 14:29 . 2009-11-27 16:08 28672 c:\windows\system32\dllcache\msvidc32.dll + 2009-06-26 14:29 . 2009-11-27 16:08 11264 c:\windows\system32\dllcache\msrle32.dll - 2009-06-26 14:29 . 2008-04-14 12:00 11264 c:\windows\system32\dllcache\msrle32.dll - 2009-09-18 15:03 . 2009-10-29 07:40 52224 c:\windows\system32\dllcache\msfeedsbs.dll + 2009-09-18 15:03 . 2010-05-04 17:14 52224 c:\windows\system32\dllcache\msfeedsbs.dll - 2009-06-26 14:27 . 2009-10-29 07:40 27648 c:\windows\system32\dllcache\jsproxy.dll + 2009-06-26 14:27 . 2010-05-04 17:14 27648 c:\windows\system32\dllcache\jsproxy.dll + 2009-11-27 16:08 . 2009-11-27 16:08 48128 c:\windows\system32\dllcache\iyuv_32.dll + 2009-09-18 15:03 . 2010-05-04 12:39 13824 c:\windows\system32\dllcache\ieudinit.exe - 2009-09-18 15:03 . 2009-10-28 14:35 13824 c:\windows\system32\dllcache\ieudinit.exe + 2009-06-26 14:27 . 2010-05-04 17:14 44544 c:\windows\system32\dllcache\iernonce.dll - 2009-06-26 14:27 . 2009-10-29 07:40 44544 c:\windows\system32\dllcache\iernonce.dll + 2009-06-26 14:27 . 2010-05-04 17:14 78336 c:\windows\system32\dllcache\ieencode.dll - 2009-06-26 14:27 . 2009-10-29 07:40 78336 c:\windows\system32\dllcache\ieencode.dll - 2009-06-26 14:22 . 2009-10-28 14:35 70656 c:\windows\system32\dllcache\ie4uinit.exe + 2009-06-26 14:22 . 2010-05-04 12:39 70656 c:\windows\system32\dllcache\ie4uinit.exe - 2009-09-18 15:03 . 2009-10-29 07:40 63488 c:\windows\system32\dllcache\icardie.dll + 2009-09-18 15:03 . 2010-05-04 17:14 63488 c:\windows\system32\dllcache\icardie.dll + 2009-06-26 14:26 . 2009-10-15 16:28 81920 c:\windows\system32\dllcache\fontsub.dll - 2009-06-26 14:26 . 2009-07-29 04:34 81920 c:\windows\system32\dllcache\fontsub.dll + 2009-06-26 14:22 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll + 2009-06-26 14:24 . 2010-05-04 17:14 17408 c:\windows\system32\dllcache\corpol.dll - 2009-06-26 14:24 . 2009-10-29 07:40 17408 c:\windows\system32\dllcache\corpol.dll + 2009-06-26 14:24 . 2010-01-13 14:00 86528 c:\windows\system32\dllcache\cabview.dll + 2009-06-26 14:22 . 2009-11-27 16:08 85504 c:\windows\system32\dllcache\avifil32.dll - 2009-06-26 14:22 . 2009-06-10 14:13 85504 c:\windows\system32\dllcache\avifil32.dll + 2009-06-26 14:23 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll + 2009-06-26 14:22 . 2009-12-14 07:08 33280 c:\windows\system32\csrsrv.dll + 2009-06-26 14:24 . 2010-05-04 17:14 17408 c:\windows\system32\corpol.dll - 2009-06-26 14:24 . 2009-10-29 07:40 17408 c:\windows\system32\corpol.dll + 2009-06-26 14:24 . 2010-01-13 14:00 86528 c:\windows\system32\cabview.dll + 2009-06-26 14:22 . 2009-11-27 16:08 85504 c:\windows\system32\avifil32.dll - 2009-06-26 14:22 . 2009-06-10 14:13 85504 c:\windows\system32\avifil32.dll + 2009-06-26 14:23 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll + 2010-04-07 21:48 . 2010-04-07 21:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll - 2008-07-29 17:16 . 2008-07-29 17:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll + 2010-03-23 03:31 . 2010-03-23 03:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe + 2010-04-01 09:42 . 2010-04-01 09:42 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll - 2008-05-27 23:49 . 2008-05-27 23:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll + 2010-03-31 12:51 . 2010-03-31 12:51 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll - 2008-05-27 23:49 . 2008-05-27 23:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll + 2010-03-31 12:51 . 2010-03-31 12:51 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll + 2010-03-31 12:51 . 2010-03-31 12:51 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll - 2008-05-27 23:49 . 2008-05-27 23:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll - 2008-05-28 00:30 . 2008-05-28 00:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe + 2010-03-31 13:32 . 2010-03-31 13:32 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe + 2010-03-31 13:32 . 2010-03-31 13:32 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll - 2003-02-20 17:19 . 2003-02-20 17:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll + 2009-11-06 23:07 . 2009-11-06 23:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe + 2010-08-05 15:07 . 2009-10-29 07:41 44544 c:\windows\ie7updates\KB982381-IE7\pngfilt.dll + 2010-08-05 15:07 . 2009-10-29 07:40 52224 c:\windows\ie7updates\KB982381-IE7\msfeedsbs.dll + 2010-08-05 15:07 . 2009-10-29 07:40 27648 c:\windows\ie7updates\KB982381-IE7\jsproxy.dll + 2010-08-05 15:07 . 2009-10-28 14:35 13824 c:\windows\ie7updates\KB982381-IE7\ieudinit.exe + 2010-08-05 15:07 . 2009-10-29 07:40 44544 c:\windows\ie7updates\KB982381-IE7\iernonce.dll + 2010-08-05 15:07 . 2009-10-29 07:40 78336 c:\windows\ie7updates\KB982381-IE7\ieencode.dll + 2010-08-05 15:07 . 2009-10-28 14:35 70656 c:\windows\ie7updates\KB982381-IE7\ie4uinit.exe + 2010-08-05 15:07 . 2009-10-29 07:40 63488 c:\windows\ie7updates\KB982381-IE7\icardie.dll + 2010-08-05 15:07 . 2009-10-29 07:40 17408 c:\windows\ie7updates\KB982381-IE7\corpol.dll + 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\Driver Cache\i386\msyuv.dll + 2009-11-27 16:08 . 2009-11-27 16:08 48128 c:\windows\Driver Cache\i386\iyuv_32.dll + 2010-08-07 13:18 . 2010-08-07 13:18 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_62fb6c9c\System.Drawing.Design.dll + 2010-08-07 13:18 . 2010-08-07 13:18 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_8a851484\CustomMarshalers.dll + 2010-08-07 13:17 . 2010-08-07 13:17 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ea1b4fbde0e772748c6ac42d627cf684\UIAutomationProvider.ni.dll + 2010-08-07 13:26 . 2010-08-07 13:26 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\f46915dfc57bc7e49c5402e9b8f7ec18\System.Windows.Presentation.ni.dll + 2010-08-06 13:19 . 2010-08-06 13:19 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\1464c662c302ea6372a885161b983732\System.Web.DynamicData.Design.ni.dll + 2010-08-06 13:15 . 2010-08-06 13:15 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\5d535ecadf77ac2d9278a1661beb2855\System.ComponentModel.DataAnnotations.ni.dll + 2010-08-07 13:15 . 2010-08-07 13:15 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\18729514178d458aa1225dd068718d4e\PresentationFontCache.ni.exe + 2010-08-07 13:13 . 2010-08-07 13:13 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\0375dfa28e2f6ef7e89df9edede4b83d\PresentationCFFRasterizer.ni.dll + 2010-08-06 13:18 . 2010-08-06 13:18 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\4a52287444c36c89310856b38ff52fe0\Microsoft.Vsa.ni.dll - 2009-12-02 15:32 . 2009-12-02 15:32 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll + 2010-08-07 13:12 . 2010-08-07 13:12 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll - 2009-09-21 12:01 . 2009-09-21 12:01 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll + 2010-08-05 15:14 . 2010-08-05 15:14 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll - 2009-12-02 15:32 . 2009-12-02 15:32 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll + 2010-08-07 13:11 . 2010-08-07 13:11 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll - 2009-12-02 15:33 . 2009-12-02 15:33 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll + 2010-08-07 13:12 . 2010-08-07 13:12 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll - 2009-12-02 15:32 . 2009-12-02 15:32 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll + 2010-08-07 13:12 . 2010-08-07 13:12 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll - 2009-12-02 15:32 . 2009-12-02 15:32 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll + 2010-08-07 13:12 . 2010-08-07 13:12 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll - 2009-12-02 15:32 . 2009-12-02 15:32 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll + 2010-08-07 13:12 . 2010-08-07 13:12 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll + 2010-08-07 13:12 . 2010-08-07 13:12 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll - 2009-12-02 15:33 . 2009-12-02 15:33 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll + 2010-08-07 13:12 . 2010-08-07 13:12 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll - 2009-12-02 15:33 . 2009-12-02 15:33 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll - 2009-12-02 15:32 . 2009-12-02 15:32 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll + 2010-08-07 13:12 . 2010-08-07 13:12 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll - 2009-12-02 15:32 . 2009-12-02 15:32 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll + 2010-08-07 13:12 . 2010-08-07 13:12 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll - 2009-12-02 15:32 . 2009-12-02 15:32 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll + 2010-08-07 13:12 . 2010-08-07 13:12 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll + 2010-08-07 13:12 . 2010-08-07 13:12 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll - 2009-12-02 15:32 . 2009-12-02 15:32 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll + 2010-08-07 13:12 . 2010-08-07 13:12 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll - 2009-12-02 15:32 . 2009-12-02 15:32 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll + 2010-08-07 13:18 . 2010-08-07 13:18 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll + 2010-08-07 13:07 . 2009-10-28 15:07 46080 c:\windows\$NtUninstallKB981793$\tzchange.exe + 2010-08-07 13:07 . 2010-04-22 22:21 16896 c:\windows\$NtUninstallKB981793$\spuninst\tzchange.dll + 2010-08-07 13:06 . 2008-04-14 12:00 65024 c:\windows\$NtUninstallKB979482$\asycfilt.dll + 2010-08-07 13:06 . 2008-04-14 12:00 84992 c:\windows\$NtUninstallKB979309$\cabview.dll + 2010-08-07 13:16 . 2008-04-14 12:00 32256 c:\windows\$NtUninstallKB978037$\csrsrv.dll + 2010-08-07 13:07 . 2008-04-14 12:00 25600 c:\windows\$NtUninstallKB977914$\msvidc32.dll + 2010-08-07 13:07 . 2008-04-14 12:00 11264 c:\windows\$NtUninstallKB977914$\msrle32.dll + 2010-08-07 13:07 . 2008-04-14 12:00 47616 c:\windows\$NtUninstallKB977914$\iyuv_32.dll + 2010-08-07 13:07 . 2009-06-10 14:13 85504 c:\windows\$NtUninstallKB977914$\avifil32.dll + 2010-08-07 13:07 . 2008-04-14 12:00 16896 c:\windows\$NtUninstallKB975560$\msyuv.dll + 2010-08-07 13:16 . 2009-07-29 04:34 81920 c:\windows\$NtUninstallKB972270$\fontsub.dll + 2010-08-05 15:07 . 2008-07-08 13:00 26488 c:\windows\$hf_mig$\KB982381-IE7\update\spcustom.dll + 2010-08-05 15:07 . 2008-07-08 13:00 18808 c:\windows\$hf_mig$\KB982381-IE7\spmsg.dll + 2010-05-04 16:48 . 2010-05-04 16:48 44544 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\pngfilt.dll + 2010-05-04 16:48 . 2010-05-04 16:48 52224 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\msfeedsbs.dll + 2010-05-04 16:48 . 2010-05-04 16:48 27648 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\jsproxy.dll + 2010-05-04 13:19 . 2010-05-04 13:19 13824 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieudinit.exe + 2010-05-04 16:48 . 2010-05-04 16:48 44544 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iernonce.dll + 2010-05-04 16:48 . 2010-05-04 16:48 78336 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieencode.dll + 2010-05-04 13:19 . 2010-05-04 13:19 70656 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ie4uinit.exe + 2010-05-04 16:48 . 2010-05-04 16:48 63488 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\icardie.dll + 2010-05-04 16:48 . 2010-05-04 16:48 17408 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\corpol.dll + 2010-08-07 13:17 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB981349\update\spcustom.dll + 2010-08-07 13:17 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB981349\spmsg.dll + 2010-08-07 13:18 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB980232\update\spcustom.dll + 2010-08-07 13:18 . 2009-05-26 09:01 18808 c:\windows\$hf_mig$\KB980232\spmsg.dll + 2010-08-07 13:19 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB980218\update\spcustom.dll + 2010-08-07 13:19 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB980218\spmsg.dll + 2010-08-07 13:18 . 2008-07-08 13:00 26488 c:\windows\$hf_mig$\KB980195\update\spcustom.dll + 2010-08-07 13:18 . 2008-07-08 13:00 18808 c:\windows\$hf_mig$\KB980195\spmsg.dll + 2010-08-07 13:18 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB979683\update\spcustom.dll + 2010-08-05 14:01 . 2010-03-05 14:53 16896 c:\windows\$hf_mig$\KB979683\update\mpsyschk.dll + 2010-08-07 13:18 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB979683\spmsg.dll + 2010-08-07 13:07 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB979559\update\spcustom.dll + 2010-08-07 13:07 . 2009-05-26 09:01 18808 c:\windows\$hf_mig$\KB979559\spmsg.dll + 2010-08-07 13:06 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB979482\update\spcustom.dll + 2010-08-07 13:06 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB979482\spmsg.dll + 2010-03-05 14:50 . 2010-03-05 14:50 65536 c:\windows\$hf_mig$\KB979482\SP3QFE\asycfilt.dll + 2010-08-07 13:06 . 2008-07-08 13:00 26488 c:\windows\$hf_mig$\KB979309\update\spcustom.dll + 2010-08-07 13:06 . 2008-07-08 13:00 18808 c:\windows\$hf_mig$\KB979309\spmsg.dll + 2010-01-13 13:48 . 2010-01-13 13:48 86528 c:\windows\$hf_mig$\KB979309\SP3QFE\cabview.dll + 2010-08-07 13:06 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978706\update\spcustom.dll + 2010-08-07 13:06 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB978706\spmsg.dll + 2010-08-07 13:07 . 2008-07-08 13:00 26488 c:\windows\$hf_mig$\KB978601\update\spcustom.dll + 2010-08-07 13:07 . 2008-07-08 13:00 18808 c:\windows\$hf_mig$\KB978601\spmsg.dll + 2010-08-07 13:06 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978542\update\spcustom.dll + 2010-08-07 13:06 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB978542\spmsg.dll + 2010-08-07 13:16 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978338\update\spcustom.dll + 2010-08-07 13:16 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB978338\spmsg.dll + 2010-08-07 13:16 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978037\update\spcustom.dll + 2010-08-07 13:16 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB978037\spmsg.dll + 2009-12-14 07:10 . 2009-12-14 07:10 33280 c:\windows\$hf_mig$\KB978037\SP3QFE\csrsrv.dll + 2010-08-07 13:07 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB977914\update\spcustom.dll + 2010-08-07 13:07 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB977914\spmsg.dll + 2009-11-27 16:28 . 2009-11-27 16:28 28672 c:\windows\$hf_mig$\KB977914\SP3QFE\msvidc32.dll + 2009-11-27 16:28 . 2009-11-27 16:28 11264 c:\windows\$hf_mig$\KB977914\SP3QFE\msrle32.dll + 2009-11-27 16:28 . 2009-11-27 16:28 48128 c:\windows\$hf_mig$\KB977914\SP3QFE\iyuv_32.dll + 2009-11-27 16:28 . 2009-11-27 16:28 85504 c:\windows\$hf_mig$\KB977914\SP3QFE\avifil32.dll + 2010-08-07 13:07 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB977816\update\spcustom.dll + 2010-08-07 13:07 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB977816\spmsg.dll + 2010-08-07 13:16 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB975713\update\spcustom.dll + 2010-08-07 13:16 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB975713\spmsg.dll + 2010-08-07 13:06 . 2008-07-08 13:00 26488 c:\windows\$hf_mig$\KB975562\update\spcustom.dll + 2010-08-07 13:06 . 2008-07-08 13:00 18808 c:\windows\$hf_mig$\KB975562\spmsg.dll + 2010-08-07 13:08 . 2008-07-08 13:00 26488 c:\windows\$hf_mig$\KB975561\update\spcustom.dll + 2010-08-07 13:08 . 2008-07-08 13:00 18808 c:\windows\$hf_mig$\KB975561\spmsg.dll + 2010-08-07 13:07 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB975560\update\spcustom.dll + 2010-08-07 13:07 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB975560\spmsg.dll + 2009-11-27 17:23 . 2009-11-27 17:23 17920 c:\windows\$hf_mig$\KB975560\SP3QFE\msyuv.dll + 2010-08-07 13:16 . 2008-07-08 13:00 26488 c:\windows\$hf_mig$\KB972270\update\spcustom.dll + 2010-08-07 13:16 . 2008-07-08 13:00 18808 c:\windows\$hf_mig$\KB972270\spmsg.dll + 2010-08-05 14:01 . 2009-10-15 16:38 81920 c:\windows\$hf_mig$\KB972270\SP3QFE\fontsub.dll + 2010-08-07 13:17 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB955759\update\spcustom.dll + 2010-08-07 13:17 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB955759\spmsg.dll + 2010-08-07 13:06 . 2010-02-22 14:22 26488 c:\windows\$hf_mig$\KB2286198\update\spcustom.dll + 2010-08-07 13:06 . 2010-02-22 14:22 18808 c:\windows\$hf_mig$\KB2286198\spmsg.dll + 2010-08-07 13:16 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2229593\update\spcustom.dll + 2010-08-07 13:16 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB2229593\spmsg.dll + 2010-08-07 13:12 . 2010-08-07 13:12 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll - 2009-12-02 15:32 . 2009-12-02 15:32 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll + 2001-08-18 04:54 . 2009-11-27 16:08 8704 c:\windows\system32\tsbyuv.dll + 2009-11-27 16:08 . 2009-11-27 16:08 8704 c:\windows\system32\dllcache\tsbyuv.dll + 2009-11-27 16:08 . 2009-11-27 16:08 8704 c:\windows\Driver Cache\i386\tsbyuv.dll + 2010-08-07 13:12 . 2010-08-07 13:12 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll - 2009-12-02 15:32 . 2009-12-02 15:32 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll + 2010-08-07 13:12 . 2010-08-07 13:12 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll - 2009-12-02 15:33 . 2009-12-02 15:33 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll - 2009-12-02 15:32 . 2009-12-02 15:32 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll + 2010-08-07 13:12 . 2010-08-07 13:12 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll - 2009-12-02 15:32 . 2009-12-02 15:32 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll + 2010-08-07 13:12 . 2010-08-07 13:12 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll + 2010-08-07 13:07 . 2008-04-14 12:00 8192 c:\windows\$NtUninstallKB977914$\tsbyuv.dll + 2009-11-27 16:28 . 2009-11-27 16:28 8704 c:\windows\$hf_mig$\KB977914\SP3QFE\tsbyuv.dll + 2010-08-07 13:12 . 2010-08-07 13:12 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll - 2009-12-02 15:33 . 2009-12-02 15:33 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll - 2009-12-02 15:33 . 2009-12-02 15:33 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll + 2010-08-07 13:12 . 2010-08-07 13:12 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll + 2009-06-26 14:22 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll - 2009-06-26 14:22 . 2009-10-29 07:41 832512 c:\windows\system32\wininet.dll + 2009-06-26 14:22 . 2010-05-04 17:14 832512 c:\windows\system32\wininet.dll - 2009-06-26 14:22 . 2009-10-29 07:41 233472 c:\windows\system32\webcheck.dll + 2009-06-26 14:22 . 2010-05-04 17:14 233472 c:\windows\system32\webcheck.dll - 2009-06-26 14:33 . 2008-05-09 10:54 430080 c:\windows\system32\vbscript.dll + 2009-06-26 14:33 . 2010-03-09 11:09 430080 c:\windows\system32\vbscript.dll - 2009-06-26 14:22 . 2009-10-29 07:41 105984 c:\windows\system32\url.dll + 2009-06-26 14:22 . 2010-05-04 17:14 105984 c:\windows\system32\url.dll - 2009-06-26 14:32 . 2009-07-29 04:34 119808 c:\windows\system32\t2embed.dll + 2009-06-26 14:32 . 2009-10-15 16:28 119808 c:\windows\system32\t2embed.dll - 2009-06-26 14:22 . 2008-04-14 12:00 474624 c:\windows\system32\shlwapi.dll + 2009-06-26 14:22 . 2009-12-08 09:23 474624 c:\windows\system32\shlwapi.dll + 2010-03-30 22:10 . 2010-03-30 22:10 295264 c:\windows\system32\PresentationHost.exe - 2009-06-26 14:23 . 2010-05-21 11:48 435480 c:\windows\system32\perfh009.dat + 2009-06-26 14:23 . 2010-08-07 13:12 435480 c:\windows\system32\perfh009.dat - 2009-06-26 14:30 . 2009-10-29 07:41 102912 c:\windows\system32\occache.dll + 2009-06-26 14:30 . 2010-05-04 17:14 102912 c:\windows\system32\occache.dll + 2009-06-26 14:29 . 2010-05-04 17:14 671232 c:\windows\system32\mstime.dll - 2009-06-26 14:29 . 2009-10-29 07:41 671232 c:\windows\system32\mstime.dll - 2009-06-26 14:29 . 2009-10-29 07:41 193024 c:\windows\system32\msrating.dll + 2009-06-26 14:29 . 2010-05-04 17:14 193024 c:\windows\system32\msrating.dll + 2009-09-18 19:14 . 2009-12-17 07:40 346624 c:\windows\system32\mspaint.exe - 2009-09-18 19:14 . 2008-04-14 12:00 346624 c:\windows\system32\mspaint.exe + 2009-06-26 14:29 . 2010-05-04 17:14 477696 c:\windows\system32\mshtmled.dll - 2009-06-26 14:29 . 2009-10-29 07:41 477696 c:\windows\system32\mshtmled.dll - 2007-08-13 16:54 . 2009-10-29 07:40 459264 c:\windows\system32\msfeeds.dll + 2007-08-13 16:54 . 2010-05-04 17:14 459264 c:\windows\system32\msfeeds.dll + 2009-11-06 23:07 . 2009-11-06 23:07 297808 c:\windows\system32\mscoree.dll + 2009-09-18 19:16 . 2010-01-29 14:59 691712 c:\windows\system32\inetcomm.dll - 2009-09-18 19:16 . 2008-04-11 19:04 691712 c:\windows\system32\inetcomm.dll - 2007-08-13 16:34 . 2009-10-29 07:40 268288 c:\windows\system32\iertutil.dll + 2007-08-13 16:34 . 2010-05-04 17:14 268288 c:\windows\system32\iertutil.dll + 2009-06-26 14:27 . 2010-05-04 17:14 192512 c:\windows\system32\iepeers.dll + 2009-06-26 14:22 . 2010-05-04 17:14 385024 c:\windows\system32\iedkcs32.dll - 2009-06-26 14:22 . 2009-10-29 07:40 385024 c:\windows\system32\iedkcs32.dll - 2007-07-11 10:27 . 2009-10-29 07:40 380928 c:\windows\system32\ieapfltr.dll + 2007-07-11 10:27 . 2010-05-04 17:14 380928 c:\windows\system32\ieapfltr.dll - 2009-06-26 14:27 . 2009-10-28 06:52 161792 c:\windows\system32\ieakui.dll + 2009-06-26 14:27 . 2010-04-16 11:43 161792 c:\windows\system32\ieakui.dll + 2009-06-26 14:27 . 2010-05-04 17:14 230400 c:\windows\system32\ieaksie.dll - 2009-06-26 14:27 . 2009-10-29 07:40 230400 c:\windows\system32\ieaksie.dll + 2009-06-26 14:27 . 2010-05-04 17:14 153088 c:\windows\system32\ieakeng.dll - 2009-06-26 14:27 . 2009-10-29 07:40 153088 c:\windows\system32\ieakeng.dll + 2009-09-18 20:08 . 2010-08-07 20:32 114176 c:\windows\system32\FNTCACHE.DAT - 2009-09-18 20:08 . 2009-12-02 16:01 114176 c:\windows\system32\FNTCACHE.DAT + 2009-06-26 14:26 . 2010-05-04 17:14 133120 c:\windows\system32\extmgr.dll - 2009-06-26 14:26 . 2009-10-29 07:40 133120 c:\windows\system32\extmgr.dll - 2009-06-26 14:25 . 2009-10-29 07:40 214528 c:\windows\system32\dxtrans.dll + 2009-06-26 14:25 . 2010-05-04 17:14 214528 c:\windows\system32\dxtrans.dll + 2009-06-26 14:25 . 2010-05-04 17:14 347136 c:\windows\system32\dxtmsft.dll - 2009-06-26 14:25 . 2009-10-29 07:40 347136 c:\windows\system32\dxtmsft.dll + 2009-06-26 14:32 . 2010-02-11 12:02 226880 c:\windows\system32\drivers\tcpip6.sys + 2009-06-26 14:42 . 2010-02-24 13:11 455680 c:\windows\system32\drivers\mrxsmb.sys + 2009-06-26 14:22 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll + 2009-06-26 14:22 . 2010-05-04 17:14 832512 c:\windows\system32\dllcache\wininet.dll - 2009-06-26 14:22 . 2009-10-29 07:41 832512 c:\windows\system32\dllcache\wininet.dll + 2009-06-26 14:22 . 2010-05-04 17:14 233472 c:\windows\system32\dllcache\webcheck.dll - 2009-06-26 14:22 . 2009-10-29 07:41 233472 c:\windows\system32\dllcache\webcheck.dll + 2009-06-26 14:33 . 2010-03-09 11:09 430080 c:\windows\system32\dllcache\vbscript.dll - 2009-06-26 14:33 . 2008-05-09 10:54 430080 c:\windows\system32\dllcache\vbscript.dll + 2009-06-26 14:22 . 2010-05-04 17:14 105984 c:\windows\system32\dllcache\url.dll - 2009-06-26 14:22 . 2009-10-29 07:41 105984 c:\windows\system32\dllcache\url.dll + 2009-06-26 14:32 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys + 2009-06-26 14:32 . 2009-10-15 16:28 119808 c:\windows\system32\dllcache\t2embed.dll - 2009-06-26 14:32 . 2009-07-29 04:34 119808 c:\windows\system32\dllcache\t2embed.dll - 2009-06-26 14:22 . 2008-04-14 12:00 474624 c:\windows\system32\dllcache\shlwapi.dll + 2009-06-26 14:22 . 2009-12-08 09:23 474624 c:\windows\system32\dllcache\shlwapi.dll + 2009-06-26 14:30 . 2010-05-04 17:14 102912 c:\windows\system32\dllcache\occache.dll - 2009-06-26 14:30 . 2009-10-29 07:41 102912 c:\windows\system32\dllcache\occache.dll + 2009-06-26 14:29 . 2010-05-04 17:14 671232 c:\windows\system32\dllcache\mstime.dll - 2009-06-26 14:29 . 2009-10-29 07:41 671232 c:\windows\system32\dllcache\mstime.dll - 2009-06-26 14:29 . 2009-10-29 07:41 193024 c:\windows\system32\dllcache\msrating.dll + 2009-06-26 14:29 . 2010-05-04 17:14 193024 c:\windows\system32\dllcache\msrating.dll - 2009-09-18 19:14 . 2008-04-14 12:00 346624 c:\windows\system32\dllcache\mspaint.exe + 2009-09-18 19:14 . 2009-12-17 07:40 346624 c:\windows\system32\dllcache\mspaint.exe + 2009-06-26 14:29 . 2010-05-04 17:14 477696 c:\windows\system32\dllcache\mshtmled.dll - 2009-06-26 14:29 . 2009-10-29 07:41 477696 c:\windows\system32\dllcache\mshtmled.dll + 2009-09-18 15:03 . 2010-05-04 17:14 459264 c:\windows\system32\dllcache\msfeeds.dll - 2009-09-18 15:03 . 2009-10-29 07:40 459264 c:\windows\system32\dllcache\msfeeds.dll + 2009-09-18 14:07 . 2010-02-24 13:11 455680 c:\windows\system32\dllcache\mrxsmb.sys + 2009-09-18 19:16 . 2010-01-29 14:59 691712 c:\windows\system32\dllcache\inetcomm.dll - 2009-09-18 19:16 . 2008-04-11 19:04 691712 c:\windows\system32\dllcache\inetcomm.dll + 2009-09-18 19:16 . 2010-04-16 11:43 634656 c:\windows\system32\dllcache\iexplore.exe - 2009-09-18 15:03 . 2009-10-29 07:40 268288 c:\windows\system32\dllcache\iertutil.dll + 2009-09-18 15:03 . 2010-05-04 17:14 268288 c:\windows\system32\dllcache\iertutil.dll + 2009-06-26 14:27 . 2010-05-04 17:14 192512 c:\windows\system32\dllcache\iepeers.dll + 2009-06-26 14:22 . 2010-05-04 17:14 385024 c:\windows\system32\dllcache\iedkcs32.dll - 2009-06-26 14:22 . 2009-10-29 07:40 385024 c:\windows\system32\dllcache\iedkcs32.dll + 2009-09-18 15:03 . 2010-05-04 17:14 380928 c:\windows\system32\dllcache\ieapfltr.dll - 2009-09-18 15:03 . 2009-10-29 07:40 380928 c:\windows\system32\dllcache\ieapfltr.dll - 2009-06-26 14:27 . 2009-10-28 06:52 161792 c:\windows\system32\dllcache\ieakui.dll + 2009-06-26 14:27 . 2010-04-16 11:43 161792 c:\windows\system32\dllcache\ieakui.dll - 2009-06-26 14:27 . 2009-10-29 07:40 230400 c:\windows\system32\dllcache\ieaksie.dll + 2009-06-26 14:27 . 2010-05-04 17:14 230400 c:\windows\system32\dllcache\ieaksie.dll - 2009-06-26 14:27 . 2009-10-29 07:40 153088 c:\windows\system32\dllcache\ieakeng.dll + 2009-06-26 14:27 . 2010-05-04 17:14 153088 c:\windows\system32\dllcache\ieakeng.dll - 2009-09-18 19:16 . 2008-04-14 12:00 744448 c:\windows\system32\dllcache\helpsvc.exe + 2009-09-18 19:16 . 2010-06-14 14:31 744448 c:\windows\system32\dllcache\helpsvc.exe + 2009-06-26 14:26 . 2010-05-04 17:14 133120 c:\windows\system32\dllcache\extmgr.dll - 2009-06-26 14:26 . 2009-10-29 07:40 133120 c:\windows\system32\dllcache\extmgr.dll + 2009-06-26 14:25 . 2010-05-04 17:14 214528 c:\windows\system32\dllcache\dxtrans.dll - 2009-06-26 14:25 . 2009-10-29 07:40 214528 c:\windows\system32\dllcache\dxtrans.dll - 2009-06-26 14:25 . 2009-10-29 07:40 347136 c:\windows\system32\dllcache\dxtmsft.dll + 2009-06-26 14:25 . 2010-05-04 17:14 347136 c:\windows\system32\dllcache\dxtmsft.dll + 2009-06-26 14:23 . 2010-04-20 05:29 285696 c:\windows\system32\dllcache\atmfd.dll - 2009-06-26 14:23 . 2008-04-14 12:00 285696 c:\windows\system32\dllcache\atmfd.dll - 2009-06-26 14:22 . 2009-10-29 07:40 124928 c:\windows\system32\dllcache\advpack.dll + 2009-06-26 14:22 . 2010-05-04 17:14 124928 c:\windows\system32\dllcache\advpack.dll + 2009-06-26 14:23 . 2009-11-21 15:54 471552 c:\windows\system32\dllcache\aclayers.dll + 2009-06-26 14:23 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll + 2010-08-05 13:58 . 2010-02-12 10:03 293376 c:\windows\system32\browserchoice.exe + 2009-06-26 14:23 . 2010-04-20 05:29 285696 c:\windows\system32\atmfd.dll - 2009-06-26 14:23 . 2008-04-14 12:00 285696 c:\windows\system32\atmfd.dll + 2009-06-26 14:22 . 2010-05-04 17:14 124928 c:\windows\system32\advpack.dll - 2009-06-26 14:22 . 2009-10-29 07:40 124928 c:\windows\system32\advpack.dll + 2009-06-26 14:23 . 2010-02-12 04:33 100864 c:\windows\system32\6to4svc.dll + 2009-09-18 19:16 . 2010-06-14 14:31 744448 c:\windows\pchealth\helpctr\binaries\helpsvc.exe - 2009-09-18 19:16 . 2008-04-14 12:00 744448 c:\windows\pchealth\helpctr\binaries\HelpSvc.exe + 2010-03-30 22:16 . 2010-03-30 22:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll + 2010-04-07 21:48 . 2010-04-07 21:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll - 2008-07-29 17:16 . 2008-07-29 17:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll + 2010-04-07 21:48 . 2010-04-07 21:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll + 2010-03-23 03:31 . 2010-03-23 03:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll - 2008-07-25 09:17 . 2008-07-25 09:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll + 2010-02-09 10:22 . 2010-02-09 10:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll - 2008-05-27 23:49 . 2008-05-27 23:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll + 2010-03-31 12:51 . 2010-03-31 12:51 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll + 2010-03-31 12:49 . 2010-03-31 12:49 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll - 2008-05-27 23:48 . 2008-05-27 23:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll + 2010-03-31 13:32 . 2010-03-31 13:32 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll - 2008-05-28 00:30 . 2008-05-28 00:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll + 2010-02-24 22:14 . 2010-02-24 22:14 543232 c:\windows\Installer\e33686.msp + 2010-08-05 15:07 . 2009-10-29 07:41 832512 c:\windows\ie7updates\KB982381-IE7\wininet.dll + 2010-08-05 15:07 . 2009-10-29 07:41 233472 c:\windows\ie7updates\KB982381-IE7\webcheck.dll + 2010-08-05 15:07 . 2009-10-29 07:41 105984 c:\windows\ie7updates\KB982381-IE7\url.dll + 2010-08-05 15:07 . 2009-05-26 11:40 388984 c:\windows\ie7updates\KB982381-IE7\spuninst\updspapi.dll + 2010-08-05 15:07 . 2008-07-08 13:00 234872 c:\windows\ie7updates\KB982381-IE7\spuninst\spuninst.exe + 2010-08-05 15:07 . 2009-10-29 07:41 102912 c:\windows\ie7updates\KB982381-IE7\occache.dll + 2010-08-05 15:07 . 2009-10-29 07:41 671232 c:\windows\ie7updates\KB982381-IE7\mstime.dll + 2010-08-05 15:07 . 2009-10-29 07:41 193024 c:\windows\ie7updates\KB982381-IE7\msrating.dll + 2010-08-05 15:07 . 2009-10-29 07:41 477696 c:\windows\ie7updates\KB982381-IE7\mshtmled.dll + 2010-08-05 15:07 . 2009-10-29 07:40 459264 c:\windows\ie7updates\KB982381-IE7\msfeeds.dll + 2010-08-05 15:07 . 2009-10-28 06:54 634632 c:\windows\ie7updates\KB982381-IE7\iexplore.exe + 2010-08-05 15:07 . 2009-10-29 07:40 268288 c:\windows\ie7updates\KB982381-IE7\iertutil.dll + 2010-08-05 15:07 . 2007-08-13 16:54 191488 c:\windows\ie7updates\KB982381-IE7\iepeers.dll + 2010-08-05 15:07 . 2009-10-29 07:40 385024 c:\windows\ie7updates\KB982381-IE7\iedkcs32.dll + 2010-08-05 15:07 . 2009-10-29 07:40 380928 c:\windows\ie7updates\KB982381-IE7\ieapfltr.dll + 2010-08-05 15:07 . 2009-10-28 06:52 161792 c:\windows\ie7updates\KB982381-IE7\ieakui.dll + 2010-08-05 15:07 . 2009-10-29 07:40 230400 c:\windows\ie7updates\KB982381-IE7\ieaksie.dll + 2010-08-05 15:07 . 2009-10-29 07:40 153088 c:\windows\ie7updates\KB982381-IE7\ieakeng.dll + 2010-08-05 15:07 . 2009-10-29 07:40 133120 c:\windows\ie7updates\KB982381-IE7\extmgr.dll + 2010-08-05 15:07 . 2009-10-29 07:40 214528 c:\windows\ie7updates\KB982381-IE7\dxtrans.dll + 2010-08-05 15:07 . 2009-10-29 07:40 347136 c:\windows\ie7updates\KB982381-IE7\dxtmsft.dll + 2010-08-05 15:07 . 2009-10-29 07:40 124928 c:\windows\ie7updates\KB982381-IE7\advpack.dll + 2009-09-18 14:07 . 2010-02-24 13:11 455680 c:\windows\Driver Cache\i386\mrxsmb.sys + 2010-08-07 13:19 . 2010-08-07 13:19 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_54e1816a\System.Drawing.dll + 2010-08-07 13:19 . 2010-08-07 13:19 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_037f1333\System.Drawing.Design.dll + 2010-08-07 13:19 . 2010-08-07 13:19 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_425eeaba\CustomMarshalers.dll + 2010-08-06 13:13 . 2010-08-06 13:13 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\4d07b1ccecca66f320c1a0971dd614d1\WsatConfig.ni.exe + 2010-08-07 13:18 . 2010-08-07 13:18 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\b3a9fac9aea3ad913781fafbdcbb0cae\WindowsFormsIntegration.ni.dll + 2010-08-07 13:17 . 2010-08-07 13:17 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\4131a3627fec69291dbaed236f30dc65\UIAutomationClient.ni.dll + 2010-08-06 13:20 . 2010-08-06 13:20 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\747e84d81d1de2041661f0f71b04734a\System.Xml.Linq.ni.dll + 2010-08-06 13:19 . 2010-08-06 13:19 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\d51dfbd8d5431eb89181baaa24863e15\System.Web.Routing.ni.dll + 2010-08-06 13:20 . 2010-08-06 13:20 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\436dde9611932489da3dc8a1be170843\System.Web.RegularExpressions.ni.dll + 2010-08-06 13:19 . 2010-08-06 13:19 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\e8ef769b3e899e62b26daadee50b97ed\System.Web.Extensions.Design.ni.dll + 2010-08-06 13:19 . 2010-08-06 13:19 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\ce3b446b7bee5c47949c994ec89b1649\System.Web.Entity.ni.dll + 2010-08-06 13:19 . 2010-08-06 13:19 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ad04fe1182e55e7c01066b62a4bee6b5\System.Web.Entity.Design.ni.dll + 2010-08-06 13:19 . 2010-08-06 13:19 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\20ba0d4d182a1a9c1f54c00d3bc29a68\System.Web.DynamicData.ni.dll + 2010-08-06 13:19 . 2010-08-06 13:19 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\c97ecf9250c2f0794262534f27f98b72\System.Web.Abstractions.ni.dll + 2010-08-06 13:18 . 2010-08-06 13:18 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9c56656c88979cf18de6cbcb6587ba8f\System.Transactions.ni.dll + 2010-08-06 13:18 . 2010-08-06 13:18 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll + 2010-08-06 13:14 . 2010-08-06 13:14 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\42b2ffb594dbd5652a576a0dce28722c\System.Security.ni.dll + 2010-08-06 13:18 . 2010-08-06 13:18 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3231473e2ec4451c8f218930fda80d19\System.Runtime.Serialization.Formatters.Soap.ni.dll + 2010-08-06 13:18 . 2010-08-06 13:18 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\f90965b9d9a6a6604c9a66f57c37c026\System.Net.ni.dll + 2010-08-06 13:18 . 2010-08-06 13:18 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\16670b6870746e5a8dc4a73a76a90bed\System.Management.ni.dll + 2010-08-06 13:18 . 2010-08-06 13:18 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e6bd59fec415e273c173170c6508180a\System.Management.Instrumentation.ni.dll + 2010-08-06 13:11 . 2010-08-06 13:11 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e3eb86170cba4c80e6e22ca33c63c218\System.IO.Log.ni.dll + 2010-08-06 13:14 . 2010-08-06 13:14 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cfa48936affc9a5fb89f0bf66cc52a47\System.IdentityModel.Selectors.ni.dll + 2010-08-06 13:18 . 2010-08-06 13:18 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.Wrapper.dll + 2010-08-06 13:18 . 2010-08-06 13:18 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.ni.dll + 2010-08-06 12:47 . 2010-08-06 12:47 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\aeba6820f20655dec7fe0fe05aaeb818\System.Drawing.Design.ni.dll + 2010-08-06 13:18 . 2010-08-06 13:18 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\9ef70079beca3a9982a3aa76ebc0ddd8\System.DirectoryServices.Protocols.ni.dll + 2010-08-06 13:18 . 2010-08-06 13:18 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\277619716d9136216065bea970365c65\System.DirectoryServices.AccountManagement.ni.dll + 2010-08-06 13:18 . 2010-08-06 13:18 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\90b67e13866b176ae6cbdb23144f724d\System.Data.Services.Client.ni.dll + 2010-08-06 13:18 . 2010-08-06 13:18 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\131a477d41a8669b15696128b94c2636\System.Data.Services.Design.ni.dll + 2010-08-06 13:17 . 2010-08-06 13:17 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\d4990681ce373d81a52b231ee4c4afea\System.Data.Entity.Design.ni.dll + 2010-08-06 13:15 . 2010-08-06 13:15 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\9e9d66a3a0e16fceead505c25af569eb\System.Data.DataSetExtensions.ni.dll + 2010-08-06 13:14 . 2010-08-06 13:14 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll + 2010-08-06 13:18 . 2010-08-06 13:18 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\39e4f9a276fb12125d8a1444d8b65a84\System.Configuration.Install.ni.dll + 2010-08-06 13:15 . 2010-08-06 13:15 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\849916c5cb3ff7763d15a3976766c2f6\System.AddIn.ni.dll + 2010-08-06 13:13 . 2010-08-06 13:13 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\f38a426b90e6c526dcb2c435c7380450\SMSvcHost.ni.exe + 2010-08-06 13:13 . 2010-08-06 13:13 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6cabc7d1700c224e8b41ff2f96a3087c\SMDiagnostics.ni.dll + 2010-08-06 13:13 . 2010-08-06 13:13 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5c8f5ca36498f43980d64820d8186c8a\ServiceModelReg.ni.exe + 2010-08-07 13:17 . 2010-08-07 13:17 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a10c2c7e38291c3ada631ad13e762818\PresentationFramework.Aero.ni.dll + 2010-08-07 13:17 . 2010-08-07 13:17 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7579c76fa81eb309d3170b62467be58d\PresentationFramework.Luna.ni.dll + 2010-08-07 13:17 . 2010-08-07 13:17 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bef0992fb684e71dbfab5c0a99316af\PresentationFramework.Classic.ni.dll + 2010-08-07 13:17 . 2010-08-07 13:17 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2f6687d394813d760496f60acf046384\PresentationFramework.Royale.ni.dll + 2010-08-06 13:14 . 2010-08-06 13:14 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7700963610c1af364aa934c3c824b7b4\MSBuild.ni.exe + 2010-08-06 13:13 . 2010-08-06 13:13 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\c74d4c69c49992dfb23ba512081dc3de\Microsoft.Transactions.Bridge.Dtc.ni.dll + 2010-08-06 13:14 . 2010-08-06 13:14 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\a6a9f24b1a8984eaafbabb1ee968e359\Microsoft.Build.Utilities.ni.dll + 2010-08-06 13:14 . 2010-08-06 13:14 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\2fa81d363cb1496be2427d848a867409\Microsoft.Build.Utilities.v3.5.ni.dll + 2010-08-06 13:14 . 2010-08-06 13:14 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\c4c360df9c1024ebc3f0de77f5cf8b1c\Microsoft.Build.Engine.ni.dll + 2010-08-06 13:14 . 2010-08-06 13:14 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c9386dcd89c2518a74115f3bfd861830\Microsoft.Build.Conversion.v3.5.ni.dll + 2010-08-06 13:13 . 2010-08-06 13:13 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\abb62e3ed74c974f0282bc7ea5d3f1c1\ComSvcConfig.ni.exe + 2010-08-06 13:13 . 2010-08-06 13:13 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\6d34f00b6a782d15bec70d6cdb00b5e8\AspNetMMCExt.ni.dll + 2010-08-07 13:12 . 2010-08-07 13:12 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll - 2009-12-02 15:32 . 2009-12-02 15:32 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll - 2009-12-02 15:32 . 2009-12-02 15:32 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll + 2010-08-07 13:12 . 2010-08-07 13:12 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll + 2010-08-07 13:12 . 2010-08-07 13:12 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll - 2009-12-02 15:32 . 2009-12-02 15:32 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll + 2010-08-07 13:12 . 2010-08-07 13:12 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll - 2009-12-02 15:33 . 2009-12-02 15:33 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll + 2010-08-05 15:14 . 2010-08-05 15:14 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll - 2009-12-02 15:33 . 2009-12-02 15:33 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2010-08-07 13:12 . 2010-08-07 13:12 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2010-08-07 13:12 . 2010-08-07 13:12 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll - 2009-12-02 15:33 . 2009-12-02 15:33 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll + 2010-08-07 13:12 . 2010-08-07 13:12 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll - 2009-12-02 15:33 . 2009-12-02 15:33 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll - 2009-12-02 15:33 . 2009-12-02 15:33 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll + 2010-08-07 13:12 . 2010-08-07 13:12 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll + 2010-08-05 15:14 . 2010-08-05 15:14 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll - 2009-12-02 15:33 . 2009-12-02 15:33 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll + 2010-08-07 13:12 . 2010-08-07 13:12 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll - 2009-12-02 15:32 . 2009-12-02 15:32 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll + 2010-08-07 13:12 . 2010-08-07 13:12 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll + 2010-08-07 13:12 . 2010-08-07 13:12 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll - 2009-12-02 15:32 . 2009-12-02 15:32 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll + 2010-08-07 13:12 . 2010-08-07 13:12 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll - 2009-12-02 15:33 . 2009-12-02 15:33 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll - 2009-12-02 15:33 . 2009-12-02 15:33 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll + 2010-08-07 13:12 . 2010-08-07 13:12 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll - 2009-12-02 15:33 . 2009-12-02 15:33 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll + 2010-08-07 13:12 . 2010-08-07 13:12 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll + 2010-08-07 13:12 . 2010-08-07 13:12 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll - 2009-12-02 15:33 . 2009-12-02 15:33 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll + 2010-08-05 15:14 . 2010-08-05 15:14 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll - 2009-09-21 12:01 . 2009-09-21 12:01 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll + 2010-08-07 13:12 . 2010-08-07 13:12 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll - 2009-12-02 15:32 . 2009-12-02 15:32 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll - 2009-12-02 15:32 . 2009-12-02 15:32 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll + 2010-08-07 13:12 . 2010-08-07 13:12 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll - 2009-12-02 15:32 . 2009-12-02 15:32 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll + 2010-08-07 13:12 . 2010-08-07 13:12 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll - 2009-12-02 15:32 . 2009-12-02 15:32 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2010-08-07 13:12 . 2010-08-07 13:12 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll - 2009-12-02 15:33 . 2009-12-02 15:33 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll + 2010-08-07 13:12 . 2010-08-07 13:12 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll - 2009-12-02 15:33 . 2009-12-02 15:33 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll + 2010-08-07 13:12 . 2010-08-07 13:12 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll - 2009-12-02 15:32 . 2009-12-02 15:32 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll + 2010-08-07 13:11 . 2010-08-07 13:11 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll - 2009-12-02 15:32 . 2009-12-02 15:32 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll + 2010-08-07 13:12 . 2010-08-07 13:12 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll + 2010-08-07 13:12 . 2010-08-07 13:12 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll - 2009-12-02 15:33 . 2009-12-02 15:33 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll - 2009-12-02 15:33 . 2009-12-02 15:33 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll + 2010-08-07 13:12 . 2010-08-07 13:12 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2009-12-02 15:33 . 2009-12-02 15:33 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll + 2010-08-07 13:12 . 2010-08-07 13:12 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll + 2009-06-26 14:23 . 2009-11-21 15:54 471552 c:\windows\AppPatch\aclayers.dll + 2010-08-07 13:07 . 2009-05-26 09:01 388984 c:\windows\$NtUninstallKB981793$\spuninst\updspapi.dll + 2010-08-07 13:07 . 2009-05-26 09:01 234872 c:\windows\$NtUninstallKB981793$\spuninst\spuninst.exe + 2010-08-07 13:17 . 2008-05-09 10:54 430080 c:\windows\$NtUninstallKB981349$\vbscript.dll + 2010-08-07 13:17 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB981349$\spuninst\updspapi.dll + 2010-08-07 13:17 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB981349$\spuninst\spuninst.exe + 2010-08-07 13:18 . 2009-05-26 09:01 388984 c:\windows\$NtUninstallKB980232$\spuninst\updspapi.dll + 2010-08-07 13:18 . 2009-05-26 09:01 234872 c:\windows\$NtUninstallKB980232$\spuninst\spuninst.exe + 2010-08-07 13:18 . 2008-10-24 11:21 455296 c:\windows\$NtUninstallKB980232$\mrxsmb.sys + 2010-08-07 13:19 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB980218$\spuninst\updspapi.dll + 2010-08-07 13:19 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB980218$\spuninst\spuninst.exe + 2010-08-07 13:19 . 2008-04-14 12:00 285696 c:\windows\$NtUninstallKB980218$\atmfd.dll + 2010-08-07 13:18 . 2008-07-08 13:00 388984 c:\windows\$NtUninstallKB980195$\spuninst\updspapi.dll + 2010-08-07 13:18 . 2008-07-08 13:00 234872 c:\windows\$NtUninstallKB980195$\spuninst\spuninst.exe + 2010-08-07 13:18 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB979683$\spuninst\updspapi.dll + 2010-08-07 13:18 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB979683$\spuninst\spuninst.exe + 2010-08-07 13:07 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB979559$\spuninst\updspapi.dll + 2010-08-07 13:07 . 2009-05-26 09:01 234872 c:\windows\$NtUninstallKB979559$\spuninst\spuninst.exe + 2010-08-07 13:06 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB979482$\spuninst\updspapi.dll + 2010-08-07 13:06 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB979482$\spuninst\spuninst.exe + 2010-08-07 13:06 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB979309$\spuninst\updspapi.dll + 2010-08-07 13:06 . 2008-07-08 13:00 234872 c:\windows\$NtUninstallKB979309$\spuninst\spuninst.exe + 2010-08-07 13:06 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB978706$\spuninst\updspapi.dll + 2010-08-07 13:06 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB978706$\spuninst\spuninst.exe + 2010-08-07 13:06 . 2008-04-14 12:00 346624 c:\windows\$NtUninstallKB978706$\mspaint.exe + 2010-08-07 13:07 . 2007-07-27 21:11 382840 c:\windows\$NtUninstallKB978695_WM9$\spuninst\updspapi.dll + 2010-08-07 13:07 . 2007-07-27 18:46 234872 c:\windows\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe + 2010-08-07 13:07 . 2008-04-14 12:00 176640 c:\windows\$NtUninstallKB978601$\wintrust.dll + 2010-08-07 13:07 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB978601$\spuninst\updspapi.dll + 2010-08-07 13:07 . 2008-07-08 13:00 234872 c:\windows\$NtUninstallKB978601$\spuninst\spuninst.exe + 2010-08-07 13:06 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB978542$\spuninst\updspapi.dll + 2010-08-07 13:06 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB978542$\spuninst\spuninst.exe + 2010-08-07 13:06 . 2008-04-11 19:04 691712 c:\windows\$NtUninstallKB978542$\inetcomm.dll + 2010-08-07 13:16 . 2008-06-20 11:08 225856 c:\windows\$NtUninstallKB978338$\tcpip6.sys + 2010-08-07 13:16 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB978338$\spuninst\updspapi.dll + 2010-08-07 13:16 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB978338$\spuninst\spuninst.exe + 2010-08-07 13:16 . 2008-04-14 12:00 100352 c:\windows\$NtUninstallKB978338$\6to4svc.dll + 2010-08-07 13:16 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB978037$\spuninst\updspapi.dll + 2010-08-07 13:16 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB978037$\spuninst\spuninst.exe + 2010-08-07 13:07 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB977914$\spuninst\updspapi.dll + 2010-08-07 13:07 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB977914$\spuninst\spuninst.exe + 2010-08-07 13:07 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB977816$\spuninst\updspapi.dll + 2010-08-07 13:07 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB977816$\spuninst\spuninst.exe + 2010-08-07 13:16 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB975713$\spuninst\updspapi.dll + 2010-08-07 13:16 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB975713$\spuninst\spuninst.exe + 2010-08-07 13:16 . 2008-04-14 12:00 474624 c:\windows\$NtUninstallKB975713$\shlwapi.dll + 2010-08-07 13:06 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB975562$\spuninst\updspapi.dll + 2010-08-07 13:06 . 2008-07-08 13:00 234872 c:\windows\$NtUninstallKB975562$\spuninst\spuninst.exe + 2010-08-07 13:08 . 2009-05-26 15:10 388984 c:\windows\$NtUninstallKB975561$\spuninst\updspapi.dll + 2010-08-07 13:08 . 2008-07-08 13:00 234872 c:\windows\$NtUninstallKB975561$\spuninst\spuninst.exe + 2010-08-07 13:07 . 2009-05-26 11:40 388984 c:\windows\$NtUninstallKB975560$\spuninst\updspapi.dll + 2010-08-07 13:07 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB975560$\spuninst\spuninst.exe + 2010-08-07 13:16 . 2009-07-29 04:34 119808 c:\windows\$NtUninstallKB972270$\t2embed.dll + 2010-08-07 13:16 . 2008-07-08 13:00 388984 c:\windows\$NtUninstallKB972270$\spuninst\updspapi.dll + 2010-08-07 13:16 . 2008-07-08 13:00 234872 c:\windows\$NtUninstallKB972270$\spuninst\spuninst.exe + 2010-08-07 13:17 . 2009-05-26 15:10 388984 c:\windows\$NtUninstallKB955759$\spuninst\updspapi.dll + 2010-08-07 13:17 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB955759$\spuninst\spuninst.exe + 2010-08-07 13:17 . 2008-04-14 12:00 451072 c:\windows\$NtUninstallKB955759$\aclayers.dll + 2010-08-07 13:06 . 2010-02-22 14:22 388984 c:\windows\$NtUninstallKB2286198$\spuninst\updspapi.dll + 2010-08-07 13:06 . 2010-02-22 14:22 234872 c:\windows\$NtUninstallKB2286198$\spuninst\spuninst.exe + 2010-08-07 13:16 . 2010-02-22 17:52 388984 c:\windows\$NtUninstallKB2229593$\spuninst\updspapi.dll + 2010-08-07 13:16 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB2229593$\spuninst\spuninst.exe + 2010-08-07 13:16 . 2008-04-14 12:00 744448 c:\windows\$NtUninstallKB2229593$\helpsvc.exe + 2010-08-05 15:07 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB982381-IE7\update\updspapi.dll + 2010-08-05 15:07 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB982381-IE7\update\update.exe + 2010-08-05 15:07 . 2008-07-08 13:00 234872 c:\windows\$hf_mig$\KB982381-IE7\spuninst.exe + 2010-05-04 16:48 . 2010-05-04 16:48 841216 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\wininet.dll + 2010-05-04 16:48 . 2010-05-04 16:48 233472 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\webcheck.dll + 2010-05-04 16:48 . 2010-05-04 16:48 105984 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\url.dll + 2010-05-04 16:48 . 2010-05-04 16:48 102912 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\occache.dll + 2010-05-04 16:48 . 2010-05-04 16:48 671232 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\mstime.dll + 2010-05-04 16:48 . 2010-05-04 16:48 193024 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\msrating.dll + 2010-05-04 16:48 . 2010-05-04 16:48 477696 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\mshtmled.dll + 2010-05-04 16:48 . 2010-05-04 16:48 459264 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\msfeeds.dll + 2010-04-16 11:08 . 2010-04-16 11:08 634648 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iexplore.exe + 2010-05-04 16:48 . 2010-05-04 16:48 268288 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iertutil.dll + 2010-05-04 16:48 . 2010-05-04 16:48 193024 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iepeers.dll + 2010-05-04 16:48 . 2010-05-04 16:48 388608 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iedkcs32.dll + 2010-05-04 16:48 . 2010-05-04 16:48 380928 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieapfltr.dll + 2010-04-16 11:06 . 2010-04-16 11:06 161792 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieakui.dll + 2010-05-04 16:48 . 2010-05-04 16:48 230400 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieaksie.dll + 2010-05-04 16:48 . 2010-05-04 16:48 153088 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieakeng.dll + 2010-05-04 16:48 . 2010-05-04 16:48 132608 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\extmgr.dll + 2010-05-04 16:48 . 2010-05-04 16:48 214528 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\dxtrans.dll + 2010-05-04 16:48 . 2010-05-04 16:48 347136 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\dxtmsft.dll + 2010-05-04 16:48 . 2010-05-04 16:48 124928 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\advpack.dll + 2010-08-07 13:17 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB981349\update\updspapi.dll + 2010-08-07 13:17 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB981349\update\update.exe + 2010-08-07 13:17 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB981349\spuninst.exe + 2010-03-09 11:07 . 2010-03-09 11:07 430080 c:\windows\$hf_mig$\KB981349\SP3QFE\vbscript.dll + 2010-08-07 13:18 . 2009-05-26 09:01 388984 c:\windows\$hf_mig$\KB980232\update\updspapi.dll + 2010-08-07 13:18 . 2009-05-26 09:01 765304 c:\windows\$hf_mig$\KB980232\update\update.exe + 2010-08-07 13:18 . 2009-05-26 09:01 234872 c:\windows\$hf_mig$\KB980232\spuninst.exe + 2010-08-05 14:01 . 2010-02-24 11:57 457216 c:\windows\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys + 2010-08-07 13:19 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB980218\update\updspapi.dll + 2010-08-07 13:19 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB980218\update\update.exe + 2010-08-07 13:19 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB980218\spuninst.exe + 2010-04-20 05:37 . 2010-04-20 05:37 285824 c:\windows\$hf_mig$\KB980218\SP3QFE\atmfd.dll + 2010-08-07 13:18 . 2008-07-08 13:00 388984 c:\windows\$hf_mig$\KB980195\update\updspapi.dll + 2010-08-07 13:18 . 2008-07-08 13:00 765304 c:\windows\$hf_mig$\KB980195\update\update.exe + 2010-08-07 13:18 . 2008-07-08 13:00 234872 c:\windows\$hf_mig$\KB980195\spuninst.exe + 2010-08-07 13:18 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB979683\update\updspapi.dll + 2010-08-07 13:18 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB979683\update\update.exe + 2010-08-07 13:18 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB979683\spuninst.exe + 2010-08-07 13:07 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB979559\update\updspapi.dll + 2010-08-07 13:07 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB979559\update\update.exe + 2010-08-07 13:07 . 2009-05-26 09:01 234872 c:\windows\$hf_mig$\KB979559\spuninst.exe + 2010-08-07 13:06 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB979482\update\updspapi.dll + 2010-08-07 13:06 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB979482\update\update.exe + 2010-08-07 13:06 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB979482\spuninst.exe + 2010-08-07 13:06 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB979309\update\updspapi.dll + 2010-08-07 13:06 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB979309\update\update.exe + 2010-08-07 13:06 . 2008-07-08 13:00 234872 c:\windows\$hf_mig$\KB979309\spuninst.exe + 2010-08-07 13:06 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB978706\update\updspapi.dll + 2010-08-07 13:06 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB978706\update\update.exe + 2010-08-07 13:06 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB978706\spuninst.exe + 2009-12-17 07:37 . 2009-12-17 07:37 346624 c:\windows\$hf_mig$\KB978706\SP3QFE\mspaint.exe + 2010-08-07 13:07 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB978601\update\updspapi.dll + 2010-08-07 13:07 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB978601\update\update.exe + 2010-08-07 13:07 . 2008-07-08 13:00 234872 c:\windows\$hf_mig$\KB978601\spuninst.exe + 2009-12-24 06:42 . 2009-12-24 06:42 178176 c:\windows\$hf_mig$\KB978601\SP3QFE\wintrust.dll + 2010-08-07 13:06 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB978542\update\updspapi.dll + 2010-08-07 13:06 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB978542\update\update.exe + 2010-08-07 13:06 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB978542\spuninst.exe + 2010-01-29 14:53 . 2010-01-29 14:53 691712 c:\windows\$hf_mig$\KB978542\SP3QFE\inetcomm.dll + 2010-08-07 13:16 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB978338\update\updspapi.dll + 2010-08-07 13:16 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB978338\update\update.exe + 2010-08-07 13:16 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB978338\spuninst.exe + 2010-02-11 11:36 . 2010-02-11 11:36 226880 c:\windows\$hf_mig$\KB978338\SP3QFE\tcpip6.sys + 2010-02-12 04:28 . 2010-02-12 04:28 100864 c:\windows\$hf_mig$\KB978338\SP3QFE\6to4svc.dll + 2010-08-07 13:16 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB978037\update\updspapi.dll + 2010-08-07 13:16 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB978037\update\update.exe + 2010-08-07 13:16 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB978037\spuninst.exe + 2010-08-07 13:07 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB977914\update\updspapi.dll + 2010-08-07 13:07 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB977914\update\update.exe + 2010-08-07 13:07 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB977914\spuninst.exe + 2010-08-07 13:07 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB977816\update\updspapi.dll + 2010-08-07 13:07 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB977816\update\update.exe + 2010-08-07 13:07 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB977816\spuninst.exe + 2010-08-07 13:16 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB975713\update\updspapi.dll + 2010-08-07 13:16 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB975713\update\update.exe + 2010-08-07 13:16 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB975713\spuninst.exe + 2009-12-08 09:01 . 2009-12-08 09:01 474624 c:\windows\$hf_mig$\KB975713\SP3QFE\shlwapi.dll + 2010-08-07 13:06 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB975562\update\updspapi.dll + 2010-08-07 13:06 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB975562\update\update.exe + 2010-08-07 13:06 . 2008-07-08 13:00 234872 c:\windows\$hf_mig$\KB975562\spuninst.exe + 2010-08-07 13:08 . 2009-05-26 15:10 388984 c:\windows\$hf_mig$\KB975561\update\updspapi.dll + 2010-08-07 13:08 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB975561\update\update.exe + 2010-08-07 13:08 . 2008-07-08 13:00 234872 c:\windows\$hf_mig$\KB975561\spuninst.exe + 2010-08-07 13:07 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB975560\update\updspapi.dll + 2010-08-07 13:07 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB975560\update\update.exe + 2010-08-07 13:07 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB975560\spuninst.exe + 2010-08-07 13:16 . 2008-07-08 13:00 388984 c:\windows\$hf_mig$\KB972270\update\updspapi.dll + 2010-08-07 13:16 . 2008-07-08 13:00 765304 c:\windows\$hf_mig$\KB972270\update\update.exe + 2010-08-07 13:16 . 2008-07-08 13:00 234872 c:\windows\$hf_mig$\KB972270\spuninst.exe + 2010-08-05 14:01 . 2009-10-15 16:38 119808 c:\windows\$hf_mig$\KB972270\SP3QFE\t2embed.dll + 2010-08-07 13:17 . 2009-05-26 15:10 388984 c:\windows\$hf_mig$\KB955759\update\updspapi.dll + 2010-08-07 13:17 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB955759\update\update.exe + 2010-08-07 13:17 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB955759\spuninst.exe + 2010-08-05 14:01 . 2009-11-21 15:42 471552 c:\windows\$hf_mig$\KB955759\SP3QFE\aclayers.dll + 2010-08-07 13:06 . 2010-02-22 14:22 388984 c:\windows\$hf_mig$\KB2286198\update\updspapi.dll + 2010-08-07 13:06 . 2010-02-22 14:22 765304 c:\windows\$hf_mig$\KB2286198\update\update.exe + 2010-08-07 13:06 . 2010-02-22 14:22 234872 c:\windows\$hf_mig$\KB2286198\spuninst.exe + 2010-08-07 13:16 . 2010-02-22 17:52 388984 c:\windows\$hf_mig$\KB2229593\update\updspapi.dll + 2010-08-07 13:16 . 2010-02-22 14:21 765304 c:\windows\$hf_mig$\KB2229593\update\update.exe + 2010-08-07 13:16 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB2229593\spuninst.exe + 2010-08-05 14:01 . 2010-06-14 14:38 744448 c:\windows\$hf_mig$\KB2229593\SP3QFE\helpsvc.exe + 2009-06-26 14:36 . 2010-04-06 02:52 2462720 c:\windows\system32\WMVCore.dll + 2009-06-26 14:22 . 2010-05-02 08:05 1851392 c:\windows\system32\win32k.sys - 2009-06-26 14:22 . 2009-10-29 07:41 1168384 c:\windows\system32\urlmon.dll + 2009-06-26 14:22 . 2010-05-04 17:14 1168384 c:\windows\system32\urlmon.dll + 2009-06-26 14:22 . 2010-07-27 06:29 8503296 c:\windows\system32\shell32.dll + 2009-06-26 14:22 . 2010-02-05 18:25 1297408 c:\windows\system32\quartz.dll + 2009-06-26 14:30 . 2010-02-16 19:04 2148864 c:\windows\system32\ntoskrnl.exe + 2008-04-14 07:30 . 2010-02-16 19:04 2027008 c:\windows\system32\ntkrnlpa.exe + 2009-06-26 14:23 . 2010-05-04 17:14 3600384 c:\windows\system32\mshtml.dll + 2007-08-13 16:54 . 2010-05-04 17:14 6067200 c:\windows\system32\ieframe.dll - 2007-08-13 16:54 . 2009-10-29 07:40 6067200 c:\windows\system32\ieframe.dll + 2009-06-26 14:36 . 2010-04-06 02:52 2462720 c:\windows\system32\dllcache\WMVCore.dll + 2009-06-26 14:22 . 2010-05-02 08:05 1851392 c:\windows\system32\dllcache\win32k.sys + 2009-06-26 14:22 . 2010-05-04 17:14 1168384 c:\windows\system32\dllcache\urlmon.dll - 2009-06-26 14:22 . 2009-10-29 07:41 1168384 c:\windows\system32\dllcache\urlmon.dll + 2009-06-26 14:22 . 2010-07-27 06:29 8503296 c:\windows\system32\dllcache\shell32.dll + 2009-06-26 14:22 . 2010-02-05 18:25 1297408 c:\windows\system32\dllcache\quartz.dll + 2009-09-18 14:08 . 2010-02-17 12:04 2192256 c:\windows\system32\dllcache\ntoskrnl.exe + 2009-09-18 14:08 . 2010-02-16 19:04 2027008 c:\windows\system32\dllcache\ntkrpamp.exe + 2009-02-10 17:03 . 2010-02-16 19:04 2069120 c:\windows\system32\dllcache\ntkrnlpa.exe + 2009-09-18 14:08 . 2010-02-16 19:04 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe + 2009-09-18 19:16 . 2010-01-29 14:59 1315328 c:\windows\system32\dllcache\msoe.dll - 2009-09-18 19:16 . 2009-07-10 13:26 1315328 c:\windows\system32\dllcache\msoe.dll + 2009-06-26 14:23 . 2010-05-04 17:14 3600384 c:\windows\system32\dllcache\mshtml.dll - 2009-09-18 19:16 . 2008-04-14 12:00 3558912 c:\windows\system32\dllcache\moviemk.exe + 2009-09-18 19:16 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe - 2009-09-18 15:03 . 2009-10-29 07:40 6067200 c:\windows\system32\dllcache\ieframe.dll + 2009-09-18 15:03 . 2010-05-04 17:14 6067200 c:\windows\system32\dllcache\ieframe.dll + 2009-11-06 23:06 . 2009-11-06 23:06 1130824 c:\windows\system32\dfshim.dll + 2010-04-07 21:48 . 2010-04-07 21:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll - 2008-11-25 02:59 . 2008-11-25 02:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll + 2010-03-23 03:32 . 2010-03-23 03:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll + 2010-03-23 03:32 . 2010-03-23 03:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll + 2010-04-01 09:42 . 2010-04-01 09:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll - 2008-05-28 00:35 . 2008-05-28 00:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll - 2008-05-28 00:35 . 2008-05-28 00:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll + 2010-04-01 09:42 . 2010-04-01 09:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll - 2008-05-27 23:48 . 2008-05-27 23:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll + 2010-03-31 12:50 . 2010-03-31 12:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll + 2010-03-31 12:50 . 2010-03-31 12:50 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll + 2010-04-01 09:42 . 2010-04-01 09:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll - 2008-05-27 23:43 . 2008-05-27 23:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll + 2010-04-11 20:17 . 2010-04-11 20:17 2607104 c:\windows\Installer\e33692.msp + 2010-04-11 20:17 . 2010-04-11 20:17 4210688 c:\windows\Installer\e33691.msp + 2009-11-08 22:25 . 2009-11-08 22:25 1935360 c:\windows\Installer\540b9ba.msp + 2010-08-05 15:07 . 2009-10-29 07:41 1168384 c:\windows\ie7updates\KB982381-IE7\urlmon.dll + 2010-08-05 15:07 . 2009-10-29 07:41 3598336 c:\windows\ie7updates\KB982381-IE7\mshtml.dll + 2010-08-05 15:07 . 2009-10-29 07:40 6067200 c:\windows\ie7updates\KB982381-IE7\ieframe.dll + 2009-09-18 14:08 . 2010-02-17 12:04 2192256 c:\windows\Driver Cache\i386\ntoskrnl.exe + 2009-09-18 14:08 . 2010-02-16 19:04 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe + 2009-02-10 17:03 . 2010-02-16 19:04 2069120 c:\windows\Driver Cache\i386\ntkrnlpa.exe + 2009-09-18 14:08 . 2010-02-16 19:04 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2010-08-07 13:18 . 2010-08-07 13:18 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_a90c7409\System.dll + 2010-08-07 13:19 . 2010-08-07 13:19 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_7d65d340\System.dll + 2010-08-07 13:20 . 2010-08-07 13:20 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_acf52bc9\System.Xml.dll + 2010-08-07 13:19 . 2010-08-07 13:19 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_74caf9ea\System.Xml.dll + 2010-08-07 13:18 . 2010-08-07 13:18 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_b3f7ca5b\System.Windows.Forms.dll + 2010-08-07 13:19 . 2010-08-07 13:19 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_1ee62eac\System.Windows.Forms.dll + 2010-08-07 13:20 . 2010-08-07 13:20 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_8ceb0cb0\System.Drawing.dll + 2010-08-07 13:19 . 2010-08-07 13:19 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_b36026ff\System.Design.dll + 2010-08-07 13:20 . 2010-08-07 13:20 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_985a03f1\System.Design.dll + 2010-08-07 13:19 . 2010-08-07 13:19 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_88f407bf\mscorlib.dll + 2010-08-07 13:20 . 2010-08-07 13:20 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_40351960\mscorlib.dll + 2010-08-07 13:13 . 2010-08-07 13:13 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d63164ac4ed5adabc6a1b0fdf07eee05\WindowsBase.ni.dll + 2010-08-07 13:17 . 2010-08-07 13:17 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\d8549ce90b26cdc3071224ab6f020189\UIAutomationClientsideProviders.ni.dll + 2010-08-05 15:14 . 2010-08-05 15:14 7946240 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2AB.tmp\System.dll + 2010-08-06 12:40 . 2010-08-06 12:40 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll + 2010-08-06 12:48 . 2010-08-06 12:48 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll + 2010-08-06 13:20 . 2010-08-06 13:20 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\016b75f60a18535c8d6b3e5d861ab559\System.WorkflowServices.ni.dll + 2010-08-06 13:20 . 2010-08-06 13:20 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6dacae37d337004345518976fb57099e\System.Workflow.Runtime.ni.dll + 2010-08-06 13:20 . 2010-08-06 13:20 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c7b832bbc5bb11c6c7f128c801ce90d7\System.Workflow.ComponentModel.ni.dll + 2010-08-06 13:20 . 2010-08-06 13:20 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\b9ea6ea910293cd6f13f765775867ebd\System.Workflow.Activities.ni.dll + 2010-08-06 13:20 . 2010-08-06 13:20 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8ef8d556899a4a10b7f288a80925489f\System.Web.Services.ni.dll + 2010-08-06 13:20 . 2010-08-06 13:20 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\5dfda43f1991ee6ba345d62b2be4801c\System.Web.Mobile.ni.dll + 2010-08-06 13:19 . 2010-08-06 13:19 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f08b3b8cdf548e3dfe61f342536175eb\System.Web.Extensions.ni.dll + 2010-08-06 12:47 . 2010-08-06 12:47 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2d6a5dbee4506bf643b853e41668afa3\System.Speech.ni.dll + 2010-08-06 13:18 . 2010-08-06 13:18 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\169fe0ad9d59982a2a6b89779c09885b\System.ServiceModel.Web.ni.dll + 2010-08-06 13:11 . 2010-08-06 13:11 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8b2710a63ecd363315ef16b257588b95\System.Runtime.Serialization.ni.dll + 2010-08-07 13:17 . 2010-08-07 13:17 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\af217ef58e5558991f331d482c2bdba6\System.Printing.ni.dll + 2010-08-06 13:11 . 2010-08-06 13:11 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\ad4fb86064d7a1ebcb9ee997e7208ac1\System.IdentityModel.ni.dll + 2010-08-06 12:47 . 2010-08-06 12:47 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll + 2010-08-06 13:18 . 2010-08-06 13:18 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7deab2494d53763cd83c567e71e0d8e0\System.DirectoryServices.ni.dll + 2010-08-06 13:18 . 2010-08-06 13:18 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\b81efadfee7702624b713c6d86f7e369\System.Deployment.ni.dll + 2010-08-06 12:46 . 2010-08-06 12:46 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\50130ef751b98a4a11bd4ab73af7cab5\System.Data.ni.dll + 2010-08-06 13:14 . 2010-08-06 13:14 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f71abf392c5ca05a4e46a5d1c4c72856\System.Data.SqlXml.ni.dll + 2010-08-06 13:17 . 2010-08-06 13:17 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\5e6311aff5ada83d0f854922fa62faf6\System.Data.Services.ni.dll + 2010-08-06 12:46 . 2010-08-06 12:46 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3ba3367d03779ad6e76c5d4cdfe572a\System.Data.Linq.ni.dll + 2010-08-06 13:17 . 2010-08-06 13:17 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6abf820d8ec57a0561c3367727d274df\System.Data.Entity.ni.dll + 2010-08-06 12:46 . 2010-08-06 12:46 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e98726349766935ec0e9b980f19a046a\System.Core.ni.dll + 2010-08-07 13:17 . 2010-08-07 13:17 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\57abb757c1f38586390dcc63bf056322\ReachFramework.ni.dll + 2010-08-07 13:17 . 2010-08-07 13:17 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\0095ba60255d4addaf5b8ebee697a027\PresentationUI.ni.dll + 2010-08-06 12:41 . 2010-08-06 12:41 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\20ef773b20f6ce721ae60e5c2c2e8f80\PresentationBuildTasks.ni.dll + 2010-08-06 13:14 . 2010-08-06 13:14 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\935b855860088a86bb65d37a19f059cc\Microsoft.VisualBasic.ni.dll + 2010-08-06 13:13 . 2010-08-06 13:13 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7a266de493d30eed21cb60ebe300be53\Microsoft.Transactions.Bridge.ni.dll + 2010-08-06 13:18 . 2010-08-06 13:18 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\9db8f9f7fe63ca4451bb5316a3ebb009\Microsoft.JScript.ni.dll + 2010-08-06 13:14 . 2010-08-06 13:14 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\c96be82d6cb00367db4e3553272165ef\Microsoft.Build.Tasks.v3.5.ni.dll + 2010-08-06 13:14 . 2010-08-06 13:14 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3815de5b052187b5d9375681a6784255\Microsoft.Build.Tasks.ni.dll + 2010-08-06 13:14 . 2010-08-06 13:14 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\43fc6723d08e9ce88701c29653efd224\Microsoft.Build.Engine.ni.dll + 2010-08-07 13:13 . 2010-08-07 13:13 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll + 2010-08-07 13:12 . 2010-08-07 13:12 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll + 2010-08-07 13:12 . 2010-08-07 13:12 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll - 2009-12-02 15:33 . 2009-12-02 15:33 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll + 2010-08-07 13:11 . 2010-08-07 13:11 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - 2009-12-02 15:32 . 2009-12-02 15:32 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll + 2010-08-05 15:14 . 2010-08-05 15:14 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll - 2009-12-02 15:32 . 2009-12-02 15:32 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll + 2010-08-07 13:12 . 2010-08-07 13:12 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll + 2010-08-07 13:13 . 2010-08-07 13:13 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll + 2010-08-07 13:11 . 2010-08-07 13:11 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll - 2009-12-02 15:32 . 2009-12-02 15:32 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll - 2009-12-02 15:33 . 2009-12-02 15:33 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll + 2010-08-07 13:12 . 2010-08-07 13:12 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll - 2009-09-21 12:01 . 2009-09-21 12:01 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll + 2010-08-07 13:13 . 2010-08-07 13:13 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll - 2009-12-02 15:33 . 2009-12-02 15:33 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll + 2010-08-07 13:12 . 2010-08-07 13:12 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll - 2009-12-02 15:23 . 2009-12-02 15:23 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll + 2010-08-07 13:18 . 2010-08-07 13:18 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll + 2010-08-07 13:18 . 2010-08-07 13:18 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll - 2009-12-02 15:23 . 2009-12-02 15:23 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll + 2010-08-07 13:18 . 2009-08-04 17:26 2147840 c:\windows\$NtUninstallKB979683$\ntoskrnl.exe + 2010-08-07 13:18 . 2009-08-04 17:25 2026496 c:\windows\$NtUninstallKB979683$\ntkrpamp.exe + 2010-08-07 13:18 . 2009-08-04 17:25 2026496 c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe + 2010-08-07 13:18 . 2009-08-04 17:26 2147840 c:\windows\$NtUninstallKB979683$\ntkrnlmp.exe + 2010-08-07 13:07 . 2009-08-14 15:10 1850752 c:\windows\$NtUninstallKB979559$\win32k.sys + 2010-08-07 13:07 . 2009-05-20 02:56 2458112 c:\windows\$NtUninstallKB978695_WM9$\wmvcore.dll + 2010-08-07 13:06 . 2009-07-10 13:26 1315328 c:\windows\$NtUninstallKB978542$\msoe.dll + 2010-08-07 13:06 . 2009-06-03 19:09 1296896 c:\windows\$NtUninstallKB975562$\quartz.dll + 2010-08-07 13:08 . 2008-04-14 12:00 3558912 c:\windows\$NtUninstallKB975561$\moviemk.exe + 2010-08-07 13:06 . 2008-06-17 19:00 8502272 c:\windows\$NtUninstallKB2286198$\shell32.dll + 2010-05-04 16:48 . 2010-05-04 16:48 1171968 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\urlmon.dll + 2010-05-04 16:48 . 2010-05-04 16:48 3603456 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\mshtml.dll + 2010-05-04 16:48 . 2010-05-04 16:48 6071296 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieframe.dll + 2010-08-05 14:01 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieapfltr.dat + 2010-08-05 14:01 . 2010-02-16 18:58 2192384 c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe + 2010-08-05 14:01 . 2010-02-16 18:58 2027008 c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrpamp.exe + 2010-08-05 14:01 . 2010-02-16 18:58 2069248 c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe + 2010-08-05 14:01 . 2010-02-16 18:58 2148864 c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlmp.exe + 2010-05-02 08:00 . 2010-05-02 08:00 1860480 c:\windows\$hf_mig$\KB979559\SP3QFE\win32k.sys + 2010-01-29 14:53 . 2010-01-29 14:53 1315328 c:\windows\$hf_mig$\KB978542\SP3QFE\msoe.dll + 2010-02-05 18:28 . 2010-02-05 18:28 1297408 c:\windows\$hf_mig$\KB975562\SP3QFE\quartz.dll + 2010-08-05 14:01 . 2009-10-23 14:53 3558912 c:\windows\$hf_mig$\KB975561\SP3QFE\moviemk.exe + 2009-11-27 17:23 . 2009-11-27 17:23 1297408 c:\windows\$hf_mig$\KB975560\SP3QFE\quartz.dll + 2010-07-27 06:27 . 2010-07-27 06:27 8504320 c:\windows\$hf_mig$\KB2286198\SP3QFE\shell32.dll + 2009-09-18 14:47 . 2010-07-02 10:39 34045896 c:\windows\system32\MRT.exe + 2010-04-02 17:29 . 2010-04-02 17:29 11413504 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp + 2010-04-11 20:17 . 2010-04-11 20:17 14599680 c:\windows\Installer\e336a0.msp + 2010-04-02 10:30 . 2010-04-02 10:30 17456640 c:\windows\Installer\540b9de.msp + 2010-03-30 23:23 . 2010-03-30 23:23 15638528 c:\windows\Installer\540b9c6.msp + 2010-08-06 12:48 . 2010-08-06 12:48 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll + 2010-08-06 13:19 . 2010-08-06 13:19 11797504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da92e212a374232c2\System.Web.ni.dll + 2010-08-06 13:13 . 2010-08-06 13:13 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8b74f2fe3f3632f95ff4ddb8c4839a1e\System.ServiceModel.ni.dll + 2010-08-06 12:47 . 2010-08-06 12:47 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f352c5cb50bee105e4c873ca050f9f46\System.Design.ni.dll + 2010-08-07 13:16 . 2010-08-07 13:16 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\560662ada034afb6ec78a152bd9a47b5\PresentationFramework.ni.dll + 2010-08-07 13:15 . 2010-08-07 13:15 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9f5dff344ac6ac923b5ade8ba1ab9382\PresentationCore.ni.dll . -- Snapshot auf jetziges Datum zurückgesetzt -- . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\programme\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\programme\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-07-15 33636352] "Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-09-21 148888] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\dokumente und einstellungen\***\Startmen\Programme\Autostart\ OpenOffice.org 3.1.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000] c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\ Windows Search.lnk - c:\programme\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programme\\Warcraft III\\Warcraft III.exe"= R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [18.09.2009 16:26 1381632] S3 gUSBSTOi;gUSBSTOi;\??\c:\dokume~1\***\LOKALE~1\Temp\gUSBSTOi.sys --> c:\dokume~1\***\LOKALE~1\Temp\gUSBSTOi.sys [?] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06.12.2009 18:12 717296] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ uInternet Settings,ProxyOverride = <local> FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\165y198c.default\ FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); . . Zeit der Fertigstellung: 2010-10-05 22:45:37 ComboFix-quarantined-files.txt 2010-10-05 20:45 ComboFix2.txt 2010-08-04 21:20 Vor Suchlauf: 9 Verzeichnis(se), 115.811.844.096 Bytes frei Nach Suchlauf: 11 Verzeichnis(se), 115.825.897.472 Bytes frei - - End Of File - - F076009243534A0D2A203EDF959E154C |
06.10.2010, 10:04 | #13 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Virus/Rootki Problem:R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyS Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= Driver:: gUSBSTOi 4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet. 6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
06.10.2010, 19:41 | #14 |
| Virus/Rootki Problem:R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyS Sohooo here we go: [code] Combofix Logfile: Code:
ATTFilter ComboFix 10-10-05.06 - Dome 06.10.2010 20:10:10.3.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1015.568 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\Dome\Desktop\Cofi.exe Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Dome\Desktop\CFScript.txt . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_GUSBSTOI -------\Service_gUSBSTOi ((((((((((((((((((((((( Dateien erstellt von 2010-09-06 bis 2010-10-06 )))))))))))))))))))))))))))))) . 2010-10-05 20:28 . 2010-10-05 20:28 -------- d-----w- c:\programme\CCleaner 2010-10-04 19:03 . 2010-10-04 19:03 -------- d-----w- c:\dokumente und einstellungen\Dome\Anwendungsdaten\Uniblue . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-11 20:15 . 2009-11-29 11:58 1 ----a-w- c:\dokumente und einstellungen\Dome\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-08-07 13:12 . 2009-06-26 14:36 477784 ----a-w- c:\windows\system32\perfh007.dat 2010-08-07 13:12 . 2009-06-26 14:36 92164 ----a-w- c:\windows\system32\perfc007.dat . ((((((((((((((((((((((((((((( SnapShot_2010-10-05_20.43.38 ))))))))))))))))))))))))))))))))))))))))) . + 2010-10-06 18:14 . 2010-10-06 18:14 16384 c:\windows\Temp\Perflib_Perfdata_540.dat . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\programme\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\programme\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-07-15 33636352] "Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-09-21 148888] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\dokumente und einstellungen\Dome\Startmen\Programme\Autostart\ OpenOffice.org 3.1.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000] c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\ Windows Search.lnk - c:\programme\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programme\\Warcraft III\\Warcraft III.exe"= R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [18.09.2009 16:26 1381632] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06.12.2009 18:12 717296] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ uInternet Settings,ProxyOverride = <local> FF - ProfilePath - c:\dokumente und einstellungen\Dome\Anwendungsdaten\Mozilla\Firefox\Profiles\165y198c.default\ FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); . . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'explorer.exe'(2700) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\programme\Java\jre6\bin\jqs.exe c:\windows\system32\SearchIndexer.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe c:\windows\system32\igfxsrvc.exe c:\programme\OpenOffice.org 3\program\soffice.exe c:\programme\OpenOffice.org 3\program\soffice.bin . ************************************************************************** . Zeit der Fertigstellung: 2010-10-06 20:18:39 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2010-10-06 18:18 ComboFix2.txt 2010-10-05 20:45 ComboFix3.txt 2010-08-04 21:20 Vor Suchlauf: 10 Verzeichnis(se), 116.074.700.800 Bytes frei Nach Suchlauf: 11 Verzeichnis(se), 116.058.734.592 Bytes frei - - End Of File - - A063CCDF8FBE27B3884C881AF7D7E912 Gruß Demonico |
06.10.2010, 20:34 | #15 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Virus/Rootki Problem:R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyS Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. (das letzte GMER Log ist auch schon 2 Monate alt ) GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Virus/Rootki Problem:R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyS |
0x00000001, bearbeitung, components, controlset002, desktop, error, firefox, format, frage, giga.de, hal.dll, hijack, hijackthis, hkus\s-1-5-18, home, homepage, internet, internet explorer, location, logfile, mozilla, nicht sicher, nodrives, object, oldtimer, problem, proxy, realtek, registry, rootkit, rootkit gmer rootrepeal hjt otl, searchplugins, security, software, sptd.sys, system, usbport.sys, windows, windows xp |