Virus/Rootki Problem:R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyS

Demonico · 04.10.2010, 17:16

Hallo! neues Mitglied erbittet Hilfe bei Problem ^^

Also mit diesem Problem habe ich mich zunächst an ein anderer Forum (ja Schande über mich) gewandt (Giga.de). Dort hat man mir auch früher schonmal geholfen. Die größten Schwierigkeiten konnte ich mit deren Hilfe auch beseitigen =)
ABER als es dann zu den letzten Schritten kam wurden mein Problem und ich wohl vergessen

und mir wäre das irgendwie unangenehm, meinen Helfer extra zu errinnern...
Aufjedenfall vermute ich, dass sich noch immer auf meinem Netbook ein Rootkit befindet und ich kriegs nicht weg >.> Ich bin mir jetzt ehrlich gesagt nicht sicher ob ich die gesamte Vorgeschichte meines Viruses auch posten sollte... Das lasse ich erstmal... auf Anfrage, werd ich das aber natürlich nachholen! Im Folgenden werde ich dann ein HJT Logfile, ein neues OTL und von den letzten Scans, die ich im Rahmen der letzten Bearbeitung bei Giga.de ausführen sollte hochladen.

--HJT Logfile mit Verweis auf mein Problem:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:05:22, on 04.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programme\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\OpenOffice.org 3\program\soffice.exe
C:\Programme\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Java\jre6\bin\jucheck.exe
C:\Dokumente und Einstellungen\***\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O4 - HKLM\..\Run: [HDAudDeck] C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Windows Search.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe

--
End of file - 4267 bytes

Wie schon im Titel genannt liegt mein Problem wohl hier:

Code:

ATTFilter

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555

-------------------

---OTL Logfiles neueste:
OTL.txt

Code:

ATTFilter

OTL logfile created on: 04.10.2010 17:39:50 - Run 7
OTL by OldTimer - Version 3.2.5.0     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.015,00 Mb Total Physical Memory | 457,00 Mb Available Physical Memory | 45,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,05 Gb Total Space | 104,21 Gb Free Space | 69,92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NETBOOK
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.08.19 14:29:30 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.05.21 17:01:17 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
PRC - [2010.05.21 13:29:08 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\***\Desktop\HiJackThis.exe
PRC - [2009.09.21 14:07:11 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre6\bin\jucheck.exe
PRC - [2009.04.23 06:47:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2009.04.23 06:46:40 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2008.08.08 14:11:12 | 000,490,952 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\daemon.exe
PRC - [2008.05.26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Desktop Search\WindowsSearch.exe
PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.05.21 17:01:17 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
MOD - [2008.04.14 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2004.10.22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.02.11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009.12.06 19:02:50 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.12.06 19:02:49 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.12.06 18:12:52 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.07.10 11:03:04 | 001,381,632 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008.07.10 10:33:00 | 000,306,176 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8187Se.sys -- (rtl8187Se)
DRV - [2008.04.14 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.04.14 01:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2008.02.15 13:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.19 14:29:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.19 14:29:43 | 000,000,000 | ---D | M]
 
[2009.12.02 18:48:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2010.10.04 17:12:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\165y198c.default\extensions
[2009.12.03 00:23:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Dome\Anwendungsdaten\Mozilla\Firefox\Profiles\165y198c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.29 09:38:13 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.08.19 14:29:35 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.19 14:29:35 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.19 14:29:35 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.19 14:29:35 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.19 14:29:35 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.04 23:16:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows Search.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.09.18 21:19:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.04 16:57:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.10.04 16:57:40 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.10.04 16:57:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.04 16:57:30 | 1064,685,568 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.05 01:07:35 | 003,932,160 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT
[2010.09.05 01:07:35 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini
[2010.09.05 01:07:29 | 005,359,762 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\IconCache.db
 
========== Files Created - No Company Name ==========
 
[2009.12.12 18:24:05 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009.12.06 18:12:52 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.11.28 22:55:46 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009.11.28 22:55:39 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009.09.22 14:31:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009.09.21 10:45:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Belinea.ini
[2009.09.18 14:13:29 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2009.06.26 16:51:30 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.05.26 22:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 22:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 22:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008.02.15 13:21:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
 
========== LOP Check ==========
 
[2010.08.05 08:32:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\96B0EE00D6ADE293A7082DD46387B32C
[2009.12.06 18:12:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools
[2009.11.29 13:57:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org
[2009.11.29 13:11:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ScummVM
[2009.12.21 14:14:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Teeworlds
[2009.09.21 15:13:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Desktop Search
[2009.11.30 18:29:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Search
 
========== Purity Check ==========
 
 
< End of report >

Extra.txt:

Code:

ATTFilter

OTL logfile created on: 04.10.2010 17:39:50 - Run 7
OTL by OldTimer - Version 3.2.5.0     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.015,00 Mb Total Physical Memory | 457,00 Mb Available Physical Memory | 45,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,05 Gb Total Space | 104,21 Gb Free Space | 69,92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NETBOOK
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.08.19 14:29:30 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.05.21 17:01:17 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
PRC - [2010.05.21 13:29:08 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\***\Desktop\HiJackThis.exe
PRC - [2009.09.21 14:07:11 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre6\bin\jucheck.exe
PRC - [2009.04.23 06:47:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2009.04.23 06:46:40 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2008.08.08 14:11:12 | 000,490,952 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\daemon.exe
PRC - [2008.05.26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Desktop Search\WindowsSearch.exe
PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.05.21 17:01:17 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
MOD - [2008.04.14 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2004.10.22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.02.11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009.12.06 19:02:50 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.12.06 19:02:49 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.12.06 18:12:52 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.07.10 11:03:04 | 001,381,632 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008.07.10 10:33:00 | 000,306,176 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8187Se.sys -- (rtl8187Se)
DRV - [2008.04.14 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.04.14 01:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2008.02.15 13:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.19 14:29:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.19 14:29:43 | 000,000,000 | ---D | M]
 
[2009.12.02 18:48:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2010.10.04 17:12:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\165y198c.default\extensions
[2009.12.03 00:23:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\165y198c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.29 09:38:13 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.08.19 14:29:35 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.19 14:29:35 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.19 14:29:35 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.19 14:29:35 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.19 14:29:35 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.04 23:16:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows Search.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.09.18 21:19:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========

 
========== Files - Modified Within 30 Days ==========
 
[2010.10.04 16:57:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.10.04 16:57:40 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.10.04 16:57:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.04 16:57:30 | 1064,685,568 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.05 01:07:35 | 003,932,160 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT
[2010.09.05 01:07:35 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini
[2010.09.05 01:07:29 | 005,359,762 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\IconCache.db
 
========== Files Created - No Company Name ==========
 
[2009.12.12 18:24:05 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009.12.06 18:12:52 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.11.28 22:55:46 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009.11.28 22:55:39 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009.09.22 14:31:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009.09.21 10:45:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Belinea.ini
[2009.09.18 14:13:29 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2009.06.26 16:51:30 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.05.26 22:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 22:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 22:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008.02.15 13:21:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
 
========== LOP Check ==========
 
[2010.08.05 08:32:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\96B0EE00D6ADE293A7082DD46387B32C
[2009.12.06 18:12:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools
[2009.11.29 13:57:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org
[2009.11.29 13:11:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ScummVM
[2009.12.21 14:14:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Teeworlds
[2009.09.21 15:13:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Desktop Search
[2009.11.30 18:29:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Search
 
========== Purity Check ==========
< End of report >

--------------------------

So nun das interessantere und zwar hab ich da noch 2 weitere Scans.
Einmal von GMER das von GMER ist etwas älter... aber ich hab seitdem wirklich nichts an meinem Netbook gemacht also wird sich da doch nichts geändert haben, denke ich. Naja und dann eben noch von RootRepeal.

das erste Logfile vom automatische Scan von GMER:

Code:

ATTFilter

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit quick scan 2010-08-09 19:47:09
Windows 5.1.2600 Service Pack 3
Running: s11580co.exe; Driver: C:\DOKUME~1\***\LOKALE~1\Temp\uwldqpog.sys


---- System - GMER 1.0.15 ----

SSDT    spsj.sys                ZwEnumerateKey [0xF73A6CA2]
SSDT    spsj.sys                ZwEnumerateValueKey [0xF73A7030]

---- Devices - GMER 1.0.15 ----

Device  \FileSystem\Ntfs \Ntfs  865681F8

---- EOF - GMER 1.0.15 ----

Dann das ausführliche, mit den Häkchen an: Drivers,Files,Processes,SSDT,Stealth Objects,Hidden Services,Shadow SSDT

Code:

ATTFilter

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-09 21:09:59
Windows 5.1.2600 Service Pack 3
Running: s11580co.exe; Driver: C:\DOKUME~1\***\LOKALE~1\Temp\uwldqpog.sys

---- System - GMER 1.0.15 ----

SSDT      spmv.sys                                                                                                             ZwCreateKey [0xF73880E0]
SSDT      spmv.sys                                                                                                             ZwEnumerateKey [0xF73A6CA2]
SSDT      spmv.sys                                                                                                             ZwEnumerateValueKey [0xF73A7030]
SSDT      spmv.sys                                                                                                             ZwOpenKey [0xF73880C0]
SSDT      spmv.sys                                                                                                             ZwQueryKey [0xF73A7108]
SSDT      spmv.sys                                                                                                             ZwQueryValueKey [0xF73A6F88]
SSDT      spmv.sys                                                                                                             ZwSetValueKey [0xF73A719A]

INT 0x62  ?                                                                                                                    86569BF8
INT 0x63  ?                                                                                                                    86548BF8
INT 0x82  ?                                                                                                                    86569BF8
INT 0xA4  ?                                                                                                                    86548BF8
INT 0xB4  ?                                                                                                                    86548BF8

---- Kernel code sections - GMER 1.0.15 ----

?         spmv.sys                                                                                                             Das System kann die angegebene Datei nicht finden. !
.text     USBPORT.SYS!DllUnload                                                                                                F6B7C8AC 5 Bytes  JMP 865481D8 
.text     axvjomqf.SYS                                                                                                         F6B2D386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]
.text     axvjomqf.SYS                                                                                                         F6B2D3AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]
.text     axvjomqf.SYS                                                                                                         F6B2D3C4 3 Bytes  [00, 70, 02] {ADD [EAX+0x2], DH}
.text     axvjomqf.SYS                                                                                                         F6B2D3C9 1 Byte  [2E]
.text     axvjomqf.SYS                                                                                                         F6B2D3C9 11 Bytes  [2E, 00, 00, 00, 5A, 02, 00, ...]
.text     ...                                                                                                                  
.text     C:\WINDOWS\system32\DRIVERS\atksgt.sys                                                                               section is writeable [0xA9ED5300, 0x3B6D8, 0xE8000020]
.text     C:\WINDOWS\system32\DRIVERS\lirsgt.sys                                                                               section is writeable [0xF78D0300, 0x1BEE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text     C:\WINDOWS\system32\SearchIndexer.exe[1480] kernel32.dll!WriteFile                                                   7C810E27 7 Bytes  JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT       atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                   [F7389040] spmv.sys
IAT       atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                           [F738913C] spmv.sys
IAT       atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                  [F73890BE] spmv.sys
IAT       atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                          [F73897FC] spmv.sys
IAT       atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                  [F73896D2] spmv.sys
IAT       \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                   [F7399048] spmv.sys
IAT       \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!KfAcquireSpinLock]                                                 C0840CEC
IAT       \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!READ_PORT_UCHAR]                                                   053C0D74
IAT       \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!KeGetCurrentIrql]                                                  57B80974
IAT       \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!KfRaiseIrql]                                                       8B000000
IAT       \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!KfLowerIrql]                                                       56C35DE5
IAT       \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!HalGetInterruptVector]                                             8D08758B
IAT       \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!HalTranslateBusAddress]                                            8D51FC4D
IAT       \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!KeStallExecutionProcessor]                                         8D52FD55
IAT       \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!KfReleaseSpinLock]                                                 8D51FE4D
IAT       \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                           8D52FF55
IAT       \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!READ_PORT_USHORT]                                                  8D51F84D
IAT       \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                          5052F455
IAT       \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                  EACAE856
IAT       \SystemRoot\System32\Drivers\axvjomqf.SYS[WMILIB.SYS!WmiSystemControl]                                               0FC08520
IAT       \SystemRoot\System32\Drivers\axvjomqf.SYS[WMILIB.SYS!WmiCompleteRequest]                                             0001B185

---- Devices - GMER 1.0.15 ----

Device    \FileSystem\Ntfs \Ntfs                                                                                               865681F8
Device    \Driver\usbehci \Device\USBPDO-0                                                                                     865311F8
Device    \Driver\NetBT \Device\NetBT_Tcpip_{F17C00ED-C6BC-49D5-A2F0-861DDAB418DF}                                             86004500
Device    \Driver\usbuhci \Device\USBPDO-1                                                                                     864F51F8
Device    \Driver\usbuhci \Device\USBPDO-2                                                                                     864F51F8
Device    \Driver\PCI_PNP9360 \Device\00000046                                                                                 spmv.sys
Device    \Driver\usbuhci \Device\USBPDO-3                                                                                     864F51F8
Device    \Driver\usbuhci \Device\USBPDO-4                                                                                     864F51F8
Device    \Driver\Ftdisk \Device\HarddiskVolume1                                                                               865DA1F8
Device    \Driver\Cdrom \Device\CdRom0                                                                                         863E41F8
Device    \Driver\Cdrom \Device\CdRom1                                                                                         863E41F8
Device    \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                          [F7301B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort0                                                                                   [F7301B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort1                                                                                   [F7301B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\Cdrom \Device\CdRom2                                                                                         863E41F8
Device    \Driver\Cdrom \Device\CdRom3                                                                                         863E41F8
Device    \Driver\NetBT \Device\NetBt_Wins_Export                                                                              86004500
Device    \Driver\NetBT \Device\NetbiosSmb                                                                                     86004500
Device    \Driver\NetBT \Device\NetBT_Tcpip_{07E6D699-3D91-4155-AC03-B124EE196EF2}                                             86004500
Device    \Driver\usbuhci \Device\USBFDO-0                                                                                     864F51F8
Device    \Driver\usbuhci \Device\USBFDO-1                                                                                     864F51F8
Device    \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                    85E53500
Device    \Driver\usbuhci \Device\USBFDO-2                                                                                     864F51F8
Device    \FileSystem\MRxSmb \Device\LanmanRedirector                                                                          85E53500
Device    \Driver\usbuhci \Device\USBFDO-3                                                                                     864F51F8
Device    \Driver\usbehci \Device\USBFDO-4                                                                                     865311F8
Device    \Driver\Ftdisk \Device\FtControl                                                                                     865DA1F8
Device    \Driver\sptd \Device\427218110                                                                                       spmv.sys
Device    \Driver\axvjomqf \Device\Scsi\axvjomqf1Port2Path0Target0Lun0                                                         86422500
Device    \Driver\axvjomqf \Device\Scsi\axvjomqf1                                                                              86422500
Device    \Driver\axvjomqf \Device\Scsi\axvjomqf1Port2Path0Target2Lun0                                                         86422500
Device    \Driver\axvjomqf \Device\Scsi\axvjomqf1Port2Path0Target3Lun0                                                         86422500
Device    \Driver\axvjomqf \Device\Scsi\axvjomqf1Port2Path0Target1Lun0                                                         86422500
Device    \FileSystem\Cdfs \Cdfs                                                                                               85E3C500

---- Registry - GMER 1.0.15 ----

Reg       HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg       HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools Lite\
Reg       HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg       HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0xCF 0x91 0x43 0x7F ...
Reg       HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        
Reg       HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...
Reg       HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xA4 0x3E 0x42 0x54 ...
Reg       HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  
Reg       HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0xA2 0x68 0x37 0x43 ...
Reg       HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)  
Reg       HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0xF8 0xCE 0xB2 0xD1 ...
Reg       HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)  
Reg       HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh                    0x42 0x99 0x13 0xCC ...
Reg       HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)  
Reg       HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh                    0x37 0x77 0xC2 0x6E ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools Lite\
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0xCF 0x91 0x43 0x7F ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xA4 0x3E 0x42 0x54 ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0xA2 0x68 0x37 0x43 ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)  
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0xF8 0xCE 0xB2 0xD1 ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)  
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh                    0x42 0x99 0x13 0xCC ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)  
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh                    0x37 0x77 0xC2 0x6E ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                   771343423
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                   285507792
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                   1
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                     
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  C:\Programme\DAEMON Tools Lite\
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                               0xCF 0x91 0x43 0x7F ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                            
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                         0x20 0x01 0x00 0x00 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0xA4 0x3E 0x42 0x54 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                      
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0xA2 0x68 0x37 0x43 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41                      
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                0xF8 0xCE 0xB2 0xD1 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42                      
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh                0x42 0x99 0x13 0xCC ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43                      
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh                0x37 0x77 0xC2 0x6E ...

---- EOF - GMER 1.0.15 ----

-----------------------------------
UND last but not least von Rootrepeal, alle Häkchen aktiviert:

Code:

ATTFilter

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2010/10/04 18:04
Program Version:		Version 1.3.5.0
Windows Version:		Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA355000	Size: 98304	File Visible: No	Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7AB8000	Size: 8192	File Visible: No	Signed: -
Status: -

Name: PCI_PNP6070
Image Path: \Driver\PCI_PNP6070
Address: 0x00000000	Size: 0	File Visible: No	Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA957F000	Size: 49152	File Visible: No	Signed: -
Status: -

Name: spjc.sys
Image Path: spjc.sys
Address: 0xF7387000	Size: 1048576	File Visible: No	Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000	Size: 0	File Visible: No	Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\Dokumente und Einstellungen\Dome\Anwendungsdaten\Mozilla\Firefox\Profiles\165y198c.default\sessionstore.js
Status: Could not get file information (Error 0xc0000008)

SSDT
-------------------
#: 041	Function Name: NtCreateKey
Status: Hooked by "spjc.sys" at address 0xf73880e0

#: 071	Function Name: NtEnumerateKey
Status: Hooked by "spjc.sys" at address 0xf73a6ca2

#: 073	Function Name: NtEnumerateValueKey
Status: Hooked by "spjc.sys" at address 0xf73a7030

#: 119	Function Name: NtOpenKey
Status: Hooked by "spjc.sys" at address 0xf73880c0

#: 160	Function Name: NtQueryKey
Status: Hooked by "spjc.sys" at address 0xf73a7108

#: 177	Function Name: NtQueryValueKey
Status: Hooked by "spjc.sys" at address 0xf73a6f88

#: 247	Function Name: NtSetValueKey
Status: Hooked by "spjc.sys" at address 0xf73a719a

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System	Address: 0x865681f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System	Address: 0x865681f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System	Address: 0x865681f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System	Address: 0x865681f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x865681f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x865681f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System	Address: 0x865681f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System	Address: 0x865681f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x865681f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x865681f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x865681f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x865681f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x865681f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x865681f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x865681f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x865681f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System	Address: 0x865681f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x865681f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x865681f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x865681f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x865681f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System	Address: 0x865681f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System	Address: 0x8645a1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System	Address: 0x8645a1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8645a1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8645a1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System	Address: 0x8645a1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8645a1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System	Address: 0x8645a1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System	Address: 0x865da1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System	Address: 0x865da1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System	Address: 0x865da1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x865da1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x865da1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x865da1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x865da1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System	Address: 0x865da1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System	Address: 0x865da1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x865da1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System	Address: 0x865da1f8	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System	Address: 0x85e9a1f8	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System	Address: 0x85e9a1f8	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x85e9a1f8	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x85e9a1f8	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System	Address: 0x85e9a1f8	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System	Address: 0x85e9a1f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System	Address: 0x863cf1f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System	Address: 0x863cf1f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System	Address: 0x863cf1f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System	Address: 0x863cf1f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x863cf1f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x863cf1f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x863cf1f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x863cf1f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System	Address: 0x863cf1f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x863cf1f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System	Address: 0x863cf1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System	Address: 0x8652b3e8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System	Address: 0x8652b3e8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8652b3e8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8652b3e8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System	Address: 0x8652b3e8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8652b3e8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System	Address: 0x8652b3e8	Size: 121

Object: Hidden Code [Driver: ae4z893t؅䵃慄؁ఉ瑎捦܉@考, IRP_MJ_CREATE]
Process: System	Address: 0x864241f8	Size: 121

Object: Hidden Code [Driver: ae4z893t؅䵃慄؁ఉ瑎捦܉@考, IRP_MJ_CLOSE]
Process: System	Address: 0x864241f8	Size: 121

Object: Hidden Code [Driver: ae4z893t؅䵃慄؁ఉ瑎捦܉@考, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x864241f8	Size: 121

Object: Hidden Code [Driver: ae4z893t؅䵃慄؁ఉ瑎捦܉@考, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x864241f8	Size: 121

Object: Hidden Code [Driver: ae4z893t؅䵃慄؁ఉ瑎捦܉@考, IRP_MJ_POWER]
Process: System	Address: 0x864241f8	Size: 121

Object: Hidden Code [Driver: ae4z893t؅䵃慄؁ఉ瑎捦܉@考, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x864241f8	Size: 121

Object: Hidden Code [Driver: ae4z893t؅䵃慄؁ఉ瑎捦܉@考, IRP_MJ_PNP]
Process: System	Address: 0x864241f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System	Address: 0x85e581f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System	Address: 0x85e581f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System	Address: 0x85e581f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System	Address: 0x85e581f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System	Address: 0x85e581f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x85e581f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x85e581f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System	Address: 0x85e581f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System	Address: 0x85e581f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x85e581f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x85e581f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x85e581f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x85e581f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x85e581f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x85e581f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x85e581f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x85e581f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x85e581f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System	Address: 0x85e581f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System	Address: 0x85e581f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x85e581f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x85e581f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System	Address: 0x85e581f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x85e581f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System	Address: 0x85e581f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x85e581f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x85e581f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System	Address: 0x85e581f8	Size: 121

Object: Hidden Code [Driver: Cdfs؅敓捁尀ﰀ؂ఆ䵃킘ﺠ, IRP_MJ_CREATE]
Process: System	Address: 0x85e2a1f8	Size: 121

Object: Hidden Code [Driver: Cdfs؅敓捁尀ﰀ؂ఆ䵃킘ﺠ, IRP_MJ_CLOSE]
Process: System	Address: 0x85e2a1f8	Size: 121

Object: Hidden Code [Driver: Cdfs؅敓捁尀ﰀ؂ఆ䵃킘ﺠ, IRP_MJ_READ]
Process: System	Address: 0x85e2a1f8	Size: 121

Object: Hidden Code [Driver: Cdfs؅敓捁尀ﰀ؂ఆ䵃킘ﺠ, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x85e2a1f8	Size: 121

Object: Hidden Code [Driver: Cdfs؅敓捁尀ﰀ؂ఆ䵃킘ﺠ, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x85e2a1f8	Size: 121

Object: Hidden Code [Driver: Cdfs؅敓捁尀ﰀ؂ఆ䵃킘ﺠ, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x85e2a1f8	Size: 121

Object: Hidden Code [Driver: Cdfs؅敓捁尀ﰀ؂ఆ䵃킘ﺠ, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x85e2a1f8	Size: 121

Object: Hidden Code [Driver: Cdfs؅敓捁尀ﰀ؂ఆ䵃킘ﺠ, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x85e2a1f8	Size: 121

Object: Hidden Code [Driver: Cdfs؅敓捁尀ﰀ؂ఆ䵃킘ﺠ, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x85e2a1f8	Size: 121

Object: Hidden Code [Driver: Cdfs؅敓捁尀ﰀ؂ఆ䵃킘ﺠ, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x85e2a1f8	Size: 121

Object: Hidden Code [Driver: Cdfs؅敓捁尀ﰀ؂ఆ䵃킘ﺠ, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x85e2a1f8	Size: 121

Object: Hidden Code [Driver: Cdfs؅敓捁尀ﰀ؂ఆ䵃킘ﺠ, IRP_MJ_CLEANUP]
Process: System	Address: 0x85e2a1f8	Size: 121

Object: Hidden Code [Driver: Cdfs؅敓捁尀ﰀ؂ఆ䵃킘ﺠ, IRP_MJ_PNP]
Process: System	Address: 0x85e2a1f8	Size: 121

==EOF==

--------------------

Ok ich gebe zu, das ist nicht wenig

aber dann dürften fürs erste keine Fragen offen bleiben

. Ich hoffe wirklich, dass mir hier jemand helfen kann und möchte und dass ich nicht wieder vergessen werde

Nun gut Spaß beiseite, ich fänds also echt klasse, wenn mir jemand helfen köönnte und lasst euch nicht von der Masse von Infos erschlagen!

Grüße
Demonico

cosinus · 04.10.2010, 19:52

Wenn Du schon ein Crossposting machst dann musst Du auch netterweise den Link zu dem Strang im anderen Board posten.

Demonico · 04.10.2010, 19:57

Oh tut mir leid

hab ich doch glatt das wichtigste vergessen ...
Mit dem Crossposting hab ich mir auch wirklich viel Zeit gelassen, wie man ja an dem Datum der letzten Posts in dem anderen Board sehen kann. Ich wollte das ja auch vermeiden und deshalb eben sichergehen, dass dieser Fall, dass mehrere Foren sich damit beschäftigen nicht eintritt... deswegen hab ich ja auch so lange gewartet

Link:
hxxp://forum.giga.de/showthread.php?p=1058535628#post1058535628

cosinus · 04.10.2010, 20:13

Ist schon ein bisschen her....
Mach als erstes nochmal nen Vollscan mit aktuellem Malwarebytes.

Demonico · 04.10.2010, 21:27

Ok erledigt hier das Logfile:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4742

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

04.10.2010 22:12:23
mbam-log-2010-10-04 (22-12-23).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 188228
Laufzeit: 24 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\Dome\Desktop\RSD 0.61\Reconnector\nc.exe (PUP.KeyLogger) -> No action taken.

Der hat doch tatsächlich noch was gefunden! Bislang hab ich das noch nicht unter Quarantäne gestellt... sollte ich aber doch lieber machen nehme ich an oder? Ich bin mir da bloß so unsicher, weil das eben in meinem Reconnector Ordner hockt, aber das hat bestimmt wieder nichts zu sagen. Soll ich das vllt vorher bei Virustotal oder so hochladen?

Gruß,
Demonico

cosinus · 05.10.2010, 19:19

Das Programm musst Du doch kennen! Wieso liegt es sonst auf dem Desktop?
Diese nc.exe wird aber oft von Malwarebytes bemängelt...

Mach mal neue OTL-Logs:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Demonico · 05.10.2010, 19:46

Das Programm kenn ich schon deshalb, war ich ja so vorsichtig und habs erstmal nicht gelöscht

aber hier der OTL Scan:
So das Otl.txt:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 05.10.2010 20:35:51 - Run 8
OTL by OldTimer - Version 3.2.5.0     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.015,00 Mb Total Physical Memory | 530,00 Mb Available Physical Memory | 52,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,05 Gb Total Space | 107,51 Gb Free Space | 72,13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NETBOOK
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Programme\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (VIAHdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (rtl8187Se) -- C:\WINDOWS\system32\drivers\rtl8187Se.sys (Realtek Semiconductor Corporation                           )
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.19 14:29:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.19 14:29:43 | 000,000,000 | ---D | M]
 
[2009.12.02 18:48:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2010.10.04 17:12:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\165y198c.default\extensions
[2009.12.03 00:23:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\165y198c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.29 09:38:13 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.08.19 14:29:35 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.19 14:29:35 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.19 14:29:35 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.19 14:29:35 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.19 14:29:35 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.04 23:16:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [RegistryBooster] C:\Dokumente und Einstellungen\***\Desktop\RegistryBooster\launcher.exe File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows Search.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.09.18 21:19:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.04 21:03:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Uniblue
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.05 14:47:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.10.05 14:47:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.05 14:47:34 | 1064,685,568 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.04 22:38:50 | 003,932,160 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT
[2010.10.04 22:38:50 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini
[2010.10.04 18:03:58 | 000,000,015 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\settings.dat
[2010.10.04 16:57:40 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
 
========== Files Created - No Company Name ==========
 
[2010.10.04 18:02:18 | 000,000,015 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\settings.dat
[2009.12.12 18:24:05 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009.12.06 18:12:52 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.11.28 22:55:46 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009.11.28 22:55:39 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009.09.22 14:31:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009.09.21 10:45:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Belinea.ini
[2009.09.18 14:13:29 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2009.06.26 16:51:30 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.05.26 22:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 22:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 22:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008.02.15 13:21:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
 
========== LOP Check ==========
 
[2010.08.05 08:32:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\96B0EE00D6ADE293A7082DD46387B32C
[2009.12.06 18:12:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools
[2009.11.29 13:57:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org
[2009.11.29 13:11:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ScummVM
[2009.12.21 14:14:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Teeworlds
[2010.10.04 21:03:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Uniblue
[2009.09.21 15:13:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Desktop Search
[2009.11.30 18:29:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Search
 
========== Purity Check ==========
 
< End of report >

--- --- ---

[/code]

und die extras.txt:

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 05.10.2010 20:35:51 - Run 8
OTL by OldTimer - Version 3.2.5.0     Folder = C:\Dokumente und Einstellungen\Dome\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.015,00 Mb Total Physical Memory | 530,00 Mb Available Physical Memory | 52,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,05 Gb Total Space | 107,51 Gb Free Space | 72,13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NETBOOK
Current User Name: Dome
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Warcraft III\Warcraft III.exe" = C:\Programme\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37155929-A51F-4BAB-B141-50B341F3299C}" = Desperados 2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{BFBB91DB-9F0F-4A9C-9669-A97DA3512CF2}" = RealSpeak Solo fur Deutsch - Steffi
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4EEC21C-04F0-4CF4-8078-82C11E38EF11}" = REALTEK RTL8187SE Wireless LAN Driver
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Belinea_is1" = Belinea
"Desperados 2 Update v1.01" = Desperados 2 Update v1.01
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Homeworld2" = Homeworld2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ScummVM_is1" = ScummVM SVN
"VLC media player" = VLC media player 1.0.1
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.08.2010 03:29:01 | Computer Name = NETBOOK | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
 
Error - 02.08.2010 08:34:13 | Computer Name = NETBOOK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung 0.exe, Version 6.1.0.0, fehlgeschlagenes
 Modul 0.exe, Version 6.1.0.0, Fehleradresse 0x00004327.
 
Error - 02.08.2010 08:34:37 | Computer Name = NETBOOK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul
 unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
 
Error - 02.08.2010 13:25:10 | Computer Name = NETBOOK | Source = Application Error | ID = 1004
Description = Fehlgeschlagene Anwendung svchost.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
 
Error - 07.08.2010 14:44:50 | Computer Name = NETBOOK | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 07.08.2010 14:44:50 | Computer Name = NETBOOK | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 09.08.2010 13:39:57 | Computer Name = NETBOOK | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung s11580co.exe, Version 1.0.15.15281, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 14.08.2010 12:32:01 | Computer Name = NETBOOK | Source = Windows Search Service | ID = 3024
Description = Die Aktualisierung kann nicht gestartet werden, da kein Zugriff auf
 die Inhaltsquellen bestand. Beheben Sie die Fehler, und starten Sie die Aktualisierung
 erneut.  Kontext:  Anwendung, SystemIndex Katalog 
 
Error - 19.08.2010 08:49:38 | Computer Name = NETBOOK | Source = Windows Search Service | ID = 3024
Description = Die Aktualisierung kann nicht gestartet werden, da kein Zugriff auf
 die Inhaltsquellen bestand. Beheben Sie die Fehler, und starten Sie die Aktualisierung
 erneut.  Kontext:  Anwendung, SystemIndex Katalog 
 
Error - 04.09.2010 19:03:34 | Computer Name = NETBOOK | Source = Windows Search Service | ID = 3024
Description = Die Aktualisierung kann nicht gestartet werden, da kein Zugriff auf
 die Inhaltsquellen bestand. Beheben Sie die Fehler, und starten Sie die Aktualisierung
 erneut.  Kontext:  Anwendung, SystemIndex Katalog 
 
[ System Events ]
Error - 02.09.2010 11:10:03 | Computer Name = NETBOOK | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
 beendet:   %%2
 
Error - 04.09.2010 08:45:01 | Computer Name = NETBOOK | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 04.09.2010 08:45:06 | Computer Name = NETBOOK | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
 beendet:   %%2
 
Error - 04.09.2010 19:00:19 | Computer Name = NETBOOK | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 04.09.2010 19:00:24 | Computer Name = NETBOOK | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
 beendet:   %%2
 
Error - 04.10.2010 10:57:46 | Computer Name = NETBOOK | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 04.10.2010 10:57:56 | Computer Name = NETBOOK | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
 beendet:   %%2
 
Error - 05.10.2010 08:47:49 | Computer Name = NETBOOK | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 05.10.2010 08:47:53 | Computer Name = NETBOOK | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
 beendet:   %%2
 
Error - 05.10.2010 09:01:14 | Computer Name = NETBOOK | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "wuauserv"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
 
< End of report >

--- --- ---

[/code]

Gruß und Danke
Demonico

cosinus · 05.10.2010, 20:06

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

ATTFilter

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
[2010.08.05 08:32:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\96B0EE00D6ADE293A7082DD46387B32C
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Demonico · 05.10.2010, 20:17

ok Erledigt ! :

Code:

ATTFilter

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
C:\Dokumente und Einstellungen\Dome\Anwendungsdaten\96B0EE00D6ADE293A7082DD46387B32C folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Dome
->Temp folder emptied: 340645842 bytes
->Temporary Internet Files folder emptied: 6230920 bytes
->Java cache emptied: 134541 bytes
->FireFox cache emptied: 86830795 bytes
->Flash cache emptied: 2259 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2853182 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 417,00 mb
 
 
OTL by OldTimer - Version 3.2.5.0 log created on 10052010_211319

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Gruß
Demonico

Demonico · 05.10.2010, 21:08

Offensichtlich scheint jetzt alles wieder in Ordnung zu sein

Jetzt kann ich endlich wieder beruhigt schlafen

Also danke vielmals!
Ich geb einen aus

cosinus · 05.10.2010, 21:18

Führ nochmal CF aus, mit ner neuen combofix.exe zu cofi.exe umbenannt:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Demonico · 05.10.2010, 21:53

Gesagt getan! Mit dem CCleaner hab ich alles gelöscht und es sind keine unlöschbaren Registries übrig geblieben.
Zu Combofix:
Erstmal allgemein: Warum musste man die .exe eigentllich umbenennen?
Dann als ich Combofix gestartet habe, kam erstmal ne leere Textbox, mit dem Titel Fehler, da hab ich dann auf "ok" gedrückt und das System hat sich neugestartet, dann ging alles ohne Probleme, kp was das jetzt war. Aber hier das Abschlusslog:

[Code]
Combofix Logfile:

Code:

ATTFilter

ComboFix 10-10-05.01 - Dome 05.10.2010  22:39:56.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1015.653 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Dome\Desktop\Cofi.exe
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\Administrator\Anwendungsdaten\0200000053a258f3922C.manifest
c:\dokumente und einstellungen\Administrator\Anwendungsdaten\0200000053a258f3922O.manifest
c:\dokumente und einstellungen\Administrator\Anwendungsdaten\0200000053a258f3922P.manifest
c:\dokumente und einstellungen\Administrator\Anwendungsdaten\0200000053a258f3922S.manifest
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr0.dat
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr1.dat
c:\dokumente und einstellungen\Dome\Anwendungsdaten\0200000053a258f3922C.manifest
c:\dokumente und einstellungen\Dome\Anwendungsdaten\0200000053a258f3922O.manifest
c:\dokumente und einstellungen\Dome\Anwendungsdaten\0200000053a258f3922P.manifest
c:\dokumente und einstellungen\Dome\Anwendungsdaten\0200000053a258f3922S.manifest

----- BITS: Eventuell infizierte Webseiten -----

hxxp://au.downlj+|Cv+@J:NGD_DQ{zGD_DQ{zGD_DQ{zGD_DQ{z+@J:Nj+|Cv
.
(((((((((((((((((((((((   Dateien erstellt von 2010-09-05 bis 2010-10-05  ))))))))))))))))))))))))))))))
.

2010-10-05 20:28 . 2010-10-05 20:28	--------	d-----w-	c:\programme\CCleaner
2010-10-04 19:03 . 2010-10-04 19:03	--------	d-----w-	c:\dokumente und einstellungen\Dome\Anwendungsdaten\Uniblue

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-11 20:15 . 2009-11-29 11:58	1	----a-w-	c:\dokumente und einstellungen\Dome\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-07 13:12 . 2009-06-26 14:36	477784	----a-w-	c:\windows\system32\perfh007.dat
2010-08-07 13:12 . 2009-06-26 14:36	92164	----a-w-	c:\windows\system32\perfc007.dat
.

(((((((((((((((((((((((((((((   SnapShot@2010-08-04_21.16.58   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-05 20:37 . 2010-10-05 20:37	16384              c:\windows\Temp\Perflib_Perfdata_544.dat
+ 2009-06-26 14:33 . 2010-04-21 13:28	46080              c:\windows\system32\tzchange.exe
- 2009-06-26 14:33 . 2009-10-28 15:07	46080              c:\windows\system32\tzchange.exe
+ 2010-03-30 22:16 . 2010-03-30 22:16	99176              c:\windows\system32\PresentationHostProxy.dll
- 2009-06-26 14:30 . 2009-10-29 07:41	44544              c:\windows\system32\pngfilt.dll
+ 2009-06-26 14:30 . 2010-05-04 17:14	44544              c:\windows\system32\pngfilt.dll
- 2009-06-26 14:23 . 2010-05-21 11:48	69278              c:\windows\system32\perfc009.dat
+ 2009-06-26 14:23 . 2010-08-07 13:12	69278              c:\windows\system32\perfc009.dat
+ 2009-11-06 23:07 . 2009-11-06 23:07	49488              c:\windows\system32\netfxperf.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	11600              c:\windows\system32\mui\0409\mscorees.dll
+ 2008-04-14 07:52 . 2009-11-27 17:11	17920              c:\windows\system32\msyuv.dll
+ 2009-06-26 14:29 . 2009-11-27 16:08	28672              c:\windows\system32\msvidc32.dll
- 2009-06-26 14:29 . 2008-04-14 12:00	11264              c:\windows\system32\msrle32.dll
+ 2009-06-26 14:29 . 2009-11-27 16:08	11264              c:\windows\system32\msrle32.dll
- 2007-08-13 16:54 . 2009-10-29 07:40	52224              c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 16:54 . 2010-05-04 17:14	52224              c:\windows\system32\msfeedsbs.dll
- 2009-06-26 14:27 . 2009-10-29 07:40	27648              c:\windows\system32\jsproxy.dll
+ 2009-06-26 14:27 . 2010-05-04 17:14	27648              c:\windows\system32\jsproxy.dll
+ 2008-04-14 07:52 . 2009-11-27 16:08	48128              c:\windows\system32\iyuv_32.dll
+ 2007-08-13 16:39 . 2010-05-04 12:39	13824              c:\windows\system32\ieudinit.exe
- 2007-08-13 16:39 . 2009-10-28 14:35	13824              c:\windows\system32\ieudinit.exe
+ 2009-06-26 14:27 . 2010-05-04 17:14	44544              c:\windows\system32\iernonce.dll
- 2009-06-26 14:27 . 2009-10-29 07:40	44544              c:\windows\system32\iernonce.dll
- 2009-06-26 14:27 . 2009-10-29 07:40	78336              c:\windows\system32\ieencode.dll
+ 2009-06-26 14:27 . 2010-05-04 17:14	78336              c:\windows\system32\ieencode.dll
+ 2009-06-26 14:22 . 2010-05-04 12:39	70656              c:\windows\system32\ie4uinit.exe
- 2009-06-26 14:22 . 2009-10-28 14:35	70656              c:\windows\system32\ie4uinit.exe
- 2007-08-13 16:36 . 2009-10-29 07:40	63488              c:\windows\system32\icardie.dll
+ 2007-08-13 16:36 . 2010-05-04 17:14	63488              c:\windows\system32\icardie.dll
- 2009-06-26 14:26 . 2009-07-29 04:34	81920              c:\windows\system32\fontsub.dll
+ 2009-06-26 14:26 . 2009-10-15 16:28	81920              c:\windows\system32\fontsub.dll
+ 2010-08-04 21:22 . 2010-04-29 13:39	38224              c:\windows\system32\drivers\mbamswissarmy.sys
+ 2010-08-04 21:22 . 2010-04-29 13:39	20952              c:\windows\system32\drivers\mbam.sys
- 2009-06-26 14:30 . 2009-10-29 07:41	44544              c:\windows\system32\dllcache\pngfilt.dll
+ 2009-06-26 14:30 . 2010-05-04 17:14	44544              c:\windows\system32\dllcache\pngfilt.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11	17920              c:\windows\system32\dllcache\msyuv.dll
+ 2009-06-26 14:29 . 2009-11-27 16:08	28672              c:\windows\system32\dllcache\msvidc32.dll
+ 2009-06-26 14:29 . 2009-11-27 16:08	11264              c:\windows\system32\dllcache\msrle32.dll
- 2009-06-26 14:29 . 2008-04-14 12:00	11264              c:\windows\system32\dllcache\msrle32.dll
- 2009-09-18 15:03 . 2009-10-29 07:40	52224              c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-09-18 15:03 . 2010-05-04 17:14	52224              c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-06-26 14:27 . 2009-10-29 07:40	27648              c:\windows\system32\dllcache\jsproxy.dll
+ 2009-06-26 14:27 . 2010-05-04 17:14	27648              c:\windows\system32\dllcache\jsproxy.dll
+ 2009-11-27 16:08 . 2009-11-27 16:08	48128              c:\windows\system32\dllcache\iyuv_32.dll
+ 2009-09-18 15:03 . 2010-05-04 12:39	13824              c:\windows\system32\dllcache\ieudinit.exe
- 2009-09-18 15:03 . 2009-10-28 14:35	13824              c:\windows\system32\dllcache\ieudinit.exe
+ 2009-06-26 14:27 . 2010-05-04 17:14	44544              c:\windows\system32\dllcache\iernonce.dll
- 2009-06-26 14:27 . 2009-10-29 07:40	44544              c:\windows\system32\dllcache\iernonce.dll
+ 2009-06-26 14:27 . 2010-05-04 17:14	78336              c:\windows\system32\dllcache\ieencode.dll
- 2009-06-26 14:27 . 2009-10-29 07:40	78336              c:\windows\system32\dllcache\ieencode.dll
- 2009-06-26 14:22 . 2009-10-28 14:35	70656              c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-06-26 14:22 . 2010-05-04 12:39	70656              c:\windows\system32\dllcache\ie4uinit.exe
- 2009-09-18 15:03 . 2009-10-29 07:40	63488              c:\windows\system32\dllcache\icardie.dll
+ 2009-09-18 15:03 . 2010-05-04 17:14	63488              c:\windows\system32\dllcache\icardie.dll
+ 2009-06-26 14:26 . 2009-10-15 16:28	81920              c:\windows\system32\dllcache\fontsub.dll
- 2009-06-26 14:26 . 2009-07-29 04:34	81920              c:\windows\system32\dllcache\fontsub.dll
+ 2009-06-26 14:22 . 2009-12-14 07:08	33280              c:\windows\system32\dllcache\csrsrv.dll
+ 2009-06-26 14:24 . 2010-05-04 17:14	17408              c:\windows\system32\dllcache\corpol.dll
- 2009-06-26 14:24 . 2009-10-29 07:40	17408              c:\windows\system32\dllcache\corpol.dll
+ 2009-06-26 14:24 . 2010-01-13 14:00	86528              c:\windows\system32\dllcache\cabview.dll
+ 2009-06-26 14:22 . 2009-11-27 16:08	85504              c:\windows\system32\dllcache\avifil32.dll
- 2009-06-26 14:22 . 2009-06-10 14:13	85504              c:\windows\system32\dllcache\avifil32.dll
+ 2009-06-26 14:23 . 2010-03-05 14:37	65536              c:\windows\system32\dllcache\asycfilt.dll
+ 2009-06-26 14:22 . 2009-12-14 07:08	33280              c:\windows\system32\csrsrv.dll
+ 2009-06-26 14:24 . 2010-05-04 17:14	17408              c:\windows\system32\corpol.dll
- 2009-06-26 14:24 . 2009-10-29 07:40	17408              c:\windows\system32\corpol.dll
+ 2009-06-26 14:24 . 2010-01-13 14:00	86528              c:\windows\system32\cabview.dll
+ 2009-06-26 14:22 . 2009-11-27 16:08	85504              c:\windows\system32\avifil32.dll
- 2009-06-26 14:22 . 2009-06-10 14:13	85504              c:\windows\system32\avifil32.dll
+ 2009-06-26 14:23 . 2010-03-05 14:37	65536              c:\windows\system32\asycfilt.dll
+ 2010-04-07 21:48 . 2010-04-07 21:48	32768              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
- 2008-07-29 17:16 . 2008-07-29 17:16	32768              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13648              c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2010-03-23 03:31 . 2010-03-23 03:31	30544              c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-04-01 09:42 . 2010-04-01 09:42	81920              c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2008-05-27 23:49 . 2008-05-27 23:49	77824              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2010-03-31 12:51 . 2010-03-31 12:51	77824              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2008-05-27 23:49 . 2008-05-27 23:49	86016              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-03-31 12:51 . 2010-03-31 12:51	86016              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-03-31 12:51 . 2010-03-31 12:51	81920              c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2008-05-27 23:49 . 2008-05-27 23:49	81920              c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2008-05-28 00:30 . 2008-05-28 00:30	32768              c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-03-31 13:32 . 2010-03-31 13:32	32768              c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-03-31 13:32 . 2010-03-31 13:32	24576              c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2003-02-20 17:19 . 2003-02-20 17:19	24576              c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13648              c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13648              c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13648              c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13648              c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13664              c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13688              c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13664              c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13696              c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13656              c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13656              c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13656              c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13672              c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	13664              c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	86864              c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2010-08-05 15:07 . 2009-10-29 07:41	44544              c:\windows\ie7updates\KB982381-IE7\pngfilt.dll
+ 2010-08-05 15:07 . 2009-10-29 07:40	52224              c:\windows\ie7updates\KB982381-IE7\msfeedsbs.dll
+ 2010-08-05 15:07 . 2009-10-29 07:40	27648              c:\windows\ie7updates\KB982381-IE7\jsproxy.dll
+ 2010-08-05 15:07 . 2009-10-28 14:35	13824              c:\windows\ie7updates\KB982381-IE7\ieudinit.exe
+ 2010-08-05 15:07 . 2009-10-29 07:40	44544              c:\windows\ie7updates\KB982381-IE7\iernonce.dll
+ 2010-08-05 15:07 . 2009-10-29 07:40	78336              c:\windows\ie7updates\KB982381-IE7\ieencode.dll
+ 2010-08-05 15:07 . 2009-10-28 14:35	70656              c:\windows\ie7updates\KB982381-IE7\ie4uinit.exe
+ 2010-08-05 15:07 . 2009-10-29 07:40	63488              c:\windows\ie7updates\KB982381-IE7\icardie.dll
+ 2010-08-05 15:07 . 2009-10-29 07:40	17408              c:\windows\ie7updates\KB982381-IE7\corpol.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11	17920              c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:08 . 2009-11-27 16:08	48128              c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2010-08-07 13:18 . 2010-08-07 13:18	90112              c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_62fb6c9c\System.Drawing.Design.dll
+ 2010-08-07 13:18 . 2010-08-07 13:18	61440              c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_8a851484\CustomMarshalers.dll
+ 2010-08-07 13:17 . 2010-08-07 13:17	60928              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ea1b4fbde0e772748c6ac42d627cf684\UIAutomationProvider.ni.dll
+ 2010-08-07 13:26 . 2010-08-07 13:26	37888              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\f46915dfc57bc7e49c5402e9b8f7ec18\System.Windows.Presentation.ni.dll
+ 2010-08-06 13:19 . 2010-08-06 13:19	36864              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\1464c662c302ea6372a885161b983732\System.Web.DynamicData.Design.ni.dll
+ 2010-08-06 13:15 . 2010-08-06 13:15	94208              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\5d535ecadf77ac2d9278a1661beb2855\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-08-07 13:15 . 2010-08-07 13:15	47104              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\18729514178d458aa1225dd068718d4e\PresentationFontCache.ni.exe
+ 2010-08-07 13:13 . 2010-08-07 13:13	39424              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\0375dfa28e2f6ef7e89df9edede4b83d\PresentationCFFRasterizer.ni.dll
+ 2010-08-06 13:18 . 2010-08-06 13:18	55296              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\4a52287444c36c89310856b38ff52fe0\Microsoft.Vsa.ni.dll
- 2009-12-02 15:32 . 2009-12-02 15:32	77824              c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	77824              c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-09-21 12:01 . 2009-09-21 12:01	32768              c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-08-05 15:14 . 2010-08-05 15:14	32768              c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2009-12-02 15:32 . 2009-12-02 15:32	81920              c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-08-07 13:11 . 2010-08-07 13:11	81920              c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-12-02 15:33 . 2009-12-02 15:33	81920              c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	81920              c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-12-02 15:32 . 2009-12-02 15:32	32768              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	32768              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-12-02 15:32 . 2009-12-02 15:32	12800              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	12800              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-12-02 15:32 . 2009-12-02 15:32	28672              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	28672              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	77824              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-12-02 15:33 . 2009-12-02 15:33	77824              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	36864              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-12-02 15:33 . 2009-12-02 15:33	36864              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-12-02 15:32 . 2009-12-02 15:32	77824              c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	77824              c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-12-02 15:32 . 2009-12-02 15:32	13312              c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	13312              c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-12-02 15:32 . 2009-12-02 15:32	10752              c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	10752              c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	72192              c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-12-02 15:32 . 2009-12-02 15:32	72192              c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	69120              c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-12-02 15:32 . 2009-12-02 15:32	69120              c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-08-07 13:18 . 2010-08-07 13:18	81920              c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-08-07 13:07 . 2009-10-28 15:07	46080              c:\windows\$NtUninstallKB981793$\tzchange.exe
+ 2010-08-07 13:07 . 2010-04-22 22:21	16896              c:\windows\$NtUninstallKB981793$\spuninst\tzchange.dll
+ 2010-08-07 13:06 . 2008-04-14 12:00	65024              c:\windows\$NtUninstallKB979482$\asycfilt.dll
+ 2010-08-07 13:06 . 2008-04-14 12:00	84992              c:\windows\$NtUninstallKB979309$\cabview.dll
+ 2010-08-07 13:16 . 2008-04-14 12:00	32256              c:\windows\$NtUninstallKB978037$\csrsrv.dll
+ 2010-08-07 13:07 . 2008-04-14 12:00	25600              c:\windows\$NtUninstallKB977914$\msvidc32.dll
+ 2010-08-07 13:07 . 2008-04-14 12:00	11264              c:\windows\$NtUninstallKB977914$\msrle32.dll
+ 2010-08-07 13:07 . 2008-04-14 12:00	47616              c:\windows\$NtUninstallKB977914$\iyuv_32.dll
+ 2010-08-07 13:07 . 2009-06-10 14:13	85504              c:\windows\$NtUninstallKB977914$\avifil32.dll
+ 2010-08-07 13:07 . 2008-04-14 12:00	16896              c:\windows\$NtUninstallKB975560$\msyuv.dll
+ 2010-08-07 13:16 . 2009-07-29 04:34	81920              c:\windows\$NtUninstallKB972270$\fontsub.dll
+ 2010-08-05 15:07 . 2008-07-08 13:00	26488              c:\windows\$hf_mig$\KB982381-IE7\update\spcustom.dll
+ 2010-08-05 15:07 . 2008-07-08 13:00	18808              c:\windows\$hf_mig$\KB982381-IE7\spmsg.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48	44544              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\pngfilt.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48	52224              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\msfeedsbs.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48	27648              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\jsproxy.dll
+ 2010-05-04 13:19 . 2010-05-04 13:19	13824              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieudinit.exe
+ 2010-05-04 16:48 . 2010-05-04 16:48	44544              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iernonce.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48	78336              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieencode.dll
+ 2010-05-04 13:19 . 2010-05-04 13:19	70656              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ie4uinit.exe
+ 2010-05-04 16:48 . 2010-05-04 16:48	63488              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\icardie.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48	17408              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\corpol.dll
+ 2010-08-07 13:17 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB981349\update\spcustom.dll
+ 2010-08-07 13:17 . 2009-05-26 11:40	18808              c:\windows\$hf_mig$\KB981349\spmsg.dll
+ 2010-08-07 13:18 . 2009-05-26 09:01	26488              c:\windows\$hf_mig$\KB980232\update\spcustom.dll
+ 2010-08-07 13:18 . 2009-05-26 09:01	18808              c:\windows\$hf_mig$\KB980232\spmsg.dll
+ 2010-08-07 13:19 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB980218\update\spcustom.dll
+ 2010-08-07 13:19 . 2009-05-26 11:40	18808              c:\windows\$hf_mig$\KB980218\spmsg.dll
+ 2010-08-07 13:18 . 2008-07-08 13:00	26488              c:\windows\$hf_mig$\KB980195\update\spcustom.dll
+ 2010-08-07 13:18 . 2008-07-08 13:00	18808              c:\windows\$hf_mig$\KB980195\spmsg.dll
+ 2010-08-07 13:18 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB979683\update\spcustom.dll
+ 2010-08-05 14:01 . 2010-03-05 14:53	16896              c:\windows\$hf_mig$\KB979683\update\mpsyschk.dll
+ 2010-08-07 13:18 . 2009-05-26 11:40	18808              c:\windows\$hf_mig$\KB979683\spmsg.dll
+ 2010-08-07 13:07 . 2009-05-26 09:01	26488              c:\windows\$hf_mig$\KB979559\update\spcustom.dll
+ 2010-08-07 13:07 . 2009-05-26 09:01	18808              c:\windows\$hf_mig$\KB979559\spmsg.dll
+ 2010-08-07 13:06 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB979482\update\spcustom.dll
+ 2010-08-07 13:06 . 2009-05-26 11:40	18808              c:\windows\$hf_mig$\KB979482\spmsg.dll
+ 2010-03-05 14:50 . 2010-03-05 14:50	65536              c:\windows\$hf_mig$\KB979482\SP3QFE\asycfilt.dll
+ 2010-08-07 13:06 . 2008-07-08 13:00	26488              c:\windows\$hf_mig$\KB979309\update\spcustom.dll
+ 2010-08-07 13:06 . 2008-07-08 13:00	18808              c:\windows\$hf_mig$\KB979309\spmsg.dll
+ 2010-01-13 13:48 . 2010-01-13 13:48	86528              c:\windows\$hf_mig$\KB979309\SP3QFE\cabview.dll
+ 2010-08-07 13:06 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB978706\update\spcustom.dll
+ 2010-08-07 13:06 . 2009-05-26 11:40	18808              c:\windows\$hf_mig$\KB978706\spmsg.dll
+ 2010-08-07 13:07 . 2008-07-08 13:00	26488              c:\windows\$hf_mig$\KB978601\update\spcustom.dll
+ 2010-08-07 13:07 . 2008-07-08 13:00	18808              c:\windows\$hf_mig$\KB978601\spmsg.dll
+ 2010-08-07 13:06 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB978542\update\spcustom.dll
+ 2010-08-07 13:06 . 2009-05-26 11:40	18808              c:\windows\$hf_mig$\KB978542\spmsg.dll
+ 2010-08-07 13:16 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB978338\update\spcustom.dll
+ 2010-08-07 13:16 . 2009-05-26 11:40	18808              c:\windows\$hf_mig$\KB978338\spmsg.dll
+ 2010-08-07 13:16 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB978037\update\spcustom.dll
+ 2010-08-07 13:16 . 2009-05-26 11:40	18808              c:\windows\$hf_mig$\KB978037\spmsg.dll
+ 2009-12-14 07:10 . 2009-12-14 07:10	33280              c:\windows\$hf_mig$\KB978037\SP3QFE\csrsrv.dll
+ 2010-08-07 13:07 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB977914\update\spcustom.dll
+ 2010-08-07 13:07 . 2009-05-26 11:40	18808              c:\windows\$hf_mig$\KB977914\spmsg.dll
+ 2009-11-27 16:28 . 2009-11-27 16:28	28672              c:\windows\$hf_mig$\KB977914\SP3QFE\msvidc32.dll
+ 2009-11-27 16:28 . 2009-11-27 16:28	11264              c:\windows\$hf_mig$\KB977914\SP3QFE\msrle32.dll
+ 2009-11-27 16:28 . 2009-11-27 16:28	48128              c:\windows\$hf_mig$\KB977914\SP3QFE\iyuv_32.dll
+ 2009-11-27 16:28 . 2009-11-27 16:28	85504              c:\windows\$hf_mig$\KB977914\SP3QFE\avifil32.dll
+ 2010-08-07 13:07 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB977816\update\spcustom.dll
+ 2010-08-07 13:07 . 2009-05-26 11:40	18808              c:\windows\$hf_mig$\KB977816\spmsg.dll
+ 2010-08-07 13:16 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB975713\update\spcustom.dll
+ 2010-08-07 13:16 . 2009-05-26 11:40	18808              c:\windows\$hf_mig$\KB975713\spmsg.dll
+ 2010-08-07 13:06 . 2008-07-08 13:00	26488              c:\windows\$hf_mig$\KB975562\update\spcustom.dll
+ 2010-08-07 13:06 . 2008-07-08 13:00	18808              c:\windows\$hf_mig$\KB975562\spmsg.dll
+ 2010-08-07 13:08 . 2008-07-08 13:00	26488              c:\windows\$hf_mig$\KB975561\update\spcustom.dll
+ 2010-08-07 13:08 . 2008-07-08 13:00	18808              c:\windows\$hf_mig$\KB975561\spmsg.dll
+ 2010-08-07 13:07 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB975560\update\spcustom.dll
+ 2010-08-07 13:07 . 2009-05-26 11:40	18808              c:\windows\$hf_mig$\KB975560\spmsg.dll
+ 2009-11-27 17:23 . 2009-11-27 17:23	17920              c:\windows\$hf_mig$\KB975560\SP3QFE\msyuv.dll
+ 2010-08-07 13:16 . 2008-07-08 13:00	26488              c:\windows\$hf_mig$\KB972270\update\spcustom.dll
+ 2010-08-07 13:16 . 2008-07-08 13:00	18808              c:\windows\$hf_mig$\KB972270\spmsg.dll
+ 2010-08-05 14:01 . 2009-10-15 16:38	81920              c:\windows\$hf_mig$\KB972270\SP3QFE\fontsub.dll
+ 2010-08-07 13:17 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB955759\update\spcustom.dll
+ 2010-08-07 13:17 . 2009-05-26 11:40	18808              c:\windows\$hf_mig$\KB955759\spmsg.dll
+ 2010-08-07 13:06 . 2010-02-22 14:22	26488              c:\windows\$hf_mig$\KB2286198\update\spcustom.dll
+ 2010-08-07 13:06 . 2010-02-22 14:22	18808              c:\windows\$hf_mig$\KB2286198\spmsg.dll
+ 2010-08-07 13:16 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB2229593\update\spcustom.dll
+ 2010-08-07 13:16 . 2009-05-26 11:40	18808              c:\windows\$hf_mig$\KB2229593\spmsg.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	8192              c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-12-02 15:32 . 2009-12-02 15:32	8192              c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2001-08-18 04:54 . 2009-11-27 16:08	8704              c:\windows\system32\tsbyuv.dll
+ 2009-11-27 16:08 . 2009-11-27 16:08	8704              c:\windows\system32\dllcache\tsbyuv.dll
+ 2009-11-27 16:08 . 2009-11-27 16:08	8704              c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	7168              c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-12-02 15:32 . 2009-12-02 15:32	7168              c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	5632              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-12-02 15:33 . 2009-12-02 15:33	5632              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-12-02 15:32 . 2009-12-02 15:32	6656              c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	6656              c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-12-02 15:32 . 2009-12-02 15:32	8192              c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	8192              c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-08-07 13:07 . 2008-04-14 12:00	8192              c:\windows\$NtUninstallKB977914$\tsbyuv.dll
+ 2009-11-27 16:28 . 2009-11-27 16:28	8704              c:\windows\$hf_mig$\KB977914\SP3QFE\tsbyuv.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	113664              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-12-02 15:33 . 2009-12-02 15:33	113664              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-12-02 15:33 . 2009-12-02 15:33	258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-06-26 14:22 . 2009-12-24 06:59	177664              c:\windows\system32\wintrust.dll
- 2009-06-26 14:22 . 2009-10-29 07:41	832512              c:\windows\system32\wininet.dll
+ 2009-06-26 14:22 . 2010-05-04 17:14	832512              c:\windows\system32\wininet.dll
- 2009-06-26 14:22 . 2009-10-29 07:41	233472              c:\windows\system32\webcheck.dll
+ 2009-06-26 14:22 . 2010-05-04 17:14	233472              c:\windows\system32\webcheck.dll
- 2009-06-26 14:33 . 2008-05-09 10:54	430080              c:\windows\system32\vbscript.dll
+ 2009-06-26 14:33 . 2010-03-09 11:09	430080              c:\windows\system32\vbscript.dll
- 2009-06-26 14:22 . 2009-10-29 07:41	105984              c:\windows\system32\url.dll
+ 2009-06-26 14:22 . 2010-05-04 17:14	105984              c:\windows\system32\url.dll
- 2009-06-26 14:32 . 2009-07-29 04:34	119808              c:\windows\system32\t2embed.dll
+ 2009-06-26 14:32 . 2009-10-15 16:28	119808              c:\windows\system32\t2embed.dll
- 2009-06-26 14:22 . 2008-04-14 12:00	474624              c:\windows\system32\shlwapi.dll
+ 2009-06-26 14:22 . 2009-12-08 09:23	474624              c:\windows\system32\shlwapi.dll
+ 2010-03-30 22:10 . 2010-03-30 22:10	295264              c:\windows\system32\PresentationHost.exe
- 2009-06-26 14:23 . 2010-05-21 11:48	435480              c:\windows\system32\perfh009.dat
+ 2009-06-26 14:23 . 2010-08-07 13:12	435480              c:\windows\system32\perfh009.dat
- 2009-06-26 14:30 . 2009-10-29 07:41	102912              c:\windows\system32\occache.dll
+ 2009-06-26 14:30 . 2010-05-04 17:14	102912              c:\windows\system32\occache.dll
+ 2009-06-26 14:29 . 2010-05-04 17:14	671232              c:\windows\system32\mstime.dll
- 2009-06-26 14:29 . 2009-10-29 07:41	671232              c:\windows\system32\mstime.dll
- 2009-06-26 14:29 . 2009-10-29 07:41	193024              c:\windows\system32\msrating.dll
+ 2009-06-26 14:29 . 2010-05-04 17:14	193024              c:\windows\system32\msrating.dll
+ 2009-09-18 19:14 . 2009-12-17 07:40	346624              c:\windows\system32\mspaint.exe
- 2009-09-18 19:14 . 2008-04-14 12:00	346624              c:\windows\system32\mspaint.exe
+ 2009-06-26 14:29 . 2010-05-04 17:14	477696              c:\windows\system32\mshtmled.dll
- 2009-06-26 14:29 . 2009-10-29 07:41	477696              c:\windows\system32\mshtmled.dll
- 2007-08-13 16:54 . 2009-10-29 07:40	459264              c:\windows\system32\msfeeds.dll
+ 2007-08-13 16:54 . 2010-05-04 17:14	459264              c:\windows\system32\msfeeds.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07	297808              c:\windows\system32\mscoree.dll
+ 2009-09-18 19:16 . 2010-01-29 14:59	691712              c:\windows\system32\inetcomm.dll
- 2009-09-18 19:16 . 2008-04-11 19:04	691712              c:\windows\system32\inetcomm.dll
- 2007-08-13 16:34 . 2009-10-29 07:40	268288              c:\windows\system32\iertutil.dll
+ 2007-08-13 16:34 . 2010-05-04 17:14	268288              c:\windows\system32\iertutil.dll
+ 2009-06-26 14:27 . 2010-05-04 17:14	192512              c:\windows\system32\iepeers.dll
+ 2009-06-26 14:22 . 2010-05-04 17:14	385024              c:\windows\system32\iedkcs32.dll
- 2009-06-26 14:22 . 2009-10-29 07:40	385024              c:\windows\system32\iedkcs32.dll
- 2007-07-11 10:27 . 2009-10-29 07:40	380928              c:\windows\system32\ieapfltr.dll
+ 2007-07-11 10:27 . 2010-05-04 17:14	380928              c:\windows\system32\ieapfltr.dll
- 2009-06-26 14:27 . 2009-10-28 06:52	161792              c:\windows\system32\ieakui.dll
+ 2009-06-26 14:27 . 2010-04-16 11:43	161792              c:\windows\system32\ieakui.dll
+ 2009-06-26 14:27 . 2010-05-04 17:14	230400              c:\windows\system32\ieaksie.dll
- 2009-06-26 14:27 . 2009-10-29 07:40	230400              c:\windows\system32\ieaksie.dll
+ 2009-06-26 14:27 . 2010-05-04 17:14	153088              c:\windows\system32\ieakeng.dll
- 2009-06-26 14:27 . 2009-10-29 07:40	153088              c:\windows\system32\ieakeng.dll
+ 2009-09-18 20:08 . 2010-08-07 20:32	114176              c:\windows\system32\FNTCACHE.DAT
- 2009-09-18 20:08 . 2009-12-02 16:01	114176              c:\windows\system32\FNTCACHE.DAT
+ 2009-06-26 14:26 . 2010-05-04 17:14	133120              c:\windows\system32\extmgr.dll
- 2009-06-26 14:26 . 2009-10-29 07:40	133120              c:\windows\system32\extmgr.dll
- 2009-06-26 14:25 . 2009-10-29 07:40	214528              c:\windows\system32\dxtrans.dll
+ 2009-06-26 14:25 . 2010-05-04 17:14	214528              c:\windows\system32\dxtrans.dll
+ 2009-06-26 14:25 . 2010-05-04 17:14	347136              c:\windows\system32\dxtmsft.dll
- 2009-06-26 14:25 . 2009-10-29 07:40	347136              c:\windows\system32\dxtmsft.dll
+ 2009-06-26 14:32 . 2010-02-11 12:02	226880              c:\windows\system32\drivers\tcpip6.sys
+ 2009-06-26 14:42 . 2010-02-24 13:11	455680              c:\windows\system32\drivers\mrxsmb.sys
+ 2009-06-26 14:22 . 2009-12-24 06:59	177664              c:\windows\system32\dllcache\wintrust.dll
+ 2009-06-26 14:22 . 2010-05-04 17:14	832512              c:\windows\system32\dllcache\wininet.dll
- 2009-06-26 14:22 . 2009-10-29 07:41	832512              c:\windows\system32\dllcache\wininet.dll
+ 2009-06-26 14:22 . 2010-05-04 17:14	233472              c:\windows\system32\dllcache\webcheck.dll
- 2009-06-26 14:22 . 2009-10-29 07:41	233472              c:\windows\system32\dllcache\webcheck.dll
+ 2009-06-26 14:33 . 2010-03-09 11:09	430080              c:\windows\system32\dllcache\vbscript.dll
- 2009-06-26 14:33 . 2008-05-09 10:54	430080              c:\windows\system32\dllcache\vbscript.dll
+ 2009-06-26 14:22 . 2010-05-04 17:14	105984              c:\windows\system32\dllcache\url.dll
- 2009-06-26 14:22 . 2009-10-29 07:41	105984              c:\windows\system32\dllcache\url.dll
+ 2009-06-26 14:32 . 2010-02-11 12:02	226880              c:\windows\system32\dllcache\tcpip6.sys
+ 2009-06-26 14:32 . 2009-10-15 16:28	119808              c:\windows\system32\dllcache\t2embed.dll
- 2009-06-26 14:32 . 2009-07-29 04:34	119808              c:\windows\system32\dllcache\t2embed.dll
- 2009-06-26 14:22 . 2008-04-14 12:00	474624              c:\windows\system32\dllcache\shlwapi.dll
+ 2009-06-26 14:22 . 2009-12-08 09:23	474624              c:\windows\system32\dllcache\shlwapi.dll
+ 2009-06-26 14:30 . 2010-05-04 17:14	102912              c:\windows\system32\dllcache\occache.dll
- 2009-06-26 14:30 . 2009-10-29 07:41	102912              c:\windows\system32\dllcache\occache.dll
+ 2009-06-26 14:29 . 2010-05-04 17:14	671232              c:\windows\system32\dllcache\mstime.dll
- 2009-06-26 14:29 . 2009-10-29 07:41	671232              c:\windows\system32\dllcache\mstime.dll
- 2009-06-26 14:29 . 2009-10-29 07:41	193024              c:\windows\system32\dllcache\msrating.dll
+ 2009-06-26 14:29 . 2010-05-04 17:14	193024              c:\windows\system32\dllcache\msrating.dll
- 2009-09-18 19:14 . 2008-04-14 12:00	346624              c:\windows\system32\dllcache\mspaint.exe
+ 2009-09-18 19:14 . 2009-12-17 07:40	346624              c:\windows\system32\dllcache\mspaint.exe
+ 2009-06-26 14:29 . 2010-05-04 17:14	477696              c:\windows\system32\dllcache\mshtmled.dll
- 2009-06-26 14:29 . 2009-10-29 07:41	477696              c:\windows\system32\dllcache\mshtmled.dll
+ 2009-09-18 15:03 . 2010-05-04 17:14	459264              c:\windows\system32\dllcache\msfeeds.dll
- 2009-09-18 15:03 . 2009-10-29 07:40	459264              c:\windows\system32\dllcache\msfeeds.dll
+ 2009-09-18 14:07 . 2010-02-24 13:11	455680              c:\windows\system32\dllcache\mrxsmb.sys
+ 2009-09-18 19:16 . 2010-01-29 14:59	691712              c:\windows\system32\dllcache\inetcomm.dll
- 2009-09-18 19:16 . 2008-04-11 19:04	691712              c:\windows\system32\dllcache\inetcomm.dll
+ 2009-09-18 19:16 . 2010-04-16 11:43	634656              c:\windows\system32\dllcache\iexplore.exe
- 2009-09-18 15:03 . 2009-10-29 07:40	268288              c:\windows\system32\dllcache\iertutil.dll
+ 2009-09-18 15:03 . 2010-05-04 17:14	268288              c:\windows\system32\dllcache\iertutil.dll
+ 2009-06-26 14:27 . 2010-05-04 17:14	192512              c:\windows\system32\dllcache\iepeers.dll
+ 2009-06-26 14:22 . 2010-05-04 17:14	385024              c:\windows\system32\dllcache\iedkcs32.dll
- 2009-06-26 14:22 . 2009-10-29 07:40	385024              c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-09-18 15:03 . 2010-05-04 17:14	380928              c:\windows\system32\dllcache\ieapfltr.dll
- 2009-09-18 15:03 . 2009-10-29 07:40	380928              c:\windows\system32\dllcache\ieapfltr.dll
- 2009-06-26 14:27 . 2009-10-28 06:52	161792              c:\windows\system32\dllcache\ieakui.dll
+ 2009-06-26 14:27 . 2010-04-16 11:43	161792              c:\windows\system32\dllcache\ieakui.dll
- 2009-06-26 14:27 . 2009-10-29 07:40	230400              c:\windows\system32\dllcache\ieaksie.dll
+ 2009-06-26 14:27 . 2010-05-04 17:14	230400              c:\windows\system32\dllcache\ieaksie.dll
- 2009-06-26 14:27 . 2009-10-29 07:40	153088              c:\windows\system32\dllcache\ieakeng.dll
+ 2009-06-26 14:27 . 2010-05-04 17:14	153088              c:\windows\system32\dllcache\ieakeng.dll
- 2009-09-18 19:16 . 2008-04-14 12:00	744448              c:\windows\system32\dllcache\helpsvc.exe
+ 2009-09-18 19:16 . 2010-06-14 14:31	744448              c:\windows\system32\dllcache\helpsvc.exe
+ 2009-06-26 14:26 . 2010-05-04 17:14	133120              c:\windows\system32\dllcache\extmgr.dll
- 2009-06-26 14:26 . 2009-10-29 07:40	133120              c:\windows\system32\dllcache\extmgr.dll
+ 2009-06-26 14:25 . 2010-05-04 17:14	214528              c:\windows\system32\dllcache\dxtrans.dll
- 2009-06-26 14:25 . 2009-10-29 07:40	214528              c:\windows\system32\dllcache\dxtrans.dll
- 2009-06-26 14:25 . 2009-10-29 07:40	347136              c:\windows\system32\dllcache\dxtmsft.dll
+ 2009-06-26 14:25 . 2010-05-04 17:14	347136              c:\windows\system32\dllcache\dxtmsft.dll
+ 2009-06-26 14:23 . 2010-04-20 05:29	285696              c:\windows\system32\dllcache\atmfd.dll
- 2009-06-26 14:23 . 2008-04-14 12:00	285696              c:\windows\system32\dllcache\atmfd.dll
- 2009-06-26 14:22 . 2009-10-29 07:40	124928              c:\windows\system32\dllcache\advpack.dll
+ 2009-06-26 14:22 . 2010-05-04 17:14	124928              c:\windows\system32\dllcache\advpack.dll
+ 2009-06-26 14:23 . 2009-11-21 15:54	471552              c:\windows\system32\dllcache\aclayers.dll
+ 2009-06-26 14:23 . 2010-02-12 04:33	100864              c:\windows\system32\dllcache\6to4svc.dll
+ 2010-08-05 13:58 . 2010-02-12 10:03	293376              c:\windows\system32\browserchoice.exe
+ 2009-06-26 14:23 . 2010-04-20 05:29	285696              c:\windows\system32\atmfd.dll
- 2009-06-26 14:23 . 2008-04-14 12:00	285696              c:\windows\system32\atmfd.dll
+ 2009-06-26 14:22 . 2010-05-04 17:14	124928              c:\windows\system32\advpack.dll
- 2009-06-26 14:22 . 2009-10-29 07:40	124928              c:\windows\system32\advpack.dll
+ 2009-06-26 14:23 . 2010-02-12 04:33	100864              c:\windows\system32\6to4svc.dll
+ 2009-09-18 19:16 . 2010-06-14 14:31	744448              c:\windows\pchealth\helpctr\binaries\helpsvc.exe
- 2009-09-18 19:16 . 2008-04-14 12:00	744448              c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
+ 2010-03-30 22:16 . 2010-03-30 22:16	130408              c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2010-04-07 21:48 . 2010-04-07 21:48	970752              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
- 2008-07-29 17:16 . 2008-07-29 17:16	110592              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-04-07 21:48 . 2010-04-07 21:48	110592              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-03-23 03:31 . 2010-03-23 03:31	435024              c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2008-07-25 09:17 . 2008-07-25 09:17	258048              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-02-09 10:22 . 2010-02-09 10:22	258048              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2008-05-27 23:49 . 2008-05-27 23:49	102400              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2010-03-31 12:51 . 2010-03-31 12:51	102400              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2010-03-31 12:49 . 2010-03-31 12:49	315392              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2008-05-27 23:48 . 2008-05-27 23:48	315392              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-03-31 13:32 . 2010-03-31 13:32	258048              c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2008-05-28 00:30 . 2008-05-28 00:30	258048              c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-02-24 22:14 . 2010-02-24 22:14	543232              c:\windows\Installer\e33686.msp
+ 2010-08-05 15:07 . 2009-10-29 07:41	832512              c:\windows\ie7updates\KB982381-IE7\wininet.dll
+ 2010-08-05 15:07 . 2009-10-29 07:41	233472              c:\windows\ie7updates\KB982381-IE7\webcheck.dll
+ 2010-08-05 15:07 . 2009-10-29 07:41	105984              c:\windows\ie7updates\KB982381-IE7\url.dll
+ 2010-08-05 15:07 . 2009-05-26 11:40	388984              c:\windows\ie7updates\KB982381-IE7\spuninst\updspapi.dll
+ 2010-08-05 15:07 . 2008-07-08 13:00	234872              c:\windows\ie7updates\KB982381-IE7\spuninst\spuninst.exe
+ 2010-08-05 15:07 . 2009-10-29 07:41	102912              c:\windows\ie7updates\KB982381-IE7\occache.dll
+ 2010-08-05 15:07 . 2009-10-29 07:41	671232              c:\windows\ie7updates\KB982381-IE7\mstime.dll
+ 2010-08-05 15:07 . 2009-10-29 07:41	193024              c:\windows\ie7updates\KB982381-IE7\msrating.dll
+ 2010-08-05 15:07 . 2009-10-29 07:41	477696              c:\windows\ie7updates\KB982381-IE7\mshtmled.dll
+ 2010-08-05 15:07 . 2009-10-29 07:40	459264              c:\windows\ie7updates\KB982381-IE7\msfeeds.dll
+ 2010-08-05 15:07 . 2009-10-28 06:54	634632              c:\windows\ie7updates\KB982381-IE7\iexplore.exe
+ 2010-08-05 15:07 . 2009-10-29 07:40	268288              c:\windows\ie7updates\KB982381-IE7\iertutil.dll
+ 2010-08-05 15:07 . 2007-08-13 16:54	191488              c:\windows\ie7updates\KB982381-IE7\iepeers.dll
+ 2010-08-05 15:07 . 2009-10-29 07:40	385024              c:\windows\ie7updates\KB982381-IE7\iedkcs32.dll
+ 2010-08-05 15:07 . 2009-10-29 07:40	380928              c:\windows\ie7updates\KB982381-IE7\ieapfltr.dll
+ 2010-08-05 15:07 . 2009-10-28 06:52	161792              c:\windows\ie7updates\KB982381-IE7\ieakui.dll
+ 2010-08-05 15:07 . 2009-10-29 07:40	230400              c:\windows\ie7updates\KB982381-IE7\ieaksie.dll
+ 2010-08-05 15:07 . 2009-10-29 07:40	153088              c:\windows\ie7updates\KB982381-IE7\ieakeng.dll
+ 2010-08-05 15:07 . 2009-10-29 07:40	133120              c:\windows\ie7updates\KB982381-IE7\extmgr.dll
+ 2010-08-05 15:07 . 2009-10-29 07:40	214528              c:\windows\ie7updates\KB982381-IE7\dxtrans.dll
+ 2010-08-05 15:07 . 2009-10-29 07:40	347136              c:\windows\ie7updates\KB982381-IE7\dxtmsft.dll
+ 2010-08-05 15:07 . 2009-10-29 07:40	124928              c:\windows\ie7updates\KB982381-IE7\advpack.dll
+ 2009-09-18 14:07 . 2010-02-24 13:11	455680              c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-08-07 13:19 . 2010-08-07 13:19	835584              c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_54e1816a\System.Drawing.dll
+ 2010-08-07 13:19 . 2010-08-07 13:19	192512              c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_037f1333\System.Drawing.Design.dll
+ 2010-08-07 13:19 . 2010-08-07 13:19	118784              c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_425eeaba\CustomMarshalers.dll
+ 2010-08-06 13:13 . 2010-08-06 13:13	321536              c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\4d07b1ccecca66f320c1a0971dd614d1\WsatConfig.ni.exe
+ 2010-08-07 13:18 . 2010-08-07 13:18	240128              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\b3a9fac9aea3ad913781fafbdcbb0cae\WindowsFormsIntegration.ni.dll
+ 2010-08-07 13:17 . 2010-08-07 13:17	447488              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\4131a3627fec69291dbaed236f30dc65\UIAutomationClient.ni.dll
+ 2010-08-06 13:20 . 2010-08-06 13:20	400896              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\747e84d81d1de2041661f0f71b04734a\System.Xml.Linq.ni.dll
+ 2010-08-06 13:19 . 2010-08-06 13:19	129536              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\d51dfbd8d5431eb89181baaa24863e15\System.Web.Routing.ni.dll
+ 2010-08-06 13:20 . 2010-08-06 13:20	202240              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\436dde9611932489da3dc8a1be170843\System.Web.RegularExpressions.ni.dll
+ 2010-08-06 13:19 . 2010-08-06 13:19	859648              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\e8ef769b3e899e62b26daadee50b97ed\System.Web.Extensions.Design.ni.dll
+ 2010-08-06 13:19 . 2010-08-06 13:19	328704              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\ce3b446b7bee5c47949c994ec89b1649\System.Web.Entity.ni.dll
+ 2010-08-06 13:19 . 2010-08-06 13:19	301056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ad04fe1182e55e7c01066b62a4bee6b5\System.Web.Entity.Design.ni.dll
+ 2010-08-06 13:19 . 2010-08-06 13:19	547328              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\20ba0d4d182a1a9c1f54c00d3bc29a68\System.Web.DynamicData.ni.dll
+ 2010-08-06 13:19 . 2010-08-06 13:19	141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\c97ecf9250c2f0794262534f27f98b72\System.Web.Abstractions.ni.dll
+ 2010-08-06 13:18 . 2010-08-06 13:18	627200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9c56656c88979cf18de6cbcb6587ba8f\System.Transactions.ni.dll
+ 2010-08-06 13:18 . 2010-08-06 13:18	212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll
+ 2010-08-06 13:14 . 2010-08-06 13:14	679936              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\42b2ffb594dbd5652a576a0dce28722c\System.Security.ni.dll
+ 2010-08-06 13:18 . 2010-08-06 13:18	311296              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3231473e2ec4451c8f218930fda80d19\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-08-06 13:18 . 2010-08-06 13:18	621056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\f90965b9d9a6a6604c9a66f57c37c026\System.Net.ni.dll
+ 2010-08-06 13:18 . 2010-08-06 13:18	998400              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\16670b6870746e5a8dc4a73a76a90bed\System.Management.ni.dll
+ 2010-08-06 13:18 . 2010-08-06 13:18	330752              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e6bd59fec415e273c173170c6508180a\System.Management.Instrumentation.ni.dll
+ 2010-08-06 13:11 . 2010-08-06 13:11	381440              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e3eb86170cba4c80e6e22ca33c63c218\System.IO.Log.ni.dll
+ 2010-08-06 13:14 . 2010-08-06 13:14	212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cfa48936affc9a5fb89f0bf66cc52a47\System.IdentityModel.Selectors.ni.dll
+ 2010-08-06 13:18 . 2010-08-06 13:18	280064              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.Wrapper.dll
+ 2010-08-06 13:18 . 2010-08-06 13:18	627712              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.ni.dll
+ 2010-08-06 12:47 . 2010-08-06 12:47	208384              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\aeba6820f20655dec7fe0fe05aaeb818\System.Drawing.Design.ni.dll
+ 2010-08-06 13:18 . 2010-08-06 13:18	455680              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\9ef70079beca3a9982a3aa76ebc0ddd8\System.DirectoryServices.Protocols.ni.dll
+ 2010-08-06 13:18 . 2010-08-06 13:18	881152              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\277619716d9136216065bea970365c65\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-08-06 13:18 . 2010-08-06 13:18	939008              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\90b67e13866b176ae6cbdb23144f724d\System.Data.Services.Client.ni.dll
+ 2010-08-06 13:18 . 2010-08-06 13:18	354816              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\131a477d41a8669b15696128b94c2636\System.Data.Services.Design.ni.dll
+ 2010-08-06 13:17 . 2010-08-06 13:17	756736              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\d4990681ce373d81a52b231ee4c4afea\System.Data.Entity.Design.ni.dll
+ 2010-08-06 13:15 . 2010-08-06 13:15	135680              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\9e9d66a3a0e16fceead505c25af569eb\System.Data.DataSetExtensions.ni.dll
+ 2010-08-06 13:14 . 2010-08-06 13:14	971264              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll
+ 2010-08-06 13:18 . 2010-08-06 13:18	141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\39e4f9a276fb12125d8a1444d8b65a84\System.Configuration.Install.ni.dll
+ 2010-08-06 13:15 . 2010-08-06 13:15	633856              c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\849916c5cb3ff7763d15a3976766c2f6\System.AddIn.ni.dll
+ 2010-08-06 13:13 . 2010-08-06 13:13	366080              c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\f38a426b90e6c526dcb2c435c7380450\SMSvcHost.ni.exe
+ 2010-08-06 13:13 . 2010-08-06 13:13	256000              c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6cabc7d1700c224e8b41ff2f96a3087c\SMDiagnostics.ni.dll
+ 2010-08-06 13:13 . 2010-08-06 13:13	320512              c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5c8f5ca36498f43980d64820d8186c8a\ServiceModelReg.ni.exe
+ 2010-08-07 13:17 . 2010-08-07 13:17	368128              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a10c2c7e38291c3ada631ad13e762818\PresentationFramework.Aero.ni.dll
+ 2010-08-07 13:17 . 2010-08-07 13:17	539648              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7579c76fa81eb309d3170b62467be58d\PresentationFramework.Luna.ni.dll
+ 2010-08-07 13:17 . 2010-08-07 13:17	224768              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bef0992fb684e71dbfab5c0a99316af\PresentationFramework.Classic.ni.dll
+ 2010-08-07 13:17 . 2010-08-07 13:17	258048              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2f6687d394813d760496f60acf046384\PresentationFramework.Royale.ni.dll
+ 2010-08-06 13:14 . 2010-08-06 13:14	133632              c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7700963610c1af364aa934c3c824b7b4\MSBuild.ni.exe
+ 2010-08-06 13:13 . 2010-08-06 13:13	386560              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\c74d4c69c49992dfb23ba512081dc3de\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-08-06 13:14 . 2010-08-06 13:14	144384              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\a6a9f24b1a8984eaafbabb1ee968e359\Microsoft.Build.Utilities.ni.dll
+ 2010-08-06 13:14 . 2010-08-06 13:14	175104              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\2fa81d363cb1496be2427d848a867409\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-08-06 13:14 . 2010-08-06 13:14	839680              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\c4c360df9c1024ebc3f0de77f5cf8b1c\Microsoft.Build.Engine.ni.dll
+ 2010-08-06 13:14 . 2010-08-06 13:14	222720              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c9386dcd89c2518a74115f3bfd861830\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-08-06 13:13 . 2010-08-06 13:13	410112              c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\abb62e3ed74c974f0282bc7ea5d3f1c1\ComSvcConfig.ni.exe
+ 2010-08-06 13:13 . 2010-08-06 13:13	842240              c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\6d34f00b6a782d15bec70d6cdb00b5e8\AspNetMMCExt.ni.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	839680              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-12-02 15:32 . 2009-12-02 15:32	839680              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-12-02 15:32 . 2009-12-02 15:32	835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-12-02 15:32 . 2009-12-02 15:32	114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-12-02 15:33 . 2009-12-02 15:33	258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-08-05 15:14 . 2010-08-05 15:14	970752              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2009-12-02 15:33 . 2009-12-02 15:33	131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	303104              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-12-02 15:33 . 2009-12-02 15:33	303104              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-12-02 15:33 . 2009-12-02 15:33	258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-12-02 15:33 . 2009-12-02 15:33	372736              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	372736              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-08-05 15:14 . 2010-08-05 15:14	438272              c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2009-12-02 15:33 . 2009-12-02 15:33	626688              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	626688              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-12-02 15:32 . 2009-12-02 15:32	401408              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	401408              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-12-02 15:32 . 2009-12-02 15:32	188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	970752              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-12-02 15:33 . 2009-12-02 15:33	970752              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-12-02 15:33 . 2009-12-02 15:33	745472              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	745472              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-12-02 15:33 . 2009-12-02 15:33	425984              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	425984              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-12-02 15:33 . 2009-12-02 15:33	110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-08-05 15:14 . 2010-08-05 15:14	110592              c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-09-21 12:01 . 2009-09-21 12:01	110592              c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	659456              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-12-02 15:32 . 2009-12-02 15:32	659456              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-12-02 15:32 . 2009-12-02 15:32	372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-12-02 15:32 . 2009-12-02 15:32	110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-12-02 15:32 . 2009-12-02 15:32	749568              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	749568              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-12-02 15:33 . 2009-12-02 15:33	655360              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	655360              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-12-02 15:33 . 2009-12-02 15:33	348160              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	348160              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-12-02 15:32 . 2009-12-02 15:32	507904              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-08-07 13:11 . 2010-08-07 13:11	507904              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-12-02 15:32 . 2009-12-02 15:32	261632              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	261632              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	113664              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-12-02 15:33 . 2009-12-02 15:33	113664              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-12-02 15:33 . 2009-12-02 15:33	258048              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	258048              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-12-02 15:33 . 2009-12-02 15:33	486400              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	486400              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-06-26 14:23 . 2009-11-21 15:54	471552              c:\windows\AppPatch\aclayers.dll
+ 2010-08-07 13:07 . 2009-05-26 09:01	388984              c:\windows\$NtUninstallKB981793$\spuninst\updspapi.dll
+ 2010-08-07 13:07 . 2009-05-26 09:01	234872              c:\windows\$NtUninstallKB981793$\spuninst\spuninst.exe
+ 2010-08-07 13:17 . 2008-05-09 10:54	430080              c:\windows\$NtUninstallKB981349$\vbscript.dll
+ 2010-08-07 13:17 . 2009-05-26 11:40	388984              c:\windows\$NtUninstallKB981349$\spuninst\updspapi.dll
+ 2010-08-07 13:17 . 2009-05-26 11:40	234872              c:\windows\$NtUninstallKB981349$\spuninst\spuninst.exe
+ 2010-08-07 13:18 . 2009-05-26 09:01	388984              c:\windows\$NtUninstallKB980232$\spuninst\updspapi.dll
+ 2010-08-07 13:18 . 2009-05-26 09:01	234872              c:\windows\$NtUninstallKB980232$\spuninst\spuninst.exe
+ 2010-08-07 13:18 . 2008-10-24 11:21	455296              c:\windows\$NtUninstallKB980232$\mrxsmb.sys
+ 2010-08-07 13:19 . 2009-05-26 11:40	388984              c:\windows\$NtUninstallKB980218$\spuninst\updspapi.dll
+ 2010-08-07 13:19 . 2009-05-26 11:40	234872              c:\windows\$NtUninstallKB980218$\spuninst\spuninst.exe
+ 2010-08-07 13:19 . 2008-04-14 12:00	285696              c:\windows\$NtUninstallKB980218$\atmfd.dll
+ 2010-08-07 13:18 . 2008-07-08 13:00	388984              c:\windows\$NtUninstallKB980195$\spuninst\updspapi.dll
+ 2010-08-07 13:18 . 2008-07-08 13:00	234872              c:\windows\$NtUninstallKB980195$\spuninst\spuninst.exe
+ 2010-08-07 13:18 . 2009-05-26 11:40	388984              c:\windows\$NtUninstallKB979683$\spuninst\updspapi.dll
+ 2010-08-07 13:18 . 2009-05-26 11:40	234872              c:\windows\$NtUninstallKB979683$\spuninst\spuninst.exe
+ 2010-08-07 13:07 . 2009-05-26 11:40	388984              c:\windows\$NtUninstallKB979559$\spuninst\updspapi.dll
+ 2010-08-07 13:07 . 2009-05-26 09:01	234872              c:\windows\$NtUninstallKB979559$\spuninst\spuninst.exe
+ 2010-08-07 13:06 . 2009-05-26 11:40	388984              c:\windows\$NtUninstallKB979482$\spuninst\updspapi.dll
+ 2010-08-07 13:06 . 2009-05-26 11:40	234872              c:\windows\$NtUninstallKB979482$\spuninst\spuninst.exe
+ 2010-08-07 13:06 . 2009-05-26 11:40	388984              c:\windows\$NtUninstallKB979309$\spuninst\updspapi.dll
+ 2010-08-07 13:06 . 2008-07-08 13:00	234872              c:\windows\$NtUninstallKB979309$\spuninst\spuninst.exe
+ 2010-08-07 13:06 . 2009-05-26 11:40	388984              c:\windows\$NtUninstallKB978706$\spuninst\updspapi.dll
+ 2010-08-07 13:06 . 2009-05-26 11:40	234872              c:\windows\$NtUninstallKB978706$\spuninst\spuninst.exe
+ 2010-08-07 13:06 . 2008-04-14 12:00	346624              c:\windows\$NtUninstallKB978706$\mspaint.exe
+ 2010-08-07 13:07 . 2007-07-27 21:11	382840              c:\windows\$NtUninstallKB978695_WM9$\spuninst\updspapi.dll
+ 2010-08-07 13:07 . 2007-07-27 18:46	234872              c:\windows\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe
+ 2010-08-07 13:07 . 2008-04-14 12:00	176640              c:\windows\$NtUninstallKB978601$\wintrust.dll
+ 2010-08-07 13:07 . 2009-05-26 11:40	388984              c:\windows\$NtUninstallKB978601$\spuninst\updspapi.dll
+ 2010-08-07 13:07 . 2008-07-08 13:00	234872              c:\windows\$NtUninstallKB978601$\spuninst\spuninst.exe
+ 2010-08-07 13:06 . 2009-05-26 11:40	388984              c:\windows\$NtUninstallKB978542$\spuninst\updspapi.dll
+ 2010-08-07 13:06 . 2009-05-26 11:40	234872              c:\windows\$NtUninstallKB978542$\spuninst\spuninst.exe
+ 2010-08-07 13:06 . 2008-04-11 19:04	691712              c:\windows\$NtUninstallKB978542$\inetcomm.dll
+ 2010-08-07 13:16 . 2008-06-20 11:08	225856              c:\windows\$NtUninstallKB978338$\tcpip6.sys
+ 2010-08-07 13:16 . 2009-05-26 11:40	388984              c:\windows\$NtUninstallKB978338$\spuninst\updspapi.dll
+ 2010-08-07 13:16 . 2009-05-26 11:40	234872              c:\windows\$NtUninstallKB978338$\spuninst\spuninst.exe
+ 2010-08-07 13:16 . 2008-04-14 12:00	100352              c:\windows\$NtUninstallKB978338$\6to4svc.dll
+ 2010-08-07 13:16 . 2009-05-26 11:40	388984              c:\windows\$NtUninstallKB978037$\spuninst\updspapi.dll
+ 2010-08-07 13:16 . 2009-05-26 11:40	234872              c:\windows\$NtUninstallKB978037$\spuninst\spuninst.exe
+ 2010-08-07 13:07 . 2009-05-26 11:40	388984              c:\windows\$NtUninstallKB977914$\spuninst\updspapi.dll
+ 2010-08-07 13:07 . 2009-05-26 11:40	234872              c:\windows\$NtUninstallKB977914$\spuninst\spuninst.exe
+ 2010-08-07 13:07 . 2009-05-26 11:40	388984              c:\windows\$NtUninstallKB977816$\spuninst\updspapi.dll
+ 2010-08-07 13:07 . 2009-05-26 11:40	234872              c:\windows\$NtUninstallKB977816$\spuninst\spuninst.exe
+ 2010-08-07 13:16 . 2009-05-26 11:40	388984              c:\windows\$NtUninstallKB975713$\spuninst\updspapi.dll
+ 2010-08-07 13:16 . 2009-05-26 11:40	234872              c:\windows\$NtUninstallKB975713$\spuninst\spuninst.exe
+ 2010-08-07 13:16 . 2008-04-14 12:00	474624              c:\windows\$NtUninstallKB975713$\shlwapi.dll
+ 2010-08-07 13:06 . 2009-05-26 11:40	388984              c:\windows\$NtUninstallKB975562$\spuninst\updspapi.dll
+ 2010-08-07 13:06 . 2008-07-08 13:00	234872              c:\windows\$NtUninstallKB975562$\spuninst\spuninst.exe
+ 2010-08-07 13:08 . 2009-05-26 15:10	388984              c:\windows\$NtUninstallKB975561$\spuninst\updspapi.dll
+ 2010-08-07 13:08 . 2008-07-08 13:00	234872              c:\windows\$NtUninstallKB975561$\spuninst\spuninst.exe
+ 2010-08-07 13:07 . 2009-05-26 11:40	388984              c:\windows\$NtUninstallKB975560$\spuninst\updspapi.dll
+ 2010-08-07 13:07 . 2009-05-26 11:40	234872              c:\windows\$NtUninstallKB975560$\spuninst\spuninst.exe
+ 2010-08-07 13:16 . 2009-07-29 04:34	119808              c:\windows\$NtUninstallKB972270$\t2embed.dll
+ 2010-08-07 13:16 . 2008-07-08 13:00	388984              c:\windows\$NtUninstallKB972270$\spuninst\updspapi.dll
+ 2010-08-07 13:16 . 2008-07-08 13:00	234872              c:\windows\$NtUninstallKB972270$\spuninst\spuninst.exe
+ 2010-08-07 13:17 . 2009-05-26 15:10	388984              c:\windows\$NtUninstallKB955759$\spuninst\updspapi.dll
+ 2010-08-07 13:17 . 2009-05-26 11:40	234872              c:\windows\$NtUninstallKB955759$\spuninst\spuninst.exe
+ 2010-08-07 13:17 . 2008-04-14 12:00	451072              c:\windows\$NtUninstallKB955759$\aclayers.dll
+ 2010-08-07 13:06 . 2010-02-22 14:22	388984              c:\windows\$NtUninstallKB2286198$\spuninst\updspapi.dll
+ 2010-08-07 13:06 . 2010-02-22 14:22	234872              c:\windows\$NtUninstallKB2286198$\spuninst\spuninst.exe
+ 2010-08-07 13:16 . 2010-02-22 17:52	388984              c:\windows\$NtUninstallKB2229593$\spuninst\updspapi.dll
+ 2010-08-07 13:16 . 2009-05-26 11:40	234872              c:\windows\$NtUninstallKB2229593$\spuninst\spuninst.exe
+ 2010-08-07 13:16 . 2008-04-14 12:00	744448              c:\windows\$NtUninstallKB2229593$\helpsvc.exe
+ 2010-08-05 15:07 . 2009-05-26 11:40	388984              c:\windows\$hf_mig$\KB982381-IE7\update\updspapi.dll
+ 2010-08-05 15:07 . 2009-05-26 11:40	765304              c:\windows\$hf_mig$\KB982381-IE7\update\update.exe
+ 2010-08-05 15:07 . 2008-07-08 13:00	234872              c:\windows\$hf_mig$\KB982381-IE7\spuninst.exe
+ 2010-05-04 16:48 . 2010-05-04 16:48	841216              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\wininet.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48	233472              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\webcheck.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48	105984              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\url.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48	102912              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\occache.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48	671232              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\mstime.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48	193024              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\msrating.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48	477696              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\mshtmled.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48	459264              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\msfeeds.dll
+ 2010-04-16 11:08 . 2010-04-16 11:08	634648              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iexplore.exe
+ 2010-05-04 16:48 . 2010-05-04 16:48	268288              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iertutil.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48	193024              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iepeers.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48	388608              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iedkcs32.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48	380928              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieapfltr.dll
+ 2010-04-16 11:06 . 2010-04-16 11:06	161792              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieakui.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48	230400              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieaksie.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48	153088              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieakeng.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48	132608              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\extmgr.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48	214528              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\dxtrans.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48	347136              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\dxtmsft.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48	124928              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\advpack.dll
+ 2010-08-07 13:17 . 2009-05-26 11:40	388984              c:\windows\$hf_mig$\KB981349\update\updspapi.dll
+ 2010-08-07 13:17 . 2009-05-26 11:40	765304              c:\windows\$hf_mig$\KB981349\update\update.exe
+ 2010-08-07 13:17 . 2009-05-26 11:40	234872              c:\windows\$hf_mig$\KB981349\spuninst.exe
+ 2010-03-09 11:07 . 2010-03-09 11:07	430080              c:\windows\$hf_mig$\KB981349\SP3QFE\vbscript.dll
+ 2010-08-07 13:18 . 2009-05-26 09:01	388984              c:\windows\$hf_mig$\KB980232\update\updspapi.dll
+ 2010-08-07 13:18 . 2009-05-26 09:01	765304              c:\windows\$hf_mig$\KB980232\update\update.exe
+ 2010-08-07 13:18 . 2009-05-26 09:01	234872              c:\windows\$hf_mig$\KB980232\spuninst.exe
+ 2010-08-05 14:01 . 2010-02-24 11:57	457216              c:\windows\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys
+ 2010-08-07 13:19 . 2009-05-26 11:40	388984              c:\windows\$hf_mig$\KB980218\update\updspapi.dll
+ 2010-08-07 13:19 . 2009-05-26 11:40	765304              c:\windows\$hf_mig$\KB980218\update\update.exe
+ 2010-08-07 13:19 . 2009-05-26 11:40	234872              c:\windows\$hf_mig$\KB980218\spuninst.exe
+ 2010-04-20 05:37 . 2010-04-20 05:37	285824              c:\windows\$hf_mig$\KB980218\SP3QFE\atmfd.dll
+ 2010-08-07 13:18 . 2008-07-08 13:00	388984              c:\windows\$hf_mig$\KB980195\update\updspapi.dll
+ 2010-08-07 13:18 . 2008-07-08 13:00	765304              c:\windows\$hf_mig$\KB980195\update\update.exe
+ 2010-08-07 13:18 . 2008-07-08 13:00	234872              c:\windows\$hf_mig$\KB980195\spuninst.exe
+ 2010-08-07 13:18 . 2009-05-26 11:40	388984              c:\windows\$hf_mig$\KB979683\update\updspapi.dll
+ 2010-08-07 13:18 . 2009-05-26 11:40	765304              c:\windows\$hf_mig$\KB979683\update\update.exe
+ 2010-08-07 13:18 . 2009-05-26 11:40	234872              c:\windows\$hf_mig$\KB979683\spuninst.exe
+ 2010-08-07 13:07 . 2009-05-26 11:40	388984              c:\windows\$hf_mig$\KB979559\update\updspapi.dll
+ 2010-08-07 13:07 . 2009-05-26 11:40	765304              c:\windows\$hf_mig$\KB979559\update\update.exe
+ 2010-08-07 13:07 . 2009-05-26 09:01	234872              c:\windows\$hf_mig$\KB979559\spuninst.exe
+ 2010-08-07 13:06 . 2009-05-26 11:40	388984              c:\windows\$hf_mig$\KB979482\update\updspapi.dll
+ 2010-08-07 13:06 . 2009-05-26 11:40	765304              c:\windows\$hf_mig$\KB979482\update\update.exe
+ 2010-08-07 13:06 . 2009-05-26 11:40	234872              c:\windows\$hf_mig$\KB979482\spuninst.exe
+ 2010-08-07 13:06 . 2009-05-26 11:40	388984              c:\windows\$hf_mig$\KB979309\update\updspapi.dll
+ 2010-08-07 13:06 . 2009-05-26 11:40	765304              c:\windows\$hf_mig$\KB979309\update\update.exe
+ 2010-08-07 13:06 . 2008-07-08 13:00	234872              c:\windows\$hf_mig$\KB979309\spuninst.exe
+ 2010-08-07 13:06 . 2009-05-26 11:40	388984              c:\windows\$hf_mig$\KB978706\update\updspapi.dll
+ 2010-08-07 13:06 . 2009-05-26 11:40	765304              c:\windows\$hf_mig$\KB978706\update\update.exe
+ 2010-08-07 13:06 . 2009-05-26 11:40	234872              c:\windows\$hf_mig$\KB978706\spuninst.exe
+ 2009-12-17 07:37 . 2009-12-17 07:37	346624              c:\windows\$hf_mig$\KB978706\SP3QFE\mspaint.exe
+ 2010-08-07 13:07 . 2009-05-26 11:40	388984              c:\windows\$hf_mig$\KB978601\update\updspapi.dll
+ 2010-08-07 13:07 . 2009-05-26 11:40	765304              c:\windows\$hf_mig$\KB978601\update\update.exe
+ 2010-08-07 13:07 . 2008-07-08 13:00	234872              c:\windows\$hf_mig$\KB978601\spuninst.exe
+ 2009-12-24 06:42 . 2009-12-24 06:42	178176              c:\windows\$hf_mig$\KB978601\SP3QFE\wintrust.dll
+ 2010-08-07 13:06 . 2009-05-26 11:40	388984              c:\windows\$hf_mig$\KB978542\update\updspapi.dll
+ 2010-08-07 13:06 . 2009-05-26 11:40	765304              c:\windows\$hf_mig$\KB978542\update\update.exe
+ 2010-08-07 13:06 . 2009-05-26 11:40	234872              c:\windows\$hf_mig$\KB978542\spuninst.exe
+ 2010-01-29 14:53 . 2010-01-29 14:53	691712              c:\windows\$hf_mig$\KB978542\SP3QFE\inetcomm.dll
+ 2010-08-07 13:16 . 2009-05-26 11:40	388984              c:\windows\$hf_mig$\KB978338\update\updspapi.dll
+ 2010-08-07 13:16 . 2009-05-26 11:40	765304              c:\windows\$hf_mig$\KB978338\update\update.exe
+ 2010-08-07 13:16 . 2009-05-26 11:40	234872              c:\windows\$hf_mig$\KB978338\spuninst.exe
+ 2010-02-11 11:36 . 2010-02-11 11:36	226880              c:\windows\$hf_mig$\KB978338\SP3QFE\tcpip6.sys
+ 2010-02-12 04:28 . 2010-02-12 04:28	100864              c:\windows\$hf_mig$\KB978338\SP3QFE\6to4svc.dll
+ 2010-08-07 13:16 . 2009-05-26 11:40	388984              c:\windows\$hf_mig$\KB978037\update\updspapi.dll
+ 2010-08-07 13:16 . 2009-05-26 11:40	765304              c:\windows\$hf_mig$\KB978037\update\update.exe
+ 2010-08-07 13:16 . 2009-05-26 11:40	234872              c:\windows\$hf_mig$\KB978037\spuninst.exe
+ 2010-08-07 13:07 . 2009-05-26 11:40	388984              c:\windows\$hf_mig$\KB977914\update\updspapi.dll
+ 2010-08-07 13:07 . 2009-05-26 11:40	765304              c:\windows\$hf_mig$\KB977914\update\update.exe
+ 2010-08-07 13:07 . 2009-05-26 11:40	234872              c:\windows\$hf_mig$\KB977914\spuninst.exe
+ 2010-08-07 13:07 . 2009-05-26 11:40	388984              c:\windows\$hf_mig$\KB977816\update\updspapi.dll
+ 2010-08-07 13:07 . 2009-05-26 11:40	765304              c:\windows\$hf_mig$\KB977816\update\update.exe
+ 2010-08-07 13:07 . 2009-05-26 11:40	234872              c:\windows\$hf_mig$\KB977816\spuninst.exe
+ 2010-08-07 13:16 . 2009-05-26 11:40	388984              c:\windows\$hf_mig$\KB975713\update\updspapi.dll
+ 2010-08-07 13:16 . 2009-05-26 11:40	765304              c:\windows\$hf_mig$\KB975713\update\update.exe
+ 2010-08-07 13:16 . 2009-05-26 11:40	234872              c:\windows\$hf_mig$\KB975713\spuninst.exe
+ 2009-12-08 09:01 . 2009-12-08 09:01	474624              c:\windows\$hf_mig$\KB975713\SP3QFE\shlwapi.dll
+ 2010-08-07 13:06 . 2009-05-26 11:40	388984              c:\windows\$hf_mig$\KB975562\update\updspapi.dll
+ 2010-08-07 13:06 . 2009-05-26 11:40	765304              c:\windows\$hf_mig$\KB975562\update\update.exe
+ 2010-08-07 13:06 . 2008-07-08 13:00	234872              c:\windows\$hf_mig$\KB975562\spuninst.exe
+ 2010-08-07 13:08 . 2009-05-26 15:10	388984              c:\windows\$hf_mig$\KB975561\update\updspapi.dll
+ 2010-08-07 13:08 . 2009-05-26 11:40	765304              c:\windows\$hf_mig$\KB975561\update\update.exe
+ 2010-08-07 13:08 . 2008-07-08 13:00	234872              c:\windows\$hf_mig$\KB975561\spuninst.exe
+ 2010-08-07 13:07 . 2009-05-26 11:40	388984              c:\windows\$hf_mig$\KB975560\update\updspapi.dll
+ 2010-08-07 13:07 . 2009-05-26 11:40	765304              c:\windows\$hf_mig$\KB975560\update\update.exe
+ 2010-08-07 13:07 . 2009-05-26 11:40	234872              c:\windows\$hf_mig$\KB975560\spuninst.exe
+ 2010-08-07 13:16 . 2008-07-08 13:00	388984              c:\windows\$hf_mig$\KB972270\update\updspapi.dll
+ 2010-08-07 13:16 . 2008-07-08 13:00	765304              c:\windows\$hf_mig$\KB972270\update\update.exe
+ 2010-08-07 13:16 . 2008-07-08 13:00	234872              c:\windows\$hf_mig$\KB972270\spuninst.exe
+ 2010-08-05 14:01 . 2009-10-15 16:38	119808              c:\windows\$hf_mig$\KB972270\SP3QFE\t2embed.dll
+ 2010-08-07 13:17 . 2009-05-26 15:10	388984              c:\windows\$hf_mig$\KB955759\update\updspapi.dll
+ 2010-08-07 13:17 . 2009-05-26 11:40	765304              c:\windows\$hf_mig$\KB955759\update\update.exe
+ 2010-08-07 13:17 . 2009-05-26 11:40	234872              c:\windows\$hf_mig$\KB955759\spuninst.exe
+ 2010-08-05 14:01 . 2009-11-21 15:42	471552              c:\windows\$hf_mig$\KB955759\SP3QFE\aclayers.dll
+ 2010-08-07 13:06 . 2010-02-22 14:22	388984              c:\windows\$hf_mig$\KB2286198\update\updspapi.dll
+ 2010-08-07 13:06 . 2010-02-22 14:22	765304              c:\windows\$hf_mig$\KB2286198\update\update.exe
+ 2010-08-07 13:06 . 2010-02-22 14:22	234872              c:\windows\$hf_mig$\KB2286198\spuninst.exe
+ 2010-08-07 13:16 . 2010-02-22 17:52	388984              c:\windows\$hf_mig$\KB2229593\update\updspapi.dll
+ 2010-08-07 13:16 . 2010-02-22 14:21	765304              c:\windows\$hf_mig$\KB2229593\update\update.exe
+ 2010-08-07 13:16 . 2009-05-26 11:40	234872              c:\windows\$hf_mig$\KB2229593\spuninst.exe
+ 2010-08-05 14:01 . 2010-06-14 14:38	744448              c:\windows\$hf_mig$\KB2229593\SP3QFE\helpsvc.exe
+ 2009-06-26 14:36 . 2010-04-06 02:52	2462720              c:\windows\system32\WMVCore.dll
+ 2009-06-26 14:22 . 2010-05-02 08:05	1851392              c:\windows\system32\win32k.sys
- 2009-06-26 14:22 . 2009-10-29 07:41	1168384              c:\windows\system32\urlmon.dll
+ 2009-06-26 14:22 . 2010-05-04 17:14	1168384              c:\windows\system32\urlmon.dll
+ 2009-06-26 14:22 . 2010-07-27 06:29	8503296              c:\windows\system32\shell32.dll
+ 2009-06-26 14:22 . 2010-02-05 18:25	1297408              c:\windows\system32\quartz.dll
+ 2009-06-26 14:30 . 2010-02-16 19:04	2148864              c:\windows\system32\ntoskrnl.exe
+ 2008-04-14 07:30 . 2010-02-16 19:04	2027008              c:\windows\system32\ntkrnlpa.exe
+ 2009-06-26 14:23 . 2010-05-04 17:14	3600384              c:\windows\system32\mshtml.dll
+ 2007-08-13 16:54 . 2010-05-04 17:14	6067200              c:\windows\system32\ieframe.dll
- 2007-08-13 16:54 . 2009-10-29 07:40	6067200              c:\windows\system32\ieframe.dll
+ 2009-06-26 14:36 . 2010-04-06 02:52	2462720              c:\windows\system32\dllcache\WMVCore.dll
+ 2009-06-26 14:22 . 2010-05-02 08:05	1851392              c:\windows\system32\dllcache\win32k.sys
+ 2009-06-26 14:22 . 2010-05-04 17:14	1168384              c:\windows\system32\dllcache\urlmon.dll
- 2009-06-26 14:22 . 2009-10-29 07:41	1168384              c:\windows\system32\dllcache\urlmon.dll
+ 2009-06-26 14:22 . 2010-07-27 06:29	8503296              c:\windows\system32\dllcache\shell32.dll
+ 2009-06-26 14:22 . 2010-02-05 18:25	1297408              c:\windows\system32\dllcache\quartz.dll
+ 2009-09-18 14:08 . 2010-02-17 12:04	2192256              c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-09-18 14:08 . 2010-02-16 19:04	2027008              c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-10 17:03 . 2010-02-16 19:04	2069120              c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-09-18 14:08 . 2010-02-16 19:04	2148864              c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-09-18 19:16 . 2010-01-29 14:59	1315328              c:\windows\system32\dllcache\msoe.dll
- 2009-09-18 19:16 . 2009-07-10 13:26	1315328              c:\windows\system32\dllcache\msoe.dll
+ 2009-06-26 14:23 . 2010-05-04 17:14	3600384              c:\windows\system32\dllcache\mshtml.dll
- 2009-09-18 19:16 . 2008-04-14 12:00	3558912              c:\windows\system32\dllcache\moviemk.exe
+ 2009-09-18 19:16 . 2009-10-23 15:28	3558912              c:\windows\system32\dllcache\moviemk.exe
- 2009-09-18 15:03 . 2009-10-29 07:40	6067200              c:\windows\system32\dllcache\ieframe.dll
+ 2009-09-18 15:03 . 2010-05-04 17:14	6067200              c:\windows\system32\dllcache\ieframe.dll
+ 2009-11-06 23:06 . 2009-11-06 23:06	1130824              c:\windows\system32\dfshim.dll
+ 2010-04-07 21:48 . 2010-04-07 21:48	5967872              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
- 2008-11-25 02:59 . 2008-11-25 02:59	5242880              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 03:32 . 2010-03-23 03:32	5242880              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 03:32 . 2010-03-23 03:32	3182592              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2010-04-01 09:42 . 2010-04-01 09:42	1265664              c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2008-05-28 00:35 . 2008-05-28 00:35	1265664              c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2008-05-28 00:35 . 2008-05-28 00:35	1232896              c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2010-04-01 09:42 . 2010-04-01 09:42	1232896              c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2008-05-27 23:48 . 2008-05-27 23:48	2514944              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-03-31 12:50 . 2010-03-31 12:50	2514944              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-03-31 12:50 . 2010-03-31 12:50	2527232              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2010-04-01 09:42 . 2010-04-01 09:42	2142208              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2008-05-27 23:43 . 2008-05-27 23:43	2142208              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-04-11 20:17 . 2010-04-11 20:17	2607104              c:\windows\Installer\e33692.msp
+ 2010-04-11 20:17 . 2010-04-11 20:17	4210688              c:\windows\Installer\e33691.msp
+ 2009-11-08 22:25 . 2009-11-08 22:25	1935360              c:\windows\Installer\540b9ba.msp
+ 2010-08-05 15:07 . 2009-10-29 07:41	1168384              c:\windows\ie7updates\KB982381-IE7\urlmon.dll
+ 2010-08-05 15:07 . 2009-10-29 07:41	3598336              c:\windows\ie7updates\KB982381-IE7\mshtml.dll
+ 2010-08-05 15:07 . 2009-10-29 07:40	6067200              c:\windows\ie7updates\KB982381-IE7\ieframe.dll
+ 2009-09-18 14:08 . 2010-02-17 12:04	2192256              c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-09-18 14:08 . 2010-02-16 19:04	2027008              c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-10 17:03 . 2010-02-16 19:04	2069120              c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-09-18 14:08 . 2010-02-16 19:04	2148864              c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-08-07 13:18 . 2010-08-07 13:18	1966080              c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_a90c7409\System.dll
+ 2010-08-07 13:19 . 2010-08-07 13:19	4792320              c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_7d65d340\System.dll
+ 2010-08-07 13:20 . 2010-08-07 13:20	5513216              c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_acf52bc9\System.Xml.dll
+ 2010-08-07 13:19 . 2010-08-07 13:19	2088960              c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_74caf9ea\System.Xml.dll
+ 2010-08-07 13:18 . 2010-08-07 13:18	3018752              c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_b3f7ca5b\System.Windows.Forms.dll
+ 2010-08-07 13:19 . 2010-08-07 13:19	7884800              c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_1ee62eac\System.Windows.Forms.dll
+ 2010-08-07 13:20 . 2010-08-07 13:20	2244608              c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_8ceb0cb0\System.Drawing.dll
+ 2010-08-07 13:19 . 2010-08-07 13:19	1470464              c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_b36026ff\System.Design.dll
+ 2010-08-07 13:20 . 2010-08-07 13:20	3395584              c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_985a03f1\System.Design.dll
+ 2010-08-07 13:19 . 2010-08-07 13:19	3391488              c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_88f407bf\mscorlib.dll
+ 2010-08-07 13:20 . 2010-08-07 13:20	8908800              c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_40351960\mscorlib.dll
+ 2010-08-07 13:13 . 2010-08-07 13:13	3325440              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d63164ac4ed5adabc6a1b0fdf07eee05\WindowsBase.ni.dll
+ 2010-08-07 13:17 . 2010-08-07 13:17	1049600              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\d8549ce90b26cdc3071224ab6f020189\UIAutomationClientsideProviders.ni.dll
+ 2010-08-05 15:14 . 2010-08-05 15:14	7946240              c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2AB.tmp\System.dll
+ 2010-08-06 12:40 . 2010-08-06 12:40	7949824              c:\windows\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
+ 2010-08-06 12:48 . 2010-08-06 12:48	5450752              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
+ 2010-08-06 13:20 . 2010-08-06 13:20	1356288              c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\016b75f60a18535c8d6b3e5d861ab559\System.WorkflowServices.ni.dll
+ 2010-08-06 13:20 . 2010-08-06 13:20	1908224              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6dacae37d337004345518976fb57099e\System.Workflow.Runtime.ni.dll
+ 2010-08-06 13:20 . 2010-08-06 13:20	4514304              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c7b832bbc5bb11c6c7f128c801ce90d7\System.Workflow.ComponentModel.ni.dll
+ 2010-08-06 13:20 . 2010-08-06 13:20	2992640              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\b9ea6ea910293cd6f13f765775867ebd\System.Workflow.Activities.ni.dll
+ 2010-08-06 13:20 . 2010-08-06 13:20	1840640              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8ef8d556899a4a10b7f288a80925489f\System.Web.Services.ni.dll
+ 2010-08-06 13:20 . 2010-08-06 13:20	2209280              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\5dfda43f1991ee6ba345d62b2be4801c\System.Web.Mobile.ni.dll
+ 2010-08-06 13:19 . 2010-08-06 13:19	2403328              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f08b3b8cdf548e3dfe61f342536175eb\System.Web.Extensions.ni.dll
+ 2010-08-06 12:47 . 2010-08-06 12:47	1917952              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2d6a5dbee4506bf643b853e41668afa3\System.Speech.ni.dll
+ 2010-08-06 13:18 . 2010-08-06 13:18	1706496              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\169fe0ad9d59982a2a6b89779c09885b\System.ServiceModel.Web.ni.dll
+ 2010-08-06 13:11 . 2010-08-06 13:11	2345472              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8b2710a63ecd363315ef16b257588b95\System.Runtime.Serialization.ni.dll
+ 2010-08-07 13:17 . 2010-08-07 13:17	1035264              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\af217ef58e5558991f331d482c2bdba6\System.Printing.ni.dll
+ 2010-08-06 13:11 . 2010-08-06 13:11	1070080              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\ad4fb86064d7a1ebcb9ee997e7208ac1\System.IdentityModel.ni.dll
+ 2010-08-06 12:47 . 2010-08-06 12:47	1587200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll
+ 2010-08-06 13:18 . 2010-08-06 13:18	1116672              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7deab2494d53763cd83c567e71e0d8e0\System.DirectoryServices.ni.dll
+ 2010-08-06 13:18 . 2010-08-06 13:18	1801216              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\b81efadfee7702624b713c6d86f7e369\System.Deployment.ni.dll
+ 2010-08-06 12:46 . 2010-08-06 12:46	6616576              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\50130ef751b98a4a11bd4ab73af7cab5\System.Data.ni.dll
+ 2010-08-06 13:14 . 2010-08-06 13:14	2510336              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f71abf392c5ca05a4e46a5d1c4c72856\System.Data.SqlXml.ni.dll
+ 2010-08-06 13:17 . 2010-08-06 13:17	1328128              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\5e6311aff5ada83d0f854922fa62faf6\System.Data.Services.ni.dll
+ 2010-08-06 12:46 . 2010-08-06 12:46	2516480              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3ba3367d03779ad6e76c5d4cdfe572a\System.Data.Linq.ni.dll
+ 2010-08-06 13:17 . 2010-08-06 13:17	9924096              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6abf820d8ec57a0561c3367727d274df\System.Data.Entity.ni.dll
+ 2010-08-06 12:46 . 2010-08-06 12:46	2295296              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e98726349766935ec0e9b980f19a046a\System.Core.ni.dll
+ 2010-08-07 13:17 . 2010-08-07 13:17	2128896              c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\57abb757c1f38586390dcc63bf056322\ReachFramework.ni.dll
+ 2010-08-07 13:17 . 2010-08-07 13:17	1657856              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\0095ba60255d4addaf5b8ebee697a027\PresentationUI.ni.dll
+ 2010-08-06 12:41 . 2010-08-06 12:41	1451008              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\20ef773b20f6ce721ae60e5c2c2e8f80\PresentationBuildTasks.ni.dll
+ 2010-08-06 13:14 . 2010-08-06 13:14	1712128              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\935b855860088a86bb65d37a19f059cc\Microsoft.VisualBasic.ni.dll
+ 2010-08-06 13:13 . 2010-08-06 13:13	1093120              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7a266de493d30eed21cb60ebe300be53\Microsoft.Transactions.Bridge.ni.dll
+ 2010-08-06 13:18 . 2010-08-06 13:18	2332160              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\9db8f9f7fe63ca4451bb5316a3ebb009\Microsoft.JScript.ni.dll
+ 2010-08-06 13:14 . 2010-08-06 13:14	1966080              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\c96be82d6cb00367db4e3553272165ef\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-08-06 13:14 . 2010-08-06 13:14	1620992              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3815de5b052187b5d9375681a6784255\Microsoft.Build.Tasks.ni.dll
+ 2010-08-06 13:14 . 2010-08-06 13:14	1888768              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\43fc6723d08e9ce88701c29653efd224\Microsoft.Build.Engine.ni.dll
+ 2010-08-07 13:13 . 2010-08-07 13:13	1249280              c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	3182592              c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	2048000              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-12-02 15:33 . 2009-12-02 15:33	2048000              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-08-07 13:11 . 2010-08-07 13:11	5025792              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-12-02 15:32 . 2009-12-02 15:32	5025792              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-08-05 15:14 . 2010-08-05 15:14	5967872              c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2009-12-02 15:32 . 2009-12-02 15:32	5062656              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	5062656              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-08-07 13:13 . 2010-08-07 13:13	5279744              c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2010-08-07 13:11 . 2010-08-07 13:11	5242880              c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-12-02 15:32 . 2009-12-02 15:32	5242880              c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-12-02 15:33 . 2009-12-02 15:33	2933248              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	2933248              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-09-21 12:01 . 2009-09-21 12:01	4210688              c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-08-07 13:13 . 2010-08-07 13:13	4210688              c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2009-12-02 15:33 . 2009-12-02 15:33	4546560              c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12	4546560              c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-12-02 15:23 . 2009-12-02 15:23	1232896              c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-08-07 13:18 . 2010-08-07 13:18	1232896              c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-08-07 13:18 . 2010-08-07 13:18	1265664              c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-12-02 15:23 . 2009-12-02 15:23	1265664              c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-08-07 13:18 . 2009-08-04 17:26	2147840              c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
+ 2010-08-07 13:18 . 2009-08-04 17:25	2026496              c:\windows\$NtUninstallKB979683$\ntkrpamp.exe
+ 2010-08-07 13:18 . 2009-08-04 17:25	2026496              c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
+ 2010-08-07 13:18 . 2009-08-04 17:26	2147840              c:\windows\$NtUninstallKB979683$\ntkrnlmp.exe
+ 2010-08-07 13:07 . 2009-08-14 15:10	1850752              c:\windows\$NtUninstallKB979559$\win32k.sys
+ 2010-08-07 13:07 . 2009-05-20 02:56	2458112              c:\windows\$NtUninstallKB978695_WM9$\wmvcore.dll
+ 2010-08-07 13:06 . 2009-07-10 13:26	1315328              c:\windows\$NtUninstallKB978542$\msoe.dll
+ 2010-08-07 13:06 . 2009-06-03 19:09	1296896              c:\windows\$NtUninstallKB975562$\quartz.dll
+ 2010-08-07 13:08 . 2008-04-14 12:00	3558912              c:\windows\$NtUninstallKB975561$\moviemk.exe
+ 2010-08-07 13:06 . 2008-06-17 19:00	8502272              c:\windows\$NtUninstallKB2286198$\shell32.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48	1171968              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\urlmon.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48	3603456              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\mshtml.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48	6071296              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieframe.dll
+ 2010-08-05 14:01 . 2009-06-29 08:33	2452872              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieapfltr.dat
+ 2010-08-05 14:01 . 2010-02-16 18:58	2192384              c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
+ 2010-08-05 14:01 . 2010-02-16 18:58	2027008              c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrpamp.exe
+ 2010-08-05 14:01 . 2010-02-16 18:58	2069248              c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
+ 2010-08-05 14:01 . 2010-02-16 18:58	2148864              c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlmp.exe
+ 2010-05-02 08:00 . 2010-05-02 08:00	1860480              c:\windows\$hf_mig$\KB979559\SP3QFE\win32k.sys
+ 2010-01-29 14:53 . 2010-01-29 14:53	1315328              c:\windows\$hf_mig$\KB978542\SP3QFE\msoe.dll
+ 2010-02-05 18:28 . 2010-02-05 18:28	1297408              c:\windows\$hf_mig$\KB975562\SP3QFE\quartz.dll
+ 2010-08-05 14:01 . 2009-10-23 14:53	3558912              c:\windows\$hf_mig$\KB975561\SP3QFE\moviemk.exe
+ 2009-11-27 17:23 . 2009-11-27 17:23	1297408              c:\windows\$hf_mig$\KB975560\SP3QFE\quartz.dll
+ 2010-07-27 06:27 . 2010-07-27 06:27	8504320              c:\windows\$hf_mig$\KB2286198\SP3QFE\shell32.dll
+ 2009-09-18 14:47 . 2010-07-02 10:39	34045896              c:\windows\system32\MRT.exe
+ 2010-04-02 17:29 . 2010-04-02 17:29	11413504              c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp
+ 2010-04-11 20:17 . 2010-04-11 20:17	14599680              c:\windows\Installer\e336a0.msp
+ 2010-04-02 10:30 . 2010-04-02 10:30	17456640              c:\windows\Installer\540b9de.msp
+ 2010-03-30 23:23 . 2010-03-30 23:23	15638528              c:\windows\Installer\540b9c6.msp
+ 2010-08-06 12:48 . 2010-08-06 12:48	12430848              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll
+ 2010-08-06 13:19 . 2010-08-06 13:19	11797504              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da92e212a374232c2\System.Web.ni.dll
+ 2010-08-06 13:13 . 2010-08-06 13:13	17403904              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8b74f2fe3f3632f95ff4ddb8c4839a1e\System.ServiceModel.ni.dll
+ 2010-08-06 12:47 . 2010-08-06 12:47	10683392              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f352c5cb50bee105e4c873ca050f9f46\System.Design.ni.dll
+ 2010-08-07 13:16 . 2010-08-07 13:16	14328320              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\560662ada034afb6ec78a152bd9a47b5\PresentationFramework.ni.dll
+ 2010-08-07 13:15 . 2010-08-07 13:15	12215808              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9f5dff344ac6ac923b5ade8ba1ab9382\PresentationCore.ni.dll
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programme\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\programme\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-07-15 33636352]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-09-21 148888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\***\Startmen\Programme\Autostart\
OpenOffice.org 3.1.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Windows Search.lnk - c:\programme\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Warcraft III\\Warcraft III.exe"=

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [18.09.2009 16:26 1381632]
S3 gUSBSTOi;gUSBSTOi;\??\c:\dokume~1\***\LOKALE~1\Temp\gUSBSTOi.sys --> c:\dokume~1\***\LOKALE~1\Temp\gUSBSTOi.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06.12.2009 18:12 717296]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\165y198c.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
.
.
Zeit der Fertigstellung: 2010-10-05  22:45:37
ComboFix-quarantined-files.txt  2010-10-05 20:45
ComboFix2.txt  2010-08-04 21:20

Vor Suchlauf: 9 Verzeichnis(se), 115.811.844.096 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 115.825.897.472 Bytes frei

- - End Of File - - F076009243534A0D2A203EDF959E154C

--- --- ---

cosinus · 06.10.2010, 10:04

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

ATTFilter

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=

Driver::
gUSBSTOi

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Demonico · 06.10.2010, 19:41

Sohooo here we go:

[code]
Combofix Logfile:

Code:

ATTFilter

ComboFix 10-10-05.06 - Dome 06.10.2010  20:10:10.3.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1015.568 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Dome\Desktop\Cofi.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Dome\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GUSBSTOI
-------\Service_gUSBSTOi


(((((((((((((((((((((((   Dateien erstellt von 2010-09-06 bis 2010-10-06  ))))))))))))))))))))))))))))))
.

2010-10-05 20:28 . 2010-10-05 20:28	--------	d-----w-	c:\programme\CCleaner
2010-10-04 19:03 . 2010-10-04 19:03	--------	d-----w-	c:\dokumente und einstellungen\Dome\Anwendungsdaten\Uniblue

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-11 20:15 . 2009-11-29 11:58	1	----a-w-	c:\dokumente und einstellungen\Dome\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-07 13:12 . 2009-06-26 14:36	477784	----a-w-	c:\windows\system32\perfh007.dat
2010-08-07 13:12 . 2009-06-26 14:36	92164	----a-w-	c:\windows\system32\perfc007.dat
.

(((((((((((((((((((((((((((((   SnapShot_2010-10-05_20.43.38   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-06 18:14 . 2010-10-06 18:14	16384              c:\windows\Temp\Perflib_Perfdata_540.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programme\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\programme\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-07-15 33636352]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-09-21 148888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\Dome\Startmen\Programme\Autostart\
OpenOffice.org 3.1.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Windows Search.lnk - c:\programme\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Warcraft III\\Warcraft III.exe"=

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [18.09.2009 16:26 1381632]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06.12.2009 18:12 717296]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\dokumente und einstellungen\Dome\Anwendungsdaten\Mozilla\Firefox\Profiles\165y198c.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
.
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'explorer.exe'(2700)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Java\jre6\bin\jqs.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\programme\OpenOffice.org 3\program\soffice.exe
c:\programme\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-10-06  20:18:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-10-06 18:18
ComboFix2.txt  2010-10-05 20:45
ComboFix3.txt  2010-08-04 21:20

Vor Suchlauf: 10 Verzeichnis(se), 116.074.700.800 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 116.058.734.592 Bytes frei

- - End Of File - - A063CCDF8FBE27B3884C881AF7D7E912

--- --- ---

Gruß
Demonico

cosinus · 06.10.2010, 20:34

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. (das letzte GMER Log ist auch schon 2 Monate alt

)
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur eine Sekunde.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

04.10.2010, 19:52	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	$Virus/Rootki Problem:R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyS - Standard$ Virus/Rootki Problem:R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyS Wenn Du schon ein Crossposting machst dann musst Du auch netterweise den Link zu dem Strang im anderen Board posten. __________________ __________________

04.10.2010, 20:13	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	$Virus/Rootki Problem:R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyS - Standard$ Virus/Rootki Problem:R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyS Ist schon ein bisschen her.... Mach als erstes nochmal nen Vollscan mit aktuellem Malwarebytes. __________________ Logfiles bitte immer in CODE-Tags posten

Virus/Rootki Problem:R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyS

Plagegeister aller Art und deren Bekämpfung: Virus/Rootki Problem:R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyS