AVAST findet Bootkit?

matthias2619 · 07.03.2011, 20:59

wenn man CF ein weiteres ausführt überschreibt er den Log vom vorigen Scan.
Kann man den ersten Log noch irgendwo herbekomen?

oh ok seh grad im ordner qoobox sind noch logs.

16. februar

Code:

ATTFilter

ComboFix 11-02-16.05 - Matthias 17.02.2011  16:19:43.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1527.1116 [GMT 1:00]
ausgeführt von:: c:\downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\CFLog
c:\programme\facemoods.com
c:\programme\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll
c:\programme\facemoods.com\facemoods\1.4.17.5\facemoods.crx
c:\programme\facemoods.com\facemoods\1.4.17.5\facemoods.png
c:\programme\facemoods.com\facemoods\1.4.17.5\facemoodsApp.dll
c:\programme\facemoods.com\facemoods\1.4.17.5\facemoodsEng.dll
c:\programme\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe
c:\programme\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll
c:\programme\facemoods.com\facemoods\1.4.17.5\uninstall.exe
c:\windows\system32\muzapp.exe
c:\windows\system32\pthreadVC.dll

.
(((((((((((((((((((((((   Dateien erstellt von 2011-01-17 bis 2011-02-17  ))))))))))))))))))))))))))))))
.

2011-02-16 14:40 . 2008-05-21 11:19	1048576	----a-w-	C:\T20.BIN
2011-02-16 14:37 . 2011-02-16 14:37	--------	d-----w-	C:\Intel
2011-02-16 13:50 . 2011-02-17 15:07	--------	d-----w-	C:\Downloads

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2003-04-02 11:00	440832	----a-w-	c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2003-04-02 11:00	290048	----a-w-	c:\windows\system32\atmfd.dll
2010-12-31 14:03 . 2003-04-02 11:00	1855104	----a-w-	c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2003-04-02 11:00	301568	----a-w-	c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2003-04-02 11:00	916480	----a-w-	c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2003-04-02 11:00	43520	------w-	c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2003-04-02 11:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2010-12-20 22:14 . 2010-12-20 22:14	81920	------w-	c:\windows\system32\ieencode.dll
2010-12-20 17:25 . 2003-04-02 11:00	737792	----a-w-	c:\windows\system32\lsasrv.dll
2010-12-09 15:15 . 2003-04-02 11:00	743936	----a-w-	c:\windows\system32\ntdll.dll
2010-12-09 15:13 . 2003-04-02 11:00	2195072	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-12-09 15:13 . 2002-08-29 03:41	2071680	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-12-09 14:29 . 2003-04-02 11:00	33280	----a-w-	c:\windows\system32\csrsrv.dll
2010-11-29 16:38 . 2010-11-29 16:38	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38	69632	----a-w-	c:\windows\system32\QuickTime.qts
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\c2d977c5e0eed03f3e49e46d53b9cd20\sp3qfe\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\c2d977c5e0eed03f3e49e46d53b9cd20\sp3gdr\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2003-04-02 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AVer HID Receiver.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\AVer HID Receiver.lnk
backup=c:\windows\pss\AVer HID Receiver.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AVerQuick.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Windows Search.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2007-11-06 14:39	69632	----a-w-	c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 06:52	15360	----a-w-	c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-01-13 10:46	166912	----a-w-	c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-01-13 10:46	134656	----a-w-	c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 14:08	421160	----a-w-	c:\programme\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2011-01-29 22:11	888120	----a-w-	c:\programme\Samsung\Kies\KiesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2011-01-29 22:11	3372856	----a-w-	c:\programme\Samsung\Kies\KiesTrayAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-01-13 10:46	135680	----a-w-	c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38	421888	----a-w-	c:\programme\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-11-06 14:40	16384512	----a-w-	c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-11-06 14:40	1826816	----a-w-	c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44	248552	----a-w-	c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows-Remoteverwaltung 

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [16.02.2011 14:50 135336]
R2 AVerRemote;AVerRemote;c:\programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe [16.02.2011 18:38 344064]
R2 AVerScheduleService;AVerScheduleService;c:\programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe [16.02.2011 18:38 389120]
R3 AVerAF35;AVerMedia A835 USB DVB-T;c:\windows\system32\drivers\AVerAF35.sys [16.02.2011 18:28 474880]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54 MBit/s USB 2.0 Netzwerkadapter;c:\windows\system32\drivers\RTL8187B.sys [16.02.2011 15:35 342784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 13:16 130384]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [02.04.2003 12:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 13:16 753504]
S3 XDva382;XDva382;\??\c:\windows\system32\XDva382.sys --> c:\windows\system32\XDva382.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM	REG_MULTI_SZ   	WINRM
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.facemoods.com/?a=ddr
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\dokumente und einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\programme\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\programme\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll
MSConfigStartUp-facemoods - c:\programme\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe
AddRemove-facemoods - c:\programme\facemoods.com\facemoods\1.4.17.5\uninstall.exe
AddRemove-01_Simmental - c:\programme\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\programme\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\programme\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\programme\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\programme\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\programme\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\programme\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\programme\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-24_flashusbdriver - c:\programme\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\programme\Samsung\USB Drivers\25_escape\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-02-17 16:25
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Zeit der Fertigstellung: 2011-02-17  16:27:55
ComboFix-quarantined-files.txt  2011-02-17 15:27

Vor Suchlauf: 9 Verzeichnis(se), 62.229.905.408 Bytes frei
Nach Suchlauf: 9 Verzeichnis(se), 62.498.902.016 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

- - End Of File - - 94F64D78A3504CDAFD1C85E1AAAC5321

23. februar

Code:

ATTFilter

ComboFix 11-02-23.01 - Matthias 23.02.2011  19:02:44.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1527.1019 [GMT 1:00]
ausgeführt von:: c:\downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\CFLog
c:\cflog\CrashLog_20110221.txt
c:\cflog\CrashLog_20110223.txt
c:\dokumente und einstellungen\All Users\Anwendungsdaten\6177b3
c:\dokumente und einstellungen\All Users\Anwendungsdaten\6177b3\4356.mof
c:\dokumente und einstellungen\All Users\Anwendungsdaten\6177b3\5242bc9f8153e3f61c50ea1d26214bb5.ocx
c:\dokumente und einstellungen\All Users\Anwendungsdaten\6177b3\ISE.ico
c:\dokumente und einstellungen\All Users\Anwendungsdaten\6177b3\ISESys\VDAI.ntf
c:\dokumente und einstellungen\All Users\Anwendungsdaten\6177b3\mozcrt19.dll
c:\dokumente und einstellungen\All Users\Anwendungsdaten\6177b3\rgzvbd7tm9q01g8z6gi1u8v7tm9q01ungcvn.dll
c:\dokumente und einstellungen\All Users\Anwendungsdaten\6177b3\sqlite3.dll
c:\dokumente und einstellungen\Matthias\Anwendungsdaten\Internet Security Essentials
c:\dokumente und einstellungen\Matthias\Anwendungsdaten\Internet Security Essentials\Instructions.ini

.
(((((((((((((((((((((((   Dateien erstellt von 2011-01-23 bis 2011-02-23  ))))))))))))))))))))))))))))))
.

2011-02-23 17:10 . 2011-02-23 17:24	--------	d-----w-	C:\pebuilder3110a
2011-02-16 14:40 . 2008-05-21 11:19	1048576	----a-w-	C:\T20.BIN
2011-02-16 14:37 . 2011-02-16 14:37	--------	d-----w-	C:\Intel
2011-02-16 13:50 . 2011-02-23 17:51	--------	d-----w-	C:\Downloads

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-19 17:56 . 2008-12-08 20:07	219136	----a-w-	c:\windows\system32\uxtheme.dll
2011-01-21 14:44 . 2003-04-02 11:00	8503296	----a-w-	c:\windows\system32\shell32_original.dll
2011-01-21 14:44 . 2003-04-02 11:00	440832	----a-w-	c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2003-04-02 11:00	290048	----a-w-	c:\windows\system32\atmfd.dll
2010-12-31 14:03 . 2003-04-02 11:00	1855104	----a-w-	c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2003-04-02 11:00	301568	----a-w-	c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2003-04-02 11:00	916480	----a-w-	c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2003-04-02 11:00	43520	------w-	c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2003-04-02 11:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2010-12-20 22:14 . 2010-12-20 22:14	81920	------w-	c:\windows\system32\ieencode.dll
2010-12-20 17:25 . 2003-04-02 11:00	737792	----a-w-	c:\windows\system32\lsasrv.dll
2010-12-09 15:15 . 2003-04-02 11:00	743936	----a-w-	c:\windows\system32\ntdll.dll
2010-12-09 15:13 . 2003-04-02 11:00	2195072	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-12-09 15:13 . 2002-08-29 03:41	2071680	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-12-09 14:29 . 2003-04-02 11:00	33280	----a-w-	c:\windows\system32\csrsrv.dll
2010-11-29 16:38 . 2010-11-29 16:38	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38	69632	----a-w-	c:\windows\system32\QuickTime.qts
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\c2d977c5e0eed03f3e49e46d53b9cd20\sp3qfe\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\c2d977c5e0eed03f3e49e46d53b9cd20\sp3gdr\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2003-04-02 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
(((((((((((((((((((((((((((((   SnapShot@2011-02-17_15.25.35   )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-06 06:13 . 2006-11-06 06:13	98304              c:\windows\twain_32\MX310 series\softfare.dll
+ 2006-01-12 04:22 . 2006-01-12 04:22	73728              c:\windows\twain_32\MX310 series\RSTCOL.DLL
+ 2007-04-06 01:03 . 2007-04-06 01:03	39232              c:\windows\twain_32\MX310 series\IPM.DAT
+ 2006-07-31 05:17 . 2006-07-31 05:17	53248              c:\windows\twain_32\MX310 series\IJFSHLIB.DLL
+ 2006-04-13 05:43 . 2006-04-13 05:43	53248              c:\windows\twain_32\MX310 series\HSL.DLL
+ 2007-03-08 00:23 . 2007-03-08 00:23	49224              c:\windows\twain_32\MX310 series\CNC310P.DAT
+ 2007-02-02 07:31 . 2007-02-02 07:31	86016              c:\windows\twain_32\MX310 series\CAPS.DLL
+ 2005-04-15 05:34 . 2005-04-15 05:34	57344              c:\windows\twain_32\MX310 series\BaLCo.dll
+ 2006-11-29 04:39 . 2006-11-29 04:39	73728              c:\windows\twain_32\MX310 series\AG.DLL
+ 2011-02-23 18:00 . 2011-02-23 18:00	16384              c:\windows\Temp\Perflib_Perfdata_1a4.dat
+ 2011-02-19 18:24 . 2010-12-14 13:00	29504              c:\windows\system32\uxtuneup.dll
+ 2011-02-19 18:24 . 2010-12-14 13:05	31552              c:\windows\system32\TURegOpt.exe
+ 2011-02-20 20:39 . 2007-04-15 19:00	69632              c:\windows\system32\spool\prtprocs\w32x86\CNMPP8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	27136              c:\windows\system32\spool\prtprocs\w32x86\CNMPD8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	11264              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMW38Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	13824              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMVS8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	76288              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMSR8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	44032              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMSQ8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 22:18	17496              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMSE8Z.EXE
+ 2011-02-20 20:39 . 2007-04-15 19:00	47616              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMSD8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	12288              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMPI8Z.DLL
+ 2011-02-20 20:39 . 2000-12-12 07:09	30320              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMP28Z.DAT
+ 2011-02-20 20:39 . 2000-12-12 01:10	27140              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMP18Z.DAT
+ 2011-02-20 20:39 . 2000-12-12 01:10	23280              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMP08Z.DAT
+ 2011-02-20 20:39 . 2007-04-15 19:00	27136              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMOP8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	10240              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMFU8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	98816              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMCP8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	11264              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMBU8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	33280              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMBS8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	11264              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMBM8Z.DLL
+ 2007-04-25 09:06 . 2007-04-25 09:06	73728              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdUS.DLL
+ 2007-04-27 23:19 . 2007-04-27 23:19	73728              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdTW.DLL
+ 2007-05-10 00:42 . 2007-05-10 00:42	73728              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdTR.DLL
+ 2007-04-28 00:42 . 2007-04-28 00:42	73728              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdTH.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	73728              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdSE.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	73728              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdRU.DLL
+ 2007-05-14 06:09 . 2007-05-14 06:09	77824              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdPT.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	73728              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdPL.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	73728              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdNO.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	73728              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdNL.DLL
+ 2007-04-28 00:13 . 2007-04-28 00:13	73728              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdKR.DLL
+ 2007-04-25 09:06 . 2007-04-25 09:06	69632              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdJP.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	73728              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdIT.DLL
+ 2007-04-28 22:55 . 2007-04-28 22:55	73728              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdID.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	73728              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdHU.DLL
+ 2007-05-11 03:46 . 2007-05-11 03:46	77824              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdGR.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	77824              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdFR.DLL
+ 2007-05-11 01:31 . 2007-05-11 01:31	73728              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdFI.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	77824              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdES.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	73728              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdDK.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	73728              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdDE.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	73728              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdCZ.DLL
+ 2007-04-27 07:16 . 2007-04-27 07:16	73728              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdCN.DLL
+ 2007-05-10 00:38 . 2007-05-10 00:38	73728              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdAR.DLL
+ 2007-04-25 09:09 . 2007-04-25 09:09	37376              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCF2Ud.DLL
+ 2007-04-25 09:09 . 2007-04-25 09:09	24064              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCF2Md.DLL
+ 2007-04-25 09:09 . 2007-04-25 09:09	38912              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCF2Gd.DLL
+ 2007-04-25 09:03 . 2007-04-25 09:03	98304              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCAABd.EXE
+ 2011-02-20 20:39 . 2007-04-15 19:00	11264              c:\windows\system32\spool\drivers\w32x86\3\CNMW38Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	13824              c:\windows\system32\spool\drivers\w32x86\3\CNMVS8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	76288              c:\windows\system32\spool\drivers\w32x86\3\CNMSR8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	44032              c:\windows\system32\spool\drivers\w32x86\3\CNMSQ8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 22:18	17496              c:\windows\system32\spool\drivers\w32x86\3\CNMSE8Z.EXE
+ 2011-02-20 20:39 . 2007-04-15 19:00	47616              c:\windows\system32\spool\drivers\w32x86\3\CNMSD8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	12288              c:\windows\system32\spool\drivers\w32x86\3\CNMPI8Z.DLL
+ 2011-02-20 20:39 . 2000-12-12 07:09	30320              c:\windows\system32\spool\drivers\w32x86\3\CNMP28Z.DAT
+ 2011-02-20 20:39 . 2000-12-12 01:10	27140              c:\windows\system32\spool\drivers\w32x86\3\CNMP18Z.DAT
+ 2011-02-20 20:39 . 2000-12-12 01:10	23280              c:\windows\system32\spool\drivers\w32x86\3\CNMP08Z.DAT
+ 2011-02-20 20:39 . 2007-04-15 19:00	27136              c:\windows\system32\spool\drivers\w32x86\3\CNMOP8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	10240              c:\windows\system32\spool\drivers\w32x86\3\CNMFU8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	98816              c:\windows\system32\spool\drivers\w32x86\3\CNMCP8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	11264              c:\windows\system32\spool\drivers\w32x86\3\CNMBU8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	33280              c:\windows\system32\spool\drivers\w32x86\3\CNMBS8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	11264              c:\windows\system32\spool\drivers\w32x86\3\CNMBM8Z.DLL
+ 2007-04-25 09:06 . 2007-04-25 09:06	73728              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdUS.DLL
+ 2007-04-27 23:19 . 2007-04-27 23:19	73728              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdTW.DLL
+ 2007-05-10 00:42 . 2007-05-10 00:42	73728              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdTR.DLL
+ 2007-04-28 00:42 . 2007-04-28 00:42	73728              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdTH.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	73728              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdSE.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	73728              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdRU.DLL
+ 2007-05-14 06:09 . 2007-05-14 06:09	77824              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdPT.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	73728              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdPL.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	73728              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdNO.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	73728              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdNL.DLL
+ 2007-04-28 00:13 . 2007-04-28 00:13	73728              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdKR.DLL
+ 2007-04-25 09:06 . 2007-04-25 09:06	69632              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdJP.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	73728              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdIT.DLL
+ 2007-04-28 22:55 . 2007-04-28 22:55	73728              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdID.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	73728              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdHU.DLL
+ 2007-05-11 03:46 . 2007-05-11 03:46	77824              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdGR.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	77824              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdFR.DLL
+ 2007-05-11 01:31 . 2007-05-11 01:31	73728              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdFI.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	77824              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdES.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	73728              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdDK.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	73728              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdDE.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	73728              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdCZ.DLL
+ 2007-04-27 07:16 . 2007-04-27 07:16	73728              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdCN.DLL
+ 2007-05-10 00:38 . 2007-05-10 00:38	73728              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdAR.DLL
+ 2007-04-25 09:09 . 2007-04-25 09:09	37376              c:\windows\system32\spool\drivers\w32x86\3\CNCF2Ud.dll
+ 2007-04-25 09:09 . 2007-04-25 09:09	24064              c:\windows\system32\spool\drivers\w32x86\3\CNCF2Md.DLL
+ 2007-04-25 09:09 . 2007-04-25 09:09	38912              c:\windows\system32\spool\drivers\w32x86\3\CNCF2Gd.dll
+ 2007-04-25 09:03 . 2007-04-25 09:03	98304              c:\windows\system32\spool\drivers\w32x86\3\CNCAABd.EXE
+ 2011-02-22 14:20 . 2008-04-14 06:52	28160              c:\windows\system32\irmon.dll
+ 2011-02-20 20:38 . 2008-04-13 23:15	15104              c:\windows\system32\drivers\usbscan.sys
+ 2011-02-20 20:38 . 2008-04-13 23:17	25856              c:\windows\system32\drivers\usbprint.sys
+ 2011-02-16 18:32 . 2010-12-21 05:55	12288              c:\windows\system32\drivers\sscewhnt.sys
+ 2011-02-16 18:32 . 2010-12-21 05:55	12288              c:\windows\system32\drivers\sscewh.sys
+ 2011-02-16 18:32 . 2010-12-21 05:55	14848              c:\windows\system32\drivers\sscemdfl.sys
+ 2011-02-16 18:32 . 2010-12-21 05:55	12416              c:\windows\system32\drivers\sscecmnt.sys
+ 2011-02-16 18:32 . 2010-12-21 05:55	12416              c:\windows\system32\drivers\sscecm.sys
+ 2011-02-16 18:32 . 2010-12-21 05:55	98560              c:\windows\system32\drivers\sscebus.sys
+ 2011-02-20 20:38 . 2008-04-13 23:15	15104              c:\windows\system32\dllcache\usbscan.sys
+ 2011-02-20 20:38 . 2008-04-13 23:17	25856              c:\windows\system32\dllcache\usbprint.sys
+ 2011-02-22 14:20 . 2008-04-14 06:52	28160              c:\windows\system32\dllcache\irmon.dll
+ 2007-03-23 06:29 . 2007-03-23 06:29	98304              c:\windows\system32\CNC310I.DLL
+ 2011-02-19 18:23 . 2011-02-19 18:23	26112              c:\windows\Installer\189aaa.msi
+ 2011-02-20 11:44 . 2010-02-03 12:04	95344              c:\windows\Auslogics Disk Defrag Screensaver\helper.dll
+ 2011-02-20 11:44 . 2010-02-03 12:04	33392              c:\windows\Auslogics Disk Defrag Screensaver\DiskDefragCpp.dll
+ 2007-01-26 05:44 . 2007-01-26 05:44	4608              c:\windows\twain_32\MX310 series\USDRESUS.DLL
+ 2007-04-27 23:39 . 2007-04-27 23:39	4608              c:\windows\twain_32\MX310 series\USDRESTW.DLL
+ 2007-05-10 00:42 . 2007-05-10 00:42	4608              c:\windows\twain_32\MX310 series\USDRESTR.DLL
+ 2007-05-31 06:17 . 2007-05-31 06:17	4608              c:\windows\twain_32\MX310 series\USDRESTH.DLL
+ 2007-05-10 00:42 . 2007-05-10 00:42	4608              c:\windows\twain_32\MX310 series\USDRESSE.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	5120              c:\windows\twain_32\MX310 series\USDRESRU.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	4608              c:\windows\twain_32\MX310 series\USDRESPT.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	4608              c:\windows\twain_32\MX310 series\USDRESPL.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	4608              c:\windows\twain_32\MX310 series\USDRESNO.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	4608              c:\windows\twain_32\MX310 series\USDRESNL.DLL
+ 2007-04-28 00:28 . 2007-04-28 00:28	4608              c:\windows\twain_32\MX310 series\USDRESKR.DLL
+ 2007-01-26 05:44 . 2007-01-26 05:44	4096              c:\windows\twain_32\MX310 series\USDRESJP.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	4608              c:\windows\twain_32\MX310 series\USDRESIT.DLL
+ 2007-04-28 01:36 . 2007-04-28 01:36	4608              c:\windows\twain_32\MX310 series\USDRESID.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	4608              c:\windows\twain_32\MX310 series\USDRESHU.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	4608              c:\windows\twain_32\MX310 series\USDRESGR.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	4608              c:\windows\twain_32\MX310 series\USDRESFR.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	5120              c:\windows\twain_32\MX310 series\USDRESFI.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	4608              c:\windows\twain_32\MX310 series\USDRESES.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	4608              c:\windows\twain_32\MX310 series\USDRESDK.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	4608              c:\windows\twain_32\MX310 series\USDRESDE.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	4608              c:\windows\twain_32\MX310 series\USDRESCZ.DLL
+ 2007-04-28 03:29 . 2007-04-28 03:29	4608              c:\windows\twain_32\MX310 series\USDRESCN.DLL
+ 2007-05-10 00:38 . 2007-05-10 00:38	4608              c:\windows\twain_32\MX310 series\USDRESAR.DLL
+ 2011-02-22 14:20 . 2008-04-14 06:52	8192              c:\windows\system32\wshirda.dll
+ 2011-02-20 20:39 . 2007-04-15 19:00	9216              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMLH8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	9216              c:\windows\system32\spool\drivers\w32x86\3\CNMLH8Z.DLL
+ 2011-02-22 14:20 . 2008-04-14 06:52	8192              c:\windows\system32\dllcache\wshirda.dll
+ 2007-04-25 09:06 . 2007-04-25 09:06	3584              c:\windows\system32\CNCFLdUS.DLL
+ 2007-04-27 23:19 . 2007-04-27 23:19	3584              c:\windows\system32\CNCFLdTW.DLL
+ 2007-05-10 00:42 . 2007-05-10 00:42	3584              c:\windows\system32\CNCFLdTR.DLL
+ 2007-04-28 00:42 . 2007-04-28 00:42	3584              c:\windows\system32\CNCFLdTH.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	3584              c:\windows\system32\CNCFLdSE.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	3584              c:\windows\system32\CNCFLdRU.DLL
+ 2007-05-14 06:09 . 2007-05-14 06:09	3584              c:\windows\system32\CNCFLdPT.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	3584              c:\windows\system32\CNCFLdPL.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	3584              c:\windows\system32\CNCFLdNO.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	3584              c:\windows\system32\CNCFLdNL.DLL
+ 2007-04-28 00:13 . 2007-04-28 00:13	3584              c:\windows\system32\CNCFLdKR.DLL
+ 2007-04-25 09:06 . 2007-04-25 09:06	3072              c:\windows\system32\CNCFLdJP.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	3584              c:\windows\system32\CNCFLdIT.DLL
+ 2007-04-28 22:55 . 2007-04-28 22:55	3584              c:\windows\system32\CNCFLdID.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	3584              c:\windows\system32\CNCFLdHU.DLL
+ 2007-05-11 03:46 . 2007-05-11 03:46	3584              c:\windows\system32\CNCFLdGR.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	3584              c:\windows\system32\CNCFLdFR.DLL
+ 2007-05-11 01:31 . 2007-05-11 01:31	3584              c:\windows\system32\CNCFLdFI.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	3584              c:\windows\system32\CNCFLdES.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	3584              c:\windows\system32\CNCFLdDK.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	3584              c:\windows\system32\CNCFLdDE.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	3584              c:\windows\system32\CNCFLdCZ.DLL
+ 2007-04-27 07:16 . 2007-04-27 07:16	3584              c:\windows\system32\CNCFLdCN.DLL
+ 2007-05-10 00:38 . 2007-05-10 00:38	3584              c:\windows\system32\CNCFLdAR.DLL
+ 2007-02-06 11:00 . 2007-02-06 11:00	258048              c:\windows\twain_32\MX310 series\USIP.DLL
+ 2007-04-18 22:56 . 2007-04-18 22:56	524288              c:\windows\twain_32\MX310 series\TPM.DLL
+ 2005-02-02 08:34 . 2005-02-02 08:34	118784              c:\windows\twain_32\MX310 series\SCRPRMV.DLL
+ 2007-04-18 22:56 . 2007-04-18 22:56	147456              c:\windows\twain_32\MX310 series\SCANINTF.DLL
+ 2006-12-13 01:28 . 2006-12-13 01:28	122880              c:\windows\twain_32\MX310 series\MC2.DLL
+ 2004-06-07 02:58 . 2004-06-07 02:58	290816              c:\windows\twain_32\MX310 series\libBLC.dll
+ 2004-08-26 07:07 . 2004-08-26 07:07	114688              c:\windows\twain_32\MX310 series\ITLIB32.DLL
+ 2007-04-18 22:57 . 2007-04-18 22:57	135168              c:\windows\twain_32\MX310 series\IPM.DLL
+ 2007-04-18 22:56 . 2007-04-18 22:56	184320              c:\windows\twain_32\MX310 series\IOP.DLL
+ 2007-03-19 04:06 . 2007-03-19 04:06	143360              c:\windows\twain_32\MX310 series\CUBS.DLL
+ 2005-08-24 05:51 . 2005-08-24 05:51	126976              c:\windows\twain_32\MX310 series\CFine2.dll
+ 2011-02-15 19:50 . 2008-04-13 23:05	199680              c:\windows\system32\xpsp1res_original.dll
+ 2011-02-20 20:39 . 2007-04-15 19:00	361472              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMUR8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	310272              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMUB8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	428544              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMSM8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	816128              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMSB8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	102400              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMPV8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	145408              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMLR8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	545792              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMDR8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	221184              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMD58Z.DLL
+ 2007-04-25 09:02 . 2007-04-25 09:02	139264              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFIMd.DLL
+ 2007-04-25 09:02 . 2007-04-25 09:02	524288              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFDLd.DLL
+ 2007-04-25 09:06 . 2007-04-25 09:06	196608              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCAWSd.DLL
+ 2007-04-25 09:03 . 2007-04-25 09:03	512000              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCAPFd.EXE
+ 2007-04-25 09:06 . 2007-04-25 09:06	278528              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCAMGd.DLL
+ 2007-04-25 09:05 . 2007-04-25 09:05	561152              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCAAId.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	361472              c:\windows\system32\spool\drivers\w32x86\3\CNMUR8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	310272              c:\windows\system32\spool\drivers\w32x86\3\CNMUB8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	428544              c:\windows\system32\spool\drivers\w32x86\3\CNMSM8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	816128              c:\windows\system32\spool\drivers\w32x86\3\CNMSB8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	102400              c:\windows\system32\spool\drivers\w32x86\3\CNMPV8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	145408              c:\windows\system32\spool\drivers\w32x86\3\CNMLR8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	545792              c:\windows\system32\spool\drivers\w32x86\3\CNMDR8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	221184              c:\windows\system32\spool\drivers\w32x86\3\CNMD58Z.DLL
+ 2007-04-25 09:02 . 2007-04-25 09:02	139264              c:\windows\system32\spool\drivers\w32x86\3\CNCFIMd.DLL
+ 2007-04-25 09:02 . 2007-04-25 09:02	524288              c:\windows\system32\spool\drivers\w32x86\3\CNCFDLd.DLL
+ 2007-04-25 09:06 . 2007-04-25 09:06	196608              c:\windows\system32\spool\drivers\w32x86\3\CNCAWSd.DLL
+ 2007-04-25 09:03 . 2007-04-25 09:03	512000              c:\windows\system32\spool\drivers\w32x86\3\CNCAPFd.EXE
+ 2007-04-25 09:06 . 2007-04-25 09:06	278528              c:\windows\system32\spool\drivers\w32x86\3\CNCAMGd.DLL
+ 2007-04-25 09:05 . 2007-04-25 09:05	561152              c:\windows\system32\spool\drivers\w32x86\3\CNCAAId.DLL
+ 2011-02-15 19:36 . 2009-03-14 11:55	311296              c:\windows\system32\sndvol32.exe
+ 2011-02-17 20:18 . 2011-02-02 20:40	157472              c:\windows\system32\javaws.exe
- 2011-02-16 18:22 . 2011-02-16 18:22	145184              c:\windows\system32\javaw.exe
+ 2011-02-17 20:18 . 2011-02-02 20:40	145184              c:\windows\system32\javaw.exe
- 2011-02-16 18:22 . 2011-02-16 18:22	145184              c:\windows\system32\java.exe
+ 2011-02-17 20:18 . 2011-02-02 20:40	145184              c:\windows\system32\java.exe
+ 2011-02-22 14:20 . 2008-04-14 06:52	153088              c:\windows\system32\irftp.exe
+ 2011-02-15 19:31 . 2011-02-19 19:04	103824              c:\windows\system32\FNTCACHE.DAT
+ 2011-02-16 18:32 . 2010-12-21 05:55	100352              c:\windows\system32\drivers\ssceserd.sys
+ 2011-02-16 18:32 . 2010-12-21 05:55	123648              c:\windows\system32\drivers\sscemdm.sys
+ 2011-02-15 19:50 . 2008-04-13 23:05	199680              c:\windows\system32\dllcache\sprs0407.dll
+ 2011-02-15 19:36 . 2009-03-14 11:55	311296              c:\windows\system32\dllcache\sndvol32.exe
+ 2003-04-02 11:00 . 2008-04-14 06:52	142336              c:\windows\system32\dllcache\sfc_os.dll
+ 2011-02-22 14:20 . 2008-04-14 06:52	153088              c:\windows\system32\dllcache\irftp.exe
- 2011-02-16 18:22 . 2011-02-16 18:22	472808              c:\windows\system32\deployJava1.dll
+ 2011-02-16 18:22 . 2011-02-02 20:40	472808              c:\windows\system32\deployJava1.dll
+ 2011-02-20 20:39 . 2007-04-15 19:00	215040              c:\windows\system32\CNMLM8Z.DLL
+ 2007-04-25 09:02 . 2007-04-25 09:02	106496              c:\windows\system32\CNCFMSd.EXE
+ 2007-04-25 09:09 . 2007-04-25 09:09	151552              c:\windows\system32\CNCF2Ld.DLL
+ 2007-03-15 04:12 . 2007-03-15 04:12	188416              c:\windows\system32\CNC310O.DLL
+ 2007-03-19 00:39 . 2007-03-19 00:39	200704              c:\windows\system32\CNC310L.DLL
+ 2011-02-19 18:24 . 2011-02-19 18:24	428544              c:\windows\Installer\189aae.msi
+ 2011-02-17 20:19 . 2011-02-17 20:19	180224              c:\windows\Installer\11183ff.msi
+ 2011-02-17 20:15 . 2011-02-17 20:15	970240              c:\windows\Installer\11183e8.msi
+ 2011-02-19 19:02 . 2008-04-14 06:52	142336              c:\windows\Driver Cache\i386\sfc_os.dll
+ 2011-02-20 11:44 . 2010-02-03 12:04	164464              c:\windows\Auslogics Disk Defrag Screensaver\localizer.dll
+ 2011-02-20 11:44 . 2010-02-03 12:04	132208              c:\windows\Auslogics Disk Defrag Screensaver\DiskDefrag.dll
+ 2011-02-20 11:44 . 2010-02-03 12:04	750704              c:\windows\aus_ddss.scr
+ 2011-02-19 19:14 . 2011-02-19 19:14	362496              c:\windows\assembly\NativeImages_v2.0.50727_32\QTAddressBar\202e5307289215a0cf4574dfe43cd0c7\QTAddressBar.ni.dll
+ 2011-02-19 19:14 . 2011-02-19 19:14	312320              c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.SHDocVw\a927c4e1a8d45d44a88691184e937711\Interop.SHDocVw.ni.dll
+ 2011-02-19 19:14 . 2011-02-19 19:14	122880              c:\windows\assembly\GAC_MSIL\QTAddressBar\1.0.0.0__78a0cde69b47ca25\QTAddressBar.dll
+ 2011-02-19 19:14 . 2011-02-19 19:14	126976              c:\windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__78a0cde69b47ca25\Interop.SHDocVw.dll
+ 2007-04-18 22:57 . 2007-04-18 22:57	1175552              c:\windows\twain_32\MX310 series\SGUI.DLL
+ 2007-04-18 22:56 . 2007-04-18 22:56	1040384              c:\windows\twain_32\MX310 series\SGRES_US.DLL
+ 2007-04-27 23:39 . 2007-04-27 23:39	1040384              c:\windows\twain_32\MX310 series\SGRES_TW.DLL
+ 2007-05-10 00:42 . 2007-05-10 00:42	1040384              c:\windows\twain_32\MX310 series\SGRES_TR.DLL
+ 2007-04-28 00:51 . 2007-04-28 00:51	1040384              c:\windows\twain_32\MX310 series\SGRES_TH.DLL
+ 2007-05-10 00:42 . 2007-05-10 00:42	1044480              c:\windows\twain_32\MX310 series\SGRES_SE.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	1044480              c:\windows\twain_32\MX310 series\SGRES_RU.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	1048576              c:\windows\twain_32\MX310 series\SGRES_PT.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	1048576              c:\windows\twain_32\MX310 series\SGRES_PL.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	1040384              c:\windows\twain_32\MX310 series\SGRES_NO.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	1052672              c:\windows\twain_32\MX310 series\SGRES_NL.DLL
+ 2007-04-28 00:28 . 2007-04-28 00:28	1040384              c:\windows\twain_32\MX310 series\SGRES_KR.DLL
+ 2007-04-18 22:56 . 2007-04-18 22:56	1011712              c:\windows\twain_32\MX310 series\SGRES_JP.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	1056768              c:\windows\twain_32\MX310 series\SGRES_IT.DLL
+ 2007-04-28 01:36 . 2007-04-28 01:36	1044480              c:\windows\twain_32\MX310 series\SGRES_ID.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	1048576              c:\windows\twain_32\MX310 series\SGRES_HU.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	1056768              c:\windows\twain_32\MX310 series\SGRES_GR.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	1052672              c:\windows\twain_32\MX310 series\SGRES_FR.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	1040384              c:\windows\twain_32\MX310 series\SGRES_FI.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	1056768              c:\windows\twain_32\MX310 series\SGRES_ES.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	1044480              c:\windows\twain_32\MX310 series\SGRES_DK.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	1052672              c:\windows\twain_32\MX310 series\SGRES_DE.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	1044480              c:\windows\twain_32\MX310 series\SGRES_CZ.DLL
+ 2007-04-28 03:29 . 2007-04-28 03:29	1040384              c:\windows\twain_32\MX310 series\SGRES_CN.DLL
+ 2007-05-10 00:38 . 2007-05-10 00:38	1040384              c:\windows\twain_32\MX310 series\SGRES_AR.DLL
+ 2006-11-30 23:24 . 2006-11-30 23:24	1159168              c:\windows\twain_32\MX310 series\SGCFLTR.DLL
+ 2007-03-08 23:05 . 2007-03-08 23:05	3724256              c:\windows\twain_32\MX310 series\CNC310.DAT
+ 2011-02-19 18:25 . 2011-02-19 18:25	2334848              c:\windows\system32\TUKernel.exe
+ 2011-02-20 20:39 . 2007-04-15 19:00	1907200              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMUI8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	1600000              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMCB8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	1907200              c:\windows\system32\spool\drivers\w32x86\3\CNMUI8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	1600000              c:\windows\system32\spool\drivers\w32x86\3\CNMCB8Z.DLL
+ 2003-04-02 11:00 . 2008-04-14 06:52	1005568              c:\windows\system32\msgina_original.dll
+ 2003-04-02 11:00 . 2008-04-14 06:52	1462784              c:\windows\system32\msgina.dll
+ 2003-04-02 11:00 . 2004-08-03 22:45	8837632              c:\windows\system32\logonui.exe
+ 2003-04-02 11:00 . 2008-04-14 06:52	1462784              c:\windows\system32\dllcache\msgina.dll
+ 2007-03-23 06:30 . 2007-03-23 06:30	1400832              c:\windows\system32\CNC310C.DLL
+ 2011-02-15 19:49 . 2008-04-14 06:52	1462784              c:\windows\ServicePackFiles\i386\msgina.dll
+ 2011-02-15 19:49 . 2004-08-03 22:45	8837632              c:\windows\ServicePackFiles\i386\logonui.exe
+ 2011-02-19 17:54 . 2008-11-27 16:18	1634816              c:\windows\Resources\Themes\SevenVG Black\Shell\NormalColor\Shellstyle.dll
+ 2011-02-19 17:54 . 2009-03-14 16:07	1550848              c:\windows\Resources\Themes\SevenVG Black\Shell\NormalColor\noob.dll
+ 2011-02-19 17:54 . 2008-11-27 16:18	1634816              c:\windows\Resources\Themes\SevenVG Black\Shell\Aero48\Shellstyle.dll
+ 2011-02-20 11:44 . 2010-02-03 12:04	1745712              c:\windows\Auslogics Disk Defrag Screensaver\RepLibrary.dll
+ 2003-04-02 11:00 . 2011-01-21 14:44	25854464              c:\windows\system32\shell32.dll
+ 2003-04-02 11:00 . 2011-01-21 14:44	25854464              c:\windows\system32\dllcache\shell32.dll
+ 2011-02-15 19:49 . 2011-01-21 14:44	25854464              c:\windows\ServicePackFiles\i386\shell32.dll
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"UnlockerAssistant"="c:\programme\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\Matthias\Startmen\Programme\Autostart\
Locate32 Autorun.lnk - c:\programme\Locate\Locate32.exe [2007-7-1 970752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AVer HID Receiver.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\AVer HID Receiver.lnk
backup=c:\windows\pss\AVer HID Receiver.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AVerQuick.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Windows Search.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2007-11-06 14:39	69632	----a-w-	c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserChoice]
2010-02-12 10:03	293376	------w-	c:\windows\system32\browserchoice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 06:52	15360	----a-w-	c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-01-13 10:46	166912	----a-w-	c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-01-13 10:46	134656	----a-w-	c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 14:08	421160	----a-w-	c:\programme\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2011-01-29 22:11	888120	----a-w-	c:\programme\Samsung\Kies\KiesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2011-01-29 22:11	3372856	----a-w-	c:\programme\Samsung\Kies\KiesTrayAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-01-13 10:46	135680	----a-w-	c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38	421888	----a-w-	c:\programme\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-11-06 14:40	16384512	----a-w-	c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-11-06 14:40	1826816	----a-w-	c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 13:49	249064	----a-w-	c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows-Remoteverwaltung 

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [16.02.2011 14:50 135336]
R2 AVerRemote;AVerRemote;c:\programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe [16.02.2011 18:38 344064]
R2 AVerScheduleService;AVerScheduleService;c:\programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe [16.02.2011 18:38 389120]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [14.12.2010 14:03 1517376]
R3 AVerAF35;AVerMedia A835 USB DVB-T;c:\windows\system32\drivers\AVerAF35.sys [16.02.2011 18:28 474880]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54 MBit/s USB 2.0 Netzwerkadapter;c:\windows\system32\drivers\RTL8187B.sys [16.02.2011 15:35 342784]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [29.11.2010 19:27 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 13:16 130384]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [16.02.2011 19:32 98560]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [16.02.2011 19:32 14848]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [16.02.2011 19:32 123648]
S3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\drivers\ssceserd.sys [16.02.2011 19:32 100352]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [02.04.2003 12:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 13:16 753504]
S3 XDva382;XDva382;\??\c:\windows\system32\XDva382.sys --> c:\windows\system32\XDva382.sys [?]
S3 XDva383;XDva383;\??\c:\windows\system32\XDva383.sys --> c:\windows\system32\XDva383.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM	REG_MULTI_SZ   	WINRM

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.facemoods.com/?a=ddr
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:25495
FF - ProfilePath - c:\dokumente und einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-02-23 19:08
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Zeit der Fertigstellung: 2011-02-23  19:10:59
ComboFix-quarantined-files.txt  2011-02-23 18:10
ComboFix2.txt  2011-02-17 15:27

Vor Suchlauf: 10 Verzeichnis(se), 54.307.381.248 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 54.434.807.808 Bytes frei

- - End Of File - - 2C373CD3974B6AE9724E734BAA75C766

So, das wars

hoffe konnte dir weiterhelfen.
LG

AVAST findet Bootkit?

Plagegeister aller Art und deren Bekämpfung: AVAST findet Bootkit?

AVAST findet Bootkit?

Ähnliche Themen: AVAST findet Bootkit?