Trojan BankerBot.Gen

Giz · 25.05.2011, 18:35

Hallo Trojaner-Board Team,

habe mir vor kurzem einiges eingefangen bzw wie Malwarebytes meldet u.a. den Trojan.Banker.Bot.

Bin darauf aufmerksam geworden dass etwas nicht stimmt nachdem letztens unten rechts kurz das java symbol aufgeblinkt hat und im taskmanager dann prozesse zu sehen waren die laut google etwas mit java.addons zu tun hatten..

Nun braucht mein PC ca 3min um die Netzwerkverbindung herzustellen nachdem die restlichen windows XP Prof Funktionen schon komplett geladen sind.
Ausserdem ist der IE merklich langsamer geworden.

Ich hoffe Ihr könnt mir weiterhelfen.

Sollte ich online Banking erstmal unterlassen oder sonst irgendwas unternehmen?

Hier das malewarebytes log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6674

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

25.5.2011 19:35:48
mbam-log-2011-05-25 (19-35-43).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 158837
Laufzeit: 2 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\dokumente und einstellungen\administrator\eigene dateien\downloads\iExplore.exe (Trojan.BankerBot.Gen) -> No action taken.
c:\dokumente und einstellungen\administrator\eigene dateien\downloads\rkill.com (Trojan.BankerBot.Gen) -> No action taken.

Dankeschön im Voraus!

cosinus · 26.05.2011, 11:12

Zitat:

c:\dokumente und einstellungen\administrator\eigene dateien\downloads\iExplore.exe (Trojan.BankerBot.Gen) -> No action taken.
c:\dokumente und einstellungen\administrator\eigene dateien\downloads\rkill.com (Trojan.BankerBot.Gen) -> No action taken.

Das sind doch "unsere" Analysetools...
Hat Malwarebytes sonst nichts gefunden?

Giz · 26.05.2011, 16:52

Hallo, nein sonst hat mwb nichts gefunden.

Finde es auch merkwürdig. Die tools hatte ich letztes mal heruntergeladen als sich ein trojaner eingenistet hatte.

Damals war nach der letzte scan von mwb jedoch ohne befund und hatte noch nix an den progs auszusetzen.

Wurden die exe dateien evtl ersetzt?

cosinus · 26.05.2011, 19:38

Hast du die Dateien gelöscht? Evtl lag da ein Fehlalarm vor, der mit einer neuen Signatur behoben wird.

Giz · 26.05.2011, 22:26

Habe die Dateien jetzt gelöscht.

Habe jedoch immer noch das Problem dass es ewig dauert bis die netzwerkverbindung hergestellt wird.

Habe vorher mit HijackThis ein eintrag gefixt der ...y00localhost oder so ähnlich hieß. Kann die Verzögerung evtl damit zusammenhängen?

Falls hilfreich habe ich ansonsten mal ein GMER log erstellt:
GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-25 08:57:35
Windows 5.1.2600 Service Pack 3
Running: ljbvql5j.exe; Driver: C:\DOKUME~1\user\LOKALE~1\Temp\kgldqkow.sys


---- Kernel code sections - GMER 1.0.15 ----

init            C:\WINDOWS\system32\drivers\o2mmb.sys                                                                                entry point in "init" section [0xF8166320]
?               system32\drivers\xpsec.sys                                                                                           Das System kann den angegebenen Pfad nicht finden. !
?               system32\drivers\xcpip.sys                                                                                           Das System kann den angegebenen Pfad nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text           C:\Programme\Compaq\Compaq Management Agents\cpqalert.exe[296] WS2_32.dll!closesocket                                71A13E2B 5 Bytes  JMP 009E9E0A 
.text           C:\Programme\Compaq\Compaq Management Agents\cpqalert.exe[296] WS2_32.dll!send                                       71A14C27 5 Bytes  JMP 009E99A7 
.text           C:\Programme\Compaq\Compaq Management Agents\cpqalert.exe[296] WS2_32.dll!WSARecv                                    71A14CB5 5 Bytes  JMP 009E9CBC 
.text           C:\Programme\Compaq\Compaq Management Agents\cpqalert.exe[296] WS2_32.dll!recv                                       71A1676F 5 Bytes  JMP 009E9A88 
.text           C:\Programme\Compaq\Compaq Management Agents\cpqalert.exe[296] WS2_32.dll!WSASend                                    71A168FA 5 Bytes  JMP 009E9B5B 
.text           C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe[300] WS2_32.dll!closesocket                                          71A13E2B 5 Bytes  JMP 00939E0A 
.text           C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe[300] WS2_32.dll!send                                                 71A14C27 5 Bytes  JMP 009399A7 
.text           C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe[300] WS2_32.dll!WSARecv                                              71A14CB5 5 Bytes  JMP 00939CBC 
.text           C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe[300] WS2_32.dll!recv                                                 71A1676F 5 Bytes  JMP 00939A88 
.text           C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe[300] WS2_32.dll!WSASend                                              71A168FA 5 Bytes  JMP 00939B5B 
.text           C:\Programme\Java\jre6\bin\jqs.exe[396] WS2_32.dll!closesocket                                                       71A13E2B 5 Bytes  JMP 01BD9E0A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[396] WS2_32.dll!send                                                              71A14C27 5 Bytes  JMP 01BD99A7 
.text           C:\Programme\Java\jre6\bin\jqs.exe[396] WS2_32.dll!WSARecv                                                           71A14CB5 5 Bytes  JMP 01BD9CBC 
.text           C:\Programme\Java\jre6\bin\jqs.exe[396] WS2_32.dll!recv                                                              71A1676F 5 Bytes  JMP 01BD9A88 
.text           C:\Programme\Java\jre6\bin\jqs.exe[396] WS2_32.dll!WSASend                                                           71A168FA 5 Bytes  JMP 01BD9B5B 
.text           C:\Programme\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe[500] WS2_32.dll!closesocket                   71A13E2B 5 Bytes  JMP 014F9E0A 
.text           C:\Programme\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe[500] WS2_32.dll!send                          71A14C27 5 Bytes  JMP 014F99A7 
.text           C:\Programme\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe[500] WS2_32.dll!WSARecv                       71A14CB5 5 Bytes  JMP 014F9CBC 
.text           C:\Programme\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe[500] WS2_32.dll!recv                          71A1676F 5 Bytes  JMP 014F9A88 
.text           C:\Programme\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe[500] WS2_32.dll!WSASend                       71A168FA 5 Bytes  JMP 014F9B5B 
.text           C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[612] WS2_32.dll!closesocket                             71A13E2B 5 Bytes  JMP 010F9E0A 
.text           C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[612] WS2_32.dll!send                                    71A14C27 5 Bytes  JMP 010F99A7 
.text           C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[612] WS2_32.dll!WSARecv                                 71A14CB5 5 Bytes  JMP 010F9CBC 
.text           C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[612] WS2_32.dll!recv                                    71A1676F 5 Bytes  JMP 010F9A88 
.text           C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[612] WS2_32.dll!WSASend                                 71A168FA 5 Bytes  JMP 010F9B5B 
.text           C:\WINDOWS\system32\winlogon.exe[644] Secur32.dll!LsaLogonUser                                                       77FC33D8 5 Bytes  JMP 015A2946 
.text           C:\Programme\Synaptics\SynTP\SynTPEnh.exe[704] WS2_32.dll!closesocket                                                71A13E2B 5 Bytes  JMP 01399E0A 
.text           C:\Programme\Synaptics\SynTP\SynTPEnh.exe[704] WS2_32.dll!send                                                       71A14C27 5 Bytes  JMP 013999A7 
.text           C:\Programme\Synaptics\SynTP\SynTPEnh.exe[704] WS2_32.dll!WSARecv                                                    71A14CB5 5 Bytes  JMP 01399CBC 
.text           C:\Programme\Synaptics\SynTP\SynTPEnh.exe[704] WS2_32.dll!recv                                                       71A1676F 5 Bytes  JMP 01399A88 
.text           C:\Programme\Synaptics\SynTP\SynTPEnh.exe[704] WS2_32.dll!WSASend                                                    71A168FA 5 Bytes  JMP 01399B5B 
.text           C:\Programme\Synaptics\SynTP\SynTPLpr.exe[712] WS2_32.dll!closesocket                                                71A13E2B 5 Bytes  JMP 01009E0A 
.text           C:\Programme\Synaptics\SynTP\SynTPLpr.exe[712] WS2_32.dll!send                                                       71A14C27 5 Bytes  JMP 010099A7 
.text           C:\Programme\Synaptics\SynTP\SynTPLpr.exe[712] WS2_32.dll!WSARecv                                                    71A14CB5 5 Bytes  JMP 01009CBC 
.text           C:\Programme\Synaptics\SynTP\SynTPLpr.exe[712] WS2_32.dll!recv                                                       71A1676F 5 Bytes  JMP 01009A88 
.text           C:\Programme\Synaptics\SynTP\SynTPLpr.exe[712] WS2_32.dll!WSASend                                                    71A168FA 5 Bytes  JMP 01009B5B 
.text           C:\Programme\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE[760] WS2_32.dll!closesocket                             71A13E2B 5 Bytes  JMP 01719E0A 
.text           C:\Programme\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE[760] WS2_32.dll!send                                    71A14C27 5 Bytes  JMP 017199A7 
.text           C:\Programme\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE[760] WS2_32.dll!WSARecv                                 71A14CB5 5 Bytes  JMP 01719CBC 
.text           C:\Programme\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE[760] WS2_32.dll!recv                                    71A1676F 5 Bytes  JMP 01719A88 
.text           C:\Programme\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE[760] WS2_32.dll!WSASend                                 71A168FA 5 Bytes  JMP 01719B5B 
.text           C:\WINDOWS\Explorer.EXE[1776] USER32.dll!DisplayExitWindowsWarnings                                                  7E3A9F91 5 Bytes  JMP 01B32758 
.text           C:\WINDOWS\Explorer.EXE[1776] WS2_32.dll!closesocket                                                                 71A13E2B 5 Bytes  JMP 01A49E0A 
.text           C:\WINDOWS\Explorer.EXE[1776] WS2_32.dll!send                                                                        71A14C27 5 Bytes  JMP 01A499A7 
.text           C:\WINDOWS\Explorer.EXE[1776] WS2_32.dll!WSARecv                                                                     71A14CB5 5 Bytes  JMP 01A49CBC 
.text           C:\WINDOWS\Explorer.EXE[1776] WS2_32.dll!recv                                                                        71A1676F 5 Bytes  JMP 01A49A88 
.text           C:\WINDOWS\Explorer.EXE[1776] WS2_32.dll!WSASend                                                                     71A168FA 5 Bytes  JMP 01A49B5B 
.text           C:\WINDOWS\System32\alg.exe[2292] WS2_32.dll!closesocket                                                             71A13E2B 5 Bytes  JMP 00B49E0A 
.text           C:\WINDOWS\System32\alg.exe[2292] WS2_32.dll!send                                                                    71A14C27 5 Bytes  JMP 00B499A7 
.text           C:\WINDOWS\System32\alg.exe[2292] WS2_32.dll!WSARecv                                                                 71A14CB5 5 Bytes  JMP 00B49CBC 
.text           C:\WINDOWS\System32\alg.exe[2292] WS2_32.dll!recv                                                                    71A1676F 5 Bytes  JMP 00B49A88 
.text           C:\WINDOWS\System32\alg.exe[2292] WS2_32.dll!WSASend                                                                 71A168FA 5 Bytes  JMP 00B49B5B 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2624] WS2_32.dll!closesocket                                                   71A13E2B 5 Bytes  JMP 00CF9E0A 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2624] WS2_32.dll!send                                                          71A14C27 5 Bytes  JMP 00CF99A7 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2624] WS2_32.dll!WSARecv                                                       71A14CB5 5 Bytes  JMP 00CF9CBC 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2624] WS2_32.dll!recv                                                          71A1676F 5 Bytes  JMP 00CF9A88 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2624] WS2_32.dll!WSASend                                                       71A168FA 5 Bytes  JMP 00CF9B5B 

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                              SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                              EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                              SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                              EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                     
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                               0x4F 0xC7 0xED 0x79 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                            
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                         0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0xF4 0xF8 0x79 0xEC ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0x8A 0x41 0x0C 0x06 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0x4F 0xC7 0xED 0x79 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xF4 0xF8 0x79 0xEC ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x8A 0x41 0x0C 0x06 ...

---- Disk sectors - GMER 1.0.15 ----

Disk            \Device\Harddisk0\DR0                                                                                                sector 00: rootkit-like behavior; 
Disk            \Device\Harddisk0\DR0                                                                                                sector 32: rootkit-like behavior; 
Disk            \Device\Harddisk0\DR0                                                                                                sector 63: rootkit-like behavior; 

---- EOF - GMER 1.0.15 ----

--- --- ---

cosinus · 27.05.2011, 09:05

Zitat:

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!

Giz · 30.05.2011, 03:27

2011/05/30 04:25:28.0169 3772 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/30 04:25:28.0219 3772 ================================================================================
2011/05/30 04:25:28.0219 3772 SystemInfo:
2011/05/30 04:25:28.0219 3772
2011/05/30 04:25:28.0219 3772 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/30 04:25:28.0219 3772 Product type: Workstation
2011/05/30 04:25:28.0219 3772 ComputerName: USER-3285903333
2011/05/30 04:25:28.0219 3772 UserName: user
2011/05/30 04:25:28.0219 3772 Windows directory: C:\WINDOWS
2011/05/30 04:25:28.0219 3772 System windows directory: C:\WINDOWS
2011/05/30 04:25:28.0219 3772 Processor architecture: Intel x86
2011/05/30 04:25:28.0219 3772 Number of processors: 1
2011/05/30 04:25:28.0219 3772 Page size: 0x1000
2011/05/30 04:25:28.0219 3772 Boot type: Normal boot
2011/05/30 04:25:28.0219 3772 ================================================================================
2011/05/30 04:25:31.0284 3772 Initialize success
2011/05/30 04:25:34.0178 2076 ================================================================================
2011/05/30 04:25:34.0178 2076 Scan started
2011/05/30 04:25:34.0178 2076 Mode: Manual;
2011/05/30 04:25:34.0178 2076 ================================================================================
2011/05/30 04:25:37.0913 2076 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/30 04:25:37.0993 2076 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/05/30 04:25:38.0123 2076 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/05/30 04:25:38.0214 2076 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/30 04:25:38.0294 2076 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/05/30 04:25:38.0374 2076 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/05/30 04:25:38.0514 2076 AgereSoftModem (3e60f847c0c57eedb7c0639710512ccc) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/05/30 04:25:38.0634 2076 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/05/30 04:25:39.0285 2076 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/30 04:25:39.0435 2076 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/30 04:25:39.0656 2076 ati2mtag (75410dda533d6b0df3689341079ff215) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/05/30 04:25:39.0806 2076 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/30 04:25:39.0956 2076 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/30 04:25:40.0277 2076 b57w2k (0e72b88b05a5931c46efa7d511d9aeb9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/05/30 04:25:40.0447 2076 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/30 04:25:41.0208 2076 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/30 04:25:41.0428 2076 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/30 04:25:41.0739 2076 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/30 04:25:41.0829 2076 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/30 04:25:41.0899 2076 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/30 04:25:42.0069 2076 ClntMgmt (701b3395e6d0fb1f2c7bcd3616dd850b) C:\WINDOWS\system32\Drivers\ClntMgmt.sys
2011/05/30 04:25:42.0189 2076 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/05/30 04:25:42.0390 2076 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/30 04:25:42.0520 2076 CONAN (32b0ac2449d9ef70b719bfaf631f998a) C:\WINDOWS\system32\drivers\o2mmb.sys
2011/05/30 04:25:42.0730 2076 cpqdfw (817bec5f328518290ac42821ec3922cb) C:\WINDOWS\system32\drivers\cpqdfw.sys
2011/05/30 04:25:42.0850 2076 cqcpu (be43d9c71508cb4116cb56979d1ce820) C:\WINDOWS\system32\drivers\cqcpu.sys
2011/05/30 04:25:42.0940 2076 cq_mem (cd6364f3acb9b2094ab60671806a5b9c) C:\WINDOWS\system32\drivers\cq_mem.sys
2011/05/30 04:25:43.0301 2076 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/30 04:25:43.0461 2076 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/30 04:25:43.0541 2076 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/30 04:25:43.0621 2076 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/30 04:25:43.0711 2076 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/30 04:25:43.0882 2076 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/30 04:25:43.0972 2076 eabfiltr (313ace43944bf93852d1e298cf35d2c8) C:\WINDOWS\system32\drivers\EABFiltr.sys
2011/05/30 04:25:44.0052 2076 eabusb (1ba14da377b66278335d4b9e8824cd42) C:\WINDOWS\system32\drivers\eabusb.sys
2011/05/30 04:25:44.0202 2076 epmntdrv (57cc1bf06c159dfbb989f5783c0e6a50) C:\WINDOWS\system32\epmntdrv.sys
2011/05/30 04:25:44.0342 2076 EuGdiDrv (5f779f5edab787f2d090c71a9051f365) C:\WINDOWS\system32\EuGdiDrv.sys
2011/05/30 04:25:44.0473 2076 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/30 04:25:44.0553 2076 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/30 04:25:44.0643 2076 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/30 04:25:44.0733 2076 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/30 04:25:44.0873 2076 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/30 04:25:44.0983 2076 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/30 04:25:45.0063 2076 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/30 04:25:45.0164 2076 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/30 04:25:45.0264 2076 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/05/30 04:25:45.0394 2076 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/30 04:25:45.0594 2076 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/30 04:25:45.0875 2076 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/30 04:25:45.0955 2076 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/30 04:25:46.0145 2076 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/30 04:25:46.0235 2076 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/30 04:25:46.0335 2076 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/30 04:25:46.0405 2076 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/30 04:25:46.0485 2076 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/30 04:25:46.0636 2076 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/30 04:25:46.0716 2076 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/30 04:25:46.0806 2076 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/05/30 04:25:46.0886 2076 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/30 04:25:46.0986 2076 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/30 04:25:47.0136 2076 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/30 04:25:47.0237 2076 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/30 04:25:47.0337 2076 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/30 04:25:47.0647 2076 LVcKap (efe6cb9600a6bef09834be558d7cf04e) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
2011/05/30 04:25:47.0887 2076 LVMVDrv (8895475987655aae944544e30004b290) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
2011/05/30 04:25:48.0118 2076 LVUSBSta (ccff53b1fcdfa9ede919e3bdbd10d0fd) C:\WINDOWS\system32\drivers\lvusbsta.sys
2011/05/30 04:25:48.0218 2076 MbxStby (4c32b247524f91db486d21dcb84d9c23) C:\WINDOWS\system32\drivers\MbxStby.sys
2011/05/30 04:25:48.0328 2076 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/30 04:25:48.0448 2076 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/30 04:25:48.0538 2076 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/30 04:25:48.0649 2076 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/30 04:25:48.0829 2076 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/30 04:25:48.0979 2076 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/30 04:25:49.0079 2076 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/30 04:25:49.0199 2076 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/30 04:25:49.0289 2076 MSIRCOMM (95c6432151ccff8617352f8e616a1aa4) C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
2011/05/30 04:25:49.0370 2076 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/30 04:25:49.0520 2076 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/30 04:25:49.0610 2076 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/30 04:25:49.0710 2076 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/30 04:25:49.0800 2076 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/30 04:25:49.0910 2076 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/30 04:25:50.0021 2076 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/30 04:25:50.0191 2076 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/30 04:25:50.0301 2076 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/30 04:25:50.0381 2076 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/30 04:25:50.0461 2076 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/30 04:25:50.0551 2076 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/30 04:25:50.0621 2076 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/30 04:25:50.0691 2076 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/30 04:25:50.0802 2076 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/30 04:25:50.0992 2076 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/30 04:25:51.0112 2076 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/30 04:25:51.0242 2076 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/30 04:25:51.0362 2076 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/30 04:25:51.0443 2076 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/30 04:25:51.0573 2076 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/30 04:25:51.0633 2076 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/30 04:25:51.0773 2076 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/30 04:25:51.0873 2076 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/30 04:25:52.0083 2076 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/30 04:25:52.0164 2076 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/05/30 04:25:52.0764 2076 PID_0928 (91810c1b4152bb60e18fa2ba44c1596d) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
2011/05/30 04:25:52.0945 2076 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/30 04:25:53.0045 2076 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/30 04:25:53.0125 2076 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/30 04:25:53.0205 2076 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/30 04:25:53.0676 2076 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/30 04:25:53.0786 2076 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/05/30 04:25:53.0896 2076 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/30 04:25:53.0996 2076 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/30 04:25:54.0076 2076 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/30 04:25:54.0197 2076 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/30 04:25:54.0277 2076 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/30 04:25:54.0387 2076 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/30 04:25:54.0497 2076 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/30 04:25:54.0597 2076 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/30 04:25:54.0827 2076 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/30 04:25:54.0867 2076 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/30 04:25:54.0998 2076 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/30 04:25:55.0118 2076 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/30 04:25:55.0218 2076 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/30 04:25:55.0358 2076 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/30 04:25:55.0558 2076 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/30 04:25:55.0659 2076 SMCIRDA (d03a4cdb1b089e3f6c23501339506e5e) C:\WINDOWS\system32\DRIVERS\smcirda.sys
2011/05/30 04:25:55.0779 2076 smwdm (f5a256e9755fd361d277fe1f5d02dd7a) C:\WINDOWS\system32\drivers\smwdm.sys
2011/05/30 04:25:56.0059 2076 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/30 04:25:56.0249 2076 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
2011/05/30 04:25:56.0380 2076 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/30 04:25:56.0500 2076 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/30 04:25:56.0640 2076 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/30 04:25:56.0780 2076 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/30 04:25:56.0961 2076 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/30 04:25:57.0341 2076 SynTP (23fe1f173996b8bad4b9ed74003676d8) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/05/30 04:25:57.0431 2076 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/30 04:25:57.0601 2076 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/30 04:25:57.0762 2076 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/30 04:25:57.0992 2076 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/30 04:25:58.0122 2076 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/30 04:25:58.0563 2076 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/30 04:25:58.0763 2076 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/30 04:25:58.0953 2076 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/30 04:25:59.0033 2076 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/30 04:25:59.0134 2076 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/30 04:25:59.0274 2076 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/05/30 04:25:59.0374 2076 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/30 04:25:59.0484 2076 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/30 04:25:59.0584 2076 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/30 04:25:59.0674 2076 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/30 04:25:59.0755 2076 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/30 04:25:59.0955 2076 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/30 04:26:00.0105 2076 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/30 04:26:00.0315 2076 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/30 04:26:00.0546 2076 WLAN_400_500_SERVICE (3d769924a07c00f5bb4b890f3934cd1e) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2011/05/30 04:26:00.0706 2076 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/05/30 04:26:00.0866 2076 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/30 04:26:00.0966 2076 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/30 04:26:01.0237 2076 MBR (0x1B8) (475e111f258d20b4292767ac2e7b8d90) \Device\Harddisk0\DR0
2011/05/30 04:26:01.0267 2076 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
2011/05/30 04:26:01.0277 2076 ================================================================================
2011/05/30 04:26:01.0277 2076 Scan finished
2011/05/30 04:26:01.0277 2076 ================================================================================
2011/05/30 04:26:01.0317 2068 Detected object count: 1
2011/05/30 04:26:01.0317 2068 Actual detected object count: 1
2011/05/30 04:26:17.0029 2068 \Device\Harddisk0\DR0 (Backdoor.Win32.Sinowal.knf) - will be cured after reboot
2011/05/30 04:26:17.0029 2068 \Device\Harddisk0\DR0 - ok
2011/05/30 04:26:17.0029 2068 Backdoor.Win32.Sinowal.knf(\Device\Harddisk0\DR0) - User select action: Cure
[/QUOTE]

cosinus · 30.05.2011, 11:29

Da wurde ein Sinowal erkannt und entfernt. Bitte Windows neu starten und zur Kontrolle ein neues Log mit dem Kaspersky-TDSS-Killer machen. Am besten auch mit GMER.

Giz · 30.05.2011, 19:12

Also meine Netzwerkverbindung startet schonmal wieder normal

Das Tool hat beim 2ten Durchlauf nix mehr gefunden:

Code:

ATTFilter

2011/05/30 19:27:18.0716 2640	TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/30 19:27:19.0046 2640	================================================================================
2011/05/30 19:27:19.0046 2640	SystemInfo:
2011/05/30 19:27:19.0046 2640	
2011/05/30 19:27:19.0046 2640	OS Version: 5.1.2600 ServicePack: 3.0
2011/05/30 19:27:19.0046 2640	Product type: Workstation
2011/05/30 19:27:19.0046 2640	ComputerName: USER-3285903333
2011/05/30 19:27:19.0046 2640	UserName: user
2011/05/30 19:27:19.0046 2640	Windows directory: C:\WINDOWS
2011/05/30 19:27:19.0046 2640	System windows directory: C:\WINDOWS
2011/05/30 19:27:19.0046 2640	Processor architecture: Intel x86
2011/05/30 19:27:19.0046 2640	Number of processors: 1
2011/05/30 19:27:19.0046 2640	Page size: 0x1000
2011/05/30 19:27:19.0046 2640	Boot type: Normal boot
2011/05/30 19:27:19.0046 2640	================================================================================
2011/05/30 19:27:21.0099 2640	Initialize success
2011/05/30 19:27:23.0172 1932	================================================================================
2011/05/30 19:27:23.0172 1932	Scan started
2011/05/30 19:27:23.0172 1932	Mode: Manual; 
2011/05/30 19:27:23.0172 1932	================================================================================
2011/05/30 19:27:24.0414 1932	Aavmker4        (3f6884eff406238d39aaa892218f1df7) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/05/30 19:27:24.0644 1932	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/30 19:27:24.0714 1932	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/05/30 19:27:24.0825 1932	aeaudio         (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/05/30 19:27:24.0905 1932	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/30 19:27:24.0985 1932	AegisP          (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/05/30 19:27:25.0075 1932	AFD             (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/05/30 19:27:25.0265 1932	AgereSoftModem  (3e60f847c0c57eedb7c0639710512ccc) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/05/30 19:27:25.0546 1932	agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/05/30 19:27:26.0116 1932	aswFsBlk        (7f08d9c504b015d81a8abd75c80028c5) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/05/30 19:27:26.0197 1932	aswMon2         (c2181ef6b54752273a0759a968c59279) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/05/30 19:27:26.0277 1932	aswRdr          (ac48bdd4cd5d44af33087c06d6e9511c) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/05/30 19:27:26.0397 1932	aswSnx          (b64134316fcd1f20e0f10ef3e65bd522) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/05/30 19:27:26.0527 1932	aswSP           (d6788e3211afa9951ed7a4d617f68a4f) C:\WINDOWS\system32\drivers\aswSP.sys
2011/05/30 19:27:26.0727 1932	aswTdi          (4d100c45517809439c7b6dd98997fa00) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/05/30 19:27:26.0837 1932	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/30 19:27:26.0938 1932	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/30 19:27:27.0198 1932	ati2mtag        (75410dda533d6b0df3689341079ff215) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/05/30 19:27:27.0338 1932	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/30 19:27:27.0528 1932	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/30 19:27:27.0649 1932	b57w2k          (0e72b88b05a5931c46efa7d511d9aeb9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/05/30 19:27:27.0739 1932	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/30 19:27:28.0179 1932	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/30 19:27:28.0340 1932	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/30 19:27:28.0510 1932	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/30 19:27:28.0630 1932	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/30 19:27:28.0720 1932	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/30 19:27:28.0880 1932	ClntMgmt        (701b3395e6d0fb1f2c7bcd3616dd850b) C:\WINDOWS\system32\Drivers\ClntMgmt.sys
2011/05/30 19:27:28.0991 1932	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/05/30 19:27:29.0201 1932	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/30 19:27:29.0341 1932	CONAN           (32b0ac2449d9ef70b719bfaf631f998a) C:\WINDOWS\system32\drivers\o2mmb.sys
2011/05/30 19:27:29.0581 1932	cpqdfw          (817bec5f328518290ac42821ec3922cb) C:\WINDOWS\system32\drivers\cpqdfw.sys
2011/05/30 19:27:29.0692 1932	cqcpu           (be43d9c71508cb4116cb56979d1ce820) C:\WINDOWS\system32\drivers\cqcpu.sys
2011/05/30 19:27:29.0792 1932	cq_mem          (cd6364f3acb9b2094ab60671806a5b9c) C:\WINDOWS\system32\drivers\cq_mem.sys
2011/05/30 19:27:30.0142 1932	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/30 19:27:30.0262 1932	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/30 19:27:30.0383 1932	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/30 19:27:30.0463 1932	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/30 19:27:30.0713 1932	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/30 19:27:31.0264 1932	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/30 19:27:31.0334 1932	eabfiltr        (313ace43944bf93852d1e298cf35d2c8) C:\WINDOWS\system32\drivers\EABFiltr.sys
2011/05/30 19:27:31.0444 1932	eabusb          (1ba14da377b66278335d4b9e8824cd42) C:\WINDOWS\system32\drivers\eabusb.sys
2011/05/30 19:27:31.0554 1932	epmntdrv        (57cc1bf06c159dfbb989f5783c0e6a50) C:\WINDOWS\system32\epmntdrv.sys
2011/05/30 19:27:31.0724 1932	EuGdiDrv        (5f779f5edab787f2d090c71a9051f365) C:\WINDOWS\system32\EuGdiDrv.sys
2011/05/30 19:27:31.0875 1932	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/30 19:27:31.0975 1932	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/30 19:27:32.0105 1932	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/30 19:27:32.0195 1932	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/30 19:27:32.0315 1932	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/30 19:27:32.0435 1932	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/30 19:27:32.0556 1932	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/30 19:27:32.0716 1932	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/30 19:27:32.0886 1932	hamachi         (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/05/30 19:27:33.0016 1932	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/30 19:27:33.0587 1932	HTTP            (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/30 19:27:34.0308 1932	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/30 19:27:34.0498 1932	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/30 19:27:35.0019 1932	IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/30 19:27:35.0169 1932	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/30 19:27:35.0370 1932	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/30 19:27:35.0620 1932	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/30 19:27:35.0880 1932	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/30 19:27:36.0141 1932	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/30 19:27:36.0361 1932	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/30 19:27:36.0622 1932	irda            (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/05/30 19:27:36.0972 1932	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/30 19:27:37.0282 1932	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/30 19:27:37.0663 1932	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/30 19:27:37.0953 1932	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/30 19:27:38.0114 1932	KSecDD          (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/30 19:27:39.0035 1932	LVcKap          (efe6cb9600a6bef09834be558d7cf04e) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
2011/05/30 19:27:40.0177 1932	LVMVDrv         (8895475987655aae944544e30004b290) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
2011/05/30 19:27:40.0898 1932	LVUSBSta        (ccff53b1fcdfa9ede919e3bdbd10d0fd) C:\WINDOWS\system32\drivers\lvusbsta.sys
2011/05/30 19:27:41.0058 1932	MbxStby         (4c32b247524f91db486d21dcb84d9c23) C:\WINDOWS\system32\drivers\MbxStby.sys
2011/05/30 19:27:41.0288 1932	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/30 19:27:41.0749 1932	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/30 19:27:42.0009 1932	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/30 19:27:42.0410 1932	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/30 19:27:42.0720 1932	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/30 19:27:43.0201 1932	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/30 19:27:43.0481 1932	MRxSmb          (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/30 19:27:44.0022 1932	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/30 19:27:44.0222 1932	MSIRCOMM        (95c6432151ccff8617352f8e616a1aa4) C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
2011/05/30 19:27:44.0653 1932	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/30 19:27:44.0843 1932	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/30 19:27:45.0264 1932	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/30 19:27:45.0504 1932	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/30 19:27:45.0875 1932	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/30 19:27:46.0165 1932	Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/30 19:27:46.0486 1932	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/30 19:27:46.0796 1932	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/30 19:27:46.0996 1932	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/30 19:27:47.0327 1932	NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/30 19:27:47.0487 1932	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/30 19:27:47.0677 1932	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/30 19:27:48.0108 1932	NDProxy         (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/30 19:27:48.0268 1932	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/30 19:27:48.0729 1932	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/30 19:27:49.0009 1932	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/30 19:27:49.0540 1932	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/30 19:27:50.0031 1932	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/30 19:27:50.0361 1932	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/30 19:27:50.0511 1932	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/30 19:27:50.0802 1932	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/30 19:27:51.0132 1932	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/30 19:27:51.0343 1932	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/30 19:27:51.0523 1932	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/30 19:27:52.0034 1932	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/30 19:27:52.0284 1932	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/05/30 19:27:53.0656 1932	PID_0928        (91810c1b4152bb60e18fa2ba44c1596d) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
2011/05/30 19:27:54.0257 1932	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/30 19:27:54.0457 1932	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/30 19:27:54.0878 1932	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/30 19:27:55.0168 1932	PxHelp20        (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/30 19:27:56.0330 1932	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/30 19:27:56.0801 1932	Rasirda         (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/05/30 19:27:57.0041 1932	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/30 19:27:57.0371 1932	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/30 19:27:57.0622 1932	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/30 19:27:57.0922 1932	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/30 19:27:58.0293 1932	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/30 19:27:58.0543 1932	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/30 19:27:59.0014 1932	RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/30 19:27:59.0264 1932	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/30 19:27:59.0595 1932	SASDIFSV        (a3281aec37e0720a2bc28034c2df2a56) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/30 19:27:59.0645 1932	SASKUTIL        (61db0d0756a99506207fd724e3692b25) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/30 19:28:00.0095 1932	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/30 19:28:00.0316 1932	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/30 19:28:00.0706 1932	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/30 19:28:00.0936 1932	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/30 19:28:01.0467 1932	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/30 19:28:01.0678 1932	SMCIRDA         (d03a4cdb1b089e3f6c23501339506e5e) C:\WINDOWS\system32\DRIVERS\smcirda.sys
2011/05/30 19:28:02.0459 1932	smwdm           (f5a256e9755fd361d277fe1f5d02dd7a) C:\WINDOWS\system32\drivers\smwdm.sys
2011/05/30 19:28:03.0019 1932	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/30 19:28:03.0400 1932	sptd            (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
2011/05/30 19:28:03.0901 1932	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/30 19:28:04.0231 1932	Srv             (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/30 19:28:04.0732 1932	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/30 19:28:04.0942 1932	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/30 19:28:05.0203 1932	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/30 19:28:06.0204 1932	SynTP           (23fe1f173996b8bad4b9ed74003676d8) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/05/30 19:28:06.0474 1932	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/30 19:28:06.0895 1932	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/30 19:28:07.0205 1932	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/30 19:28:07.0536 1932	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/30 19:28:07.0646 1932	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/30 19:28:07.0866 1932	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/30 19:28:08.0137 1932	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/30 19:28:10.0330 1932	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/30 19:28:10.0530 1932	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/30 19:28:10.0640 1932	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/30 19:28:10.0751 1932	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/05/30 19:28:10.0851 1932	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/30 19:28:10.0961 1932	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/30 19:28:11.0071 1932	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/30 19:28:11.0231 1932	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/30 19:28:11.0301 1932	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/30 19:28:11.0472 1932	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/30 19:28:11.0612 1932	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/30 19:28:11.0782 1932	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/30 19:28:12.0093 1932	WLAN_400_500_SERVICE (3d769924a07c00f5bb4b890f3934cd1e) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2011/05/30 19:28:12.0253 1932	WmiAcpi         (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/05/30 19:28:12.0373 1932	WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/30 19:28:12.0483 1932	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/30 19:28:12.0733 1932	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/05/30 19:28:12.0753 1932	================================================================================
2011/05/30 19:28:12.0753 1932	Scan finished
2011/05/30 19:28:12.0753 1932	================================================================================
2011/05/30 19:28:12.0784 2560	Detected object count: 0
2011/05/30 19:28:12.0784 2560	Actual detected object count: 0

cosinus · 30.05.2011, 19:40

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Giz · 31.05.2011, 23:06

Nach dem scannen gabs ne meldung "lösche Ordner c:\dokumente und einstellungen\user\WINDOWS" Ist das normal???

Hier das log:

Code:

ATTFilter

ComboFix 11-05-31.01 - user 31.05.2011  23:43:41.6.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.511.273 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\user\Desktop\Cofi.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\user\WINDOWS
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-04-28 bis 2011-05-31  ))))))))))))))))))))))))))))))
.
.
2011-05-30 02:42 . 2011-05-30 02:42	--------	d-sh--w-	c:\dokumente und einstellungen\LocalService\IETldCache
2011-05-30 02:41 . 2011-05-10 12:03	307928	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-05-30 02:41 . 2011-05-10 11:59	19544	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-05-30 02:41 . 2011-05-10 11:59	25432	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-05-30 02:41 . 2011-05-10 12:02	49240	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-05-30 02:41 . 2011-05-10 12:03	441176	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2011-05-30 02:41 . 2011-05-10 12:02	102616	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2011-05-30 02:41 . 2011-05-10 12:02	96344	----a-w-	c:\windows\system32\drivers\aswmon.sys
2011-05-30 02:41 . 2011-05-10 11:59	30808	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2011-05-30 02:40 . 2011-05-10 12:10	40112	----a-w-	c:\windows\avastSS.scr
2011-05-30 02:40 . 2011-05-10 12:10	199304	----a-w-	c:\windows\system32\aswBoot.exe
2011-05-30 02:40 . 2011-05-30 02:40	--------	d-----w-	c:\programme\AVAST Software
2011-05-30 02:40 . 2011-05-30 02:40	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\AVAST Software
2011-05-25 17:21 . 2011-05-25 17:21	--------	d-----w-	c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Malwarebytes
2011-05-25 03:14 . 2011-05-25 03:14	--------	d-----w-	c:\windows\system32\wbem\Repository
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((   SnapShot@2010-07-13_20.05.11   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 22:02 . 2009-07-11 22:02	51008              c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02	59728              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02	42832              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02	43344              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02	61264              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02	62800              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02	61760              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02	61776              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02	53568              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02	63296              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02	36688              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02	35648              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05	59904              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05	59904              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2011-05-31 21:35 . 2011-05-31 21:35	16384              c:\windows\temp\Perflib_Perfdata_898.dat
- 2008-04-14 02:23 . 2010-04-21 13:28	46080              c:\windows\system32\tzchange.exe
+ 2008-04-14 02:23 . 2010-06-21 14:46	46080              c:\windows\system32\tzchange.exe
+ 2009-11-29 21:14 . 2009-11-29 21:14	70944              c:\windows\system32\STRING32.dll
+ 2004-08-04 12:00 . 2010-08-17 13:17	58880              c:\windows\system32\spoolsv.exe
+ 2004-08-04 12:00 . 2011-03-30 20:03	67646              c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2010-06-24 00:59	67646              c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2010-06-24 00:59	80306              c:\windows\system32\perfc007.dat
+ 2004-08-04 12:00 . 2011-03-30 20:03	80306              c:\windows\system32\perfc007.dat
+ 2007-08-13 16:54 . 2010-06-24 12:21	55296              c:\windows\system32\msfeedsbs.dll
- 2007-08-13 16:54 . 2010-05-06 10:31	55296              c:\windows\system32\msfeedsbs.dll
- 2004-08-04 12:00 . 2010-05-06 10:31	25600              c:\windows\system32\jsproxy.dll
+ 2004-08-04 12:00 . 2010-06-24 12:21	25600              c:\windows\system32\jsproxy.dll
+ 2010-08-17 22:20 . 2006-09-05 10:28	38480              c:\windows\system32\IJRMF.exe
+ 2004-08-04 12:00 . 2010-06-17 14:03	80384              c:\windows\system32\iccvid.dll
- 2004-08-04 12:00 . 2008-04-14 02:22	80384              c:\windows\system32\iccvid.dll
+ 2010-07-21 08:51 . 2010-12-20 17:09	38224              c:\windows\system32\drivers\mbamswissarmy.sys
- 2010-07-11 22:32 . 2010-04-29 13:39	38224              c:\windows\system32\drivers\mbamswissarmy.sys
+ 2010-07-21 08:51 . 2010-12-20 17:08	20952              c:\windows\system32\drivers\mbam.sys
- 2010-07-11 22:32 . 2010-04-29 13:39	20952              c:\windows\system32\drivers\mbam.sys
+ 2009-11-29 21:14 . 2009-11-29 21:14	95520              c:\windows\system32\DLLPRF32.dll
+ 2009-11-29 21:14 . 2009-11-29 21:14	83232              c:\windows\system32\DLLPNT32.dll
+ 2009-11-29 21:14 . 2009-11-29 21:14	99616              c:\windows\system32\DLLIO32.dll
+ 2009-07-01 00:46 . 2010-06-24 12:22	12800              c:\windows\system32\dllcache\xpshims.dll
- 2009-07-01 00:46 . 2010-05-06 10:31	12800              c:\windows\system32\dllcache\xpshims.dll
+ 2010-08-17 13:17 . 2010-08-17 13:17	58880              c:\windows\system32\dllcache\spoolsv.exe
- 2008-06-10 15:06 . 2010-05-06 10:31	55296              c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-06-10 15:06 . 2010-06-24 12:21	55296              c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-08-13 16:54 . 2010-06-24 12:21	25600              c:\windows\system32\dllcache\jsproxy.dll
- 2007-08-13 16:54 . 2010-05-06 10:31	25600              c:\windows\system32\dllcache\jsproxy.dll
+ 2010-07-22 11:13 . 2010-09-02 21:26	87717              c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
+ 2010-08-18 06:13 . 2010-08-18 06:13	94208              c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2010-08-18 06:02 . 2010-08-18 06:02	79488              c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2010-08-18 06:22 . 2010-08-18 06:22	65816              c:\windows\system32\Adobe\Director\SWDNLD.EXE
+ 2010-08-02 14:36 . 2010-08-02 14:36	26624              c:\windows\Installer\22be69.msi
+ 2010-09-24 13:26 . 2010-09-24 13:26	38240              c:\windows\Installer\{90120000-0020-0407-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-06-10 22:01 . 2010-06-10 22:01	38240              c:\windows\Installer\{90120000-0020-0407-0000-0000000FF1CE}\O12ConvIcon.exe
- 2008-07-18 16:57 . 2010-06-10 22:02	23040              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-07-18 16:57 . 2010-09-24 13:40	23040              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-07-18 16:57 . 2010-09-24 13:40	61440              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-07-18 16:57 . 2010-06-10 22:02	61440              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-07-18 16:57 . 2010-06-10 22:02	27136              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-07-18 16:57 . 2010-09-24 13:40	27136              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-07-18 16:57 . 2010-09-24 13:40	11264              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-07-18 16:57 . 2010-06-10 22:02	11264              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-07-18 16:57 . 2010-09-24 13:40	86016              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-07-18 16:57 . 2010-06-10 22:02	86016              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-07-18 16:57 . 2010-06-10 22:02	12288              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-07-18 16:57 . 2010-09-24 13:40	12288              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-09-24 13:31 . 2010-05-06 10:31	12800              c:\windows\ie8updates\KB2183461-IE8\xpshims.dll
+ 2010-09-24 13:31 . 2010-05-06 10:31	55296              c:\windows\ie8updates\KB2183461-IE8\msfeedsbs.dll
+ 2010-09-24 13:31 . 2010-05-06 10:31	25600              c:\windows\ie8updates\KB2183461-IE8\jsproxy.dll
+ 2010-09-24 13:45 . 2010-09-24 13:45	60928              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5ec9dec678303ebff0ef018edb5ec595\UIAutomationProvider.ni.dll
+ 2010-09-24 13:38 . 2010-09-24 13:38	47104              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\de26af01222270c121788161496fcfe7\PresentationFontCache.ni.exe
+ 2010-09-24 13:38 . 2010-09-24 13:38	39424              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3c5adeedb70e6e052a6556c6ab9b6918\PresentationCFFRasterizer.ni.dll
+ 2010-09-24 13:48 . 2010-09-24 13:48	15360              c:\windows\assembly\NativeImages_v2.0.50727_32\acdbmgdhost\a86a7daa680daab9fcf1fafb5a7b140e\acdbmgdhost.ni.dll
+ 2010-09-24 13:48 . 2010-09-24 13:48	25600              c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5ffa548547613dbc5a92f2c5b7cad196\Accessibility.ni.dll
- 2010-06-24 00:58 . 2010-06-24 00:58	77824              c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-09-24 13:34 . 2010-09-24 13:34	77824              c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-09-24 13:34 . 2010-09-24 13:34	81920              c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-06-24 00:58 . 2010-06-24 00:58	81920              c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-06-24 00:59 . 2010-06-24 00:59	81920              c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-09-24 13:35 . 2010-09-24 13:35	81920              c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-06-24 00:58 . 2010-06-24 00:58	32768              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-09-24 13:34 . 2010-09-24 13:34	32768              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-09-24 13:35 . 2010-09-24 13:35	12800              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-06-24 00:59 . 2010-06-24 00:59	12800              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-09-24 13:35 . 2010-09-24 13:35	28672              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-06-24 00:59 . 2010-06-24 00:59	28672              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-09-24 13:35 . 2010-09-24 13:35	77824              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-06-24 00:59 . 2010-06-24 00:59	77824              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-09-24 13:35 . 2010-09-24 13:35	36864              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-06-24 00:59 . 2010-06-24 00:59	36864              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-06-24 00:58 . 2010-06-24 00:58	77824              c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-09-24 13:34 . 2010-09-24 13:34	77824              c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-09-24 13:34 . 2010-09-24 13:34	13312              c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-06-24 00:58 . 2010-06-24 00:58	13312              c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-06-24 00:58 . 2010-06-24 00:58	10752              c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-09-24 13:35 . 2010-09-24 13:35	10752              c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-06-24 00:59 . 2010-06-24 00:59	72192              c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-09-24 13:35 . 2010-09-24 13:35	72192              c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-09-24 13:34 . 2010-09-24 13:34	69120              c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-06-24 00:58 . 2010-06-24 00:58	69120              c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-09-24 13:26 . 2008-04-14 02:22	80384              c:\windows\$NtUninstallKB982665$\iccvid.dll
+ 2010-09-24 13:38 . 2008-04-14 02:23	57856              c:\windows\$NtUninstallKB2347290$\spoolsv.exe
+ 2010-09-29 12:17 . 2010-04-21 13:28	46080              c:\windows\$NtUninstallKB2158563$\tzchange.exe
+ 2010-09-29 12:17 . 2010-06-23 00:54	16896              c:\windows\$NtUninstallKB2158563$\spuninst\tzchange.dll
+ 2010-09-24 13:37 . 2010-02-22 14:22	26488              c:\windows\$hf_mig$\KB982802\update\spcustom.dll
+ 2010-09-24 13:37 . 2010-02-22 14:22	18808              c:\windows\$hf_mig$\KB982802\spmsg.dll
+ 2010-09-24 13:26 . 2010-02-22 14:22	26488              c:\windows\$hf_mig$\KB982665\update\spcustom.dll
+ 2010-09-24 13:26 . 2010-02-22 14:22	18808              c:\windows\$hf_mig$\KB982665\spmsg.dll
+ 2010-06-17 14:00 . 2010-06-17 14:00	80384              c:\windows\$hf_mig$\KB982665\SP3QFE\iccvid.dll
+ 2010-09-24 13:39 . 2010-02-22 14:22	26488              c:\windows\$hf_mig$\KB982214\update\spcustom.dll
+ 2010-09-24 13:39 . 2010-02-22 14:22	18808              c:\windows\$hf_mig$\KB982214\spmsg.dll
+ 2010-09-24 13:26 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB981997\update\spcustom.dll
+ 2010-09-24 13:26 . 2009-05-26 11:40	18808              c:\windows\$hf_mig$\KB981997\spmsg.dll
+ 2010-09-24 13:37 . 2010-02-22 14:22	26488              c:\windows\$hf_mig$\KB981852\update\spcustom.dll
+ 2010-09-24 13:24 . 2010-06-17 13:45	16896              c:\windows\$hf_mig$\KB981852\update\mpsyschk.dll
+ 2010-09-24 13:37 . 2010-02-22 14:22	18808              c:\windows\$hf_mig$\KB981852\spmsg.dll
+ 2010-09-24 13:30 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB981322\update\spcustom.dll
+ 2010-09-24 13:30 . 2009-05-26 11:40	18808              c:\windows\$hf_mig$\KB981322\spmsg.dll
+ 2010-09-24 13:30 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB980436\update\spcustom.dll
+ 2010-09-24 13:30 . 2009-05-26 11:40	18808              c:\windows\$hf_mig$\KB980436\spmsg.dll
+ 2010-09-24 13:38 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB2347290\update\spcustom.dll
+ 2010-09-24 13:38 . 2009-05-26 11:40	18808              c:\windows\$hf_mig$\KB2347290\spmsg.dll
+ 2010-08-17 13:19 . 2010-08-17 13:19	58880              c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
+ 2010-08-10 16:20 . 2010-02-22 14:22	26488              c:\windows\$hf_mig$\KB2286198\update\spcustom.dll
+ 2010-08-10 16:20 . 2010-02-22 14:22	18808              c:\windows\$hf_mig$\KB2286198\spmsg.dll
+ 2010-09-24 13:39 . 2009-05-26 09:01	26488              c:\windows\$hf_mig$\KB2259922\update\spcustom.dll
+ 2010-09-24 13:39 . 2009-05-26 09:01	18808              c:\windows\$hf_mig$\KB2259922\spmsg.dll
+ 2010-07-25 00:54 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB2229593\update\spcustom.dll
+ 2010-07-25 00:54 . 2009-05-26 11:40	18808              c:\windows\$hf_mig$\KB2229593\spmsg.dll
+ 2010-09-24 13:31 . 2009-05-26 09:01	26488              c:\windows\$hf_mig$\KB2183461-IE8\update\spcustom.dll
+ 2010-09-24 13:31 . 2009-05-26 09:01	18808              c:\windows\$hf_mig$\KB2183461-IE8\spmsg.dll
+ 2010-09-24 13:23 . 2010-06-24 12:27	12800              c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\xpshims.dll
+ 2010-09-24 13:23 . 2010-06-24 12:27	55296              c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\msfeedsbs.dll
+ 2010-09-24 13:23 . 2010-06-24 12:27	25600              c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\jsproxy.dll
+ 2010-09-24 13:30 . 2010-02-22 14:22	26488              c:\windows\$hf_mig$\KB2160329\update\spcustom.dll
+ 2010-09-24 13:30 . 2010-02-22 14:22	18808              c:\windows\$hf_mig$\KB2160329\spmsg.dll
+ 2010-09-24 13:37 . 2010-02-22 14:22	26488              c:\windows\$hf_mig$\KB2121546\update\spcustom.dll
+ 2010-09-24 13:37 . 2010-02-22 14:22	18808              c:\windows\$hf_mig$\KB2121546\spmsg.dll
+ 2010-09-24 13:39 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB2115168\update\spcustom.dll
+ 2010-09-24 13:39 . 2009-05-26 11:40	18808              c:\windows\$hf_mig$\KB2115168\spmsg.dll
+ 2010-09-24 13:37 . 2009-05-26 11:40	26488              c:\windows\$hf_mig$\KB2079403\update\spcustom.dll
+ 2010-09-24 13:37 . 2009-05-26 11:40	18808              c:\windows\$hf_mig$\KB2079403\spmsg.dll
+ 2010-09-24 13:34 . 2010-09-24 13:34	8192              c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-06-24 00:58 . 2010-06-24 00:58	8192              c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2008-05-05 05:25 . 2010-07-22 06:19	5632              c:\windows\system32\xpsp4res.dll
+ 2010-08-18 06:14 . 2010-08-18 06:14	9216              c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
- 2008-07-18 16:57 . 2010-06-10 22:02	4096              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-07-18 16:57 . 2010-09-24 13:40	4096              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2010-07-17 23:05 . 2010-07-17 23:05	8192              c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2010-07-17 23:05 . 2010-07-17 23:05	8192              c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
- 2010-06-24 00:58 . 2010-06-24 00:58	7168              c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-09-24 13:34 . 2010-09-24 13:34	7168              c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-09-24 13:35 . 2010-09-24 13:35	5632              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-06-24 00:59 . 2010-06-24 00:59	5632              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-09-24 13:34 . 2010-09-24 13:34	6656              c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-06-24 00:58 . 2010-06-24 00:58	6656              c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-06-24 00:58 . 2010-06-24 00:58	8192              c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-09-24 13:34 . 2010-09-24 13:34	8192              c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-09-24 13:37 . 2008-05-05 05:25	3072              c:\windows\$NtUninstallKB982802$\xpsp4res.dll
+ 2010-07-22 06:19 . 2010-07-22 06:19	5632              c:\windows\$hf_mig$\KB982802\SP3QFE\sprv0407.dll
+ 2010-09-24 13:35 . 2010-09-24 13:35	113664              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-06-24 00:59 . 2010-06-24 00:59	113664              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-06-24 00:59 . 2010-06-24 00:59	258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-09-24 13:35 . 2010-09-24 13:35	258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02	653120              c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02	569664              c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05	225280              c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2010-08-01 23:56 . 2010-08-01 23:56	294804              c:\windows\Temporäre Internetdateien\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat
+ 2010-08-12 20:30 . 2010-08-12 20:30	102412              c:\windows\Temporäre Internetdateien\29VZQMC3\EQY1IHUQ\Offline\HashFile.dat
- 2004-08-04 12:00 . 2008-04-14 02:22	293888              c:\windows\system32\winsrv.dll
+ 2004-08-04 12:00 . 2010-06-18 17:44	293888              c:\windows\system32\winsrv.dll
+ 2004-08-04 12:00 . 2010-06-24 12:22	916480              c:\windows\system32\wininet.dll
- 2004-08-04 12:00 . 2010-05-06 10:31	916480              c:\windows\system32\wininet.dll
+ 2004-08-04 12:00 . 2010-04-16 15:36	406016              c:\windows\system32\usp10.dll
- 2004-08-04 12:00 . 2008-04-14 02:22	406016              c:\windows\system32\usp10.dll
+ 2004-08-04 12:00 . 2010-06-30 12:28	149504              c:\windows\system32\schannel.dll
+ 2004-08-04 12:00 . 2010-07-22 15:48	590848              c:\windows\system32\rpcrt4.dll
+ 2011-05-25 03:12 . 2011-05-25 03:14	178692              c:\windows\system32\Restore\rstrlog.dat
+ 2004-08-04 12:00 . 2011-03-30 20:03	432690              c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2010-06-24 00:59	432690              c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2010-06-24 00:59	449044              c:\windows\system32\perfh007.dat
+ 2004-08-04 12:00 . 2011-03-30 20:03	449044              c:\windows\system32\perfh007.dat
- 2004-08-04 12:00 . 2010-05-06 10:31	206848              c:\windows\system32\occache.dll
+ 2004-08-04 12:00 . 2010-06-24 12:22	206848              c:\windows\system32\occache.dll
+ 2011-03-18 23:28 . 2005-02-24 10:51	348160              c:\windows\system32\NCTWMAFile2.dll
+ 2011-03-18 23:28 . 2005-03-28 14:52	417792              c:\windows\system32\NCTTextToAudio2.dll
+ 2011-03-18 23:28 . 2005-03-28 14:54	479232              c:\windows\system32\NCTAudioVisualization2.dll
+ 2011-03-18 23:28 . 2005-04-04 16:21	602112              c:\windows\system32\NCTAudioTransform2.dll
+ 2011-03-18 23:28 . 2005-04-25 12:01	458752              c:\windows\system32\NCTAudioRecord2.dll
+ 2011-03-18 23:28 . 2005-04-25 12:01	458752              c:\windows\system32\NCTAudioPlayer2.dll
+ 2011-03-18 23:28 . 2005-04-15 11:08	880640              c:\windows\system32\NCTAudioEditor2.dll
+ 2011-03-18 23:28 . 2004-11-04 12:31	835584              c:\windows\system32\NCTAudioCDGrabber2.dll
+ 2011-03-18 23:28 . 2002-01-05 15:37	344064              c:\windows\system32\msvcr70.dll
- 2004-08-04 12:00 . 2010-05-06 10:31	611840              c:\windows\system32\mstime.dll
+ 2004-08-04 12:00 . 2010-06-24 12:22	611840              c:\windows\system32\mstime.dll
+ 2007-08-13 16:54 . 2010-06-24 12:21	599040              c:\windows\system32\msfeeds.dll
- 2007-08-13 16:54 . 2010-05-06 10:31	599040              c:\windows\system32\msfeeds.dll
- 2004-08-04 12:00 . 2008-04-14 02:22	384512              c:\windows\system32\mp4sdmod.dll
+ 2004-08-04 12:00 . 2010-04-05 09:54	384512              c:\windows\system32\mp4sdmod.dll
+ 2011-04-26 05:09 . 2011-04-26 05:09	235168              c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe
+ 2011-04-26 05:09 . 2011-04-26 05:09	311456              c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.dll
+ 2010-11-30 04:25 . 2010-11-30 04:25	233936              c:\windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe
+ 2010-08-04 02:58 . 2010-08-04 02:58	153376              c:\windows\system32\javaws.exe
+ 2010-08-04 02:58 . 2010-08-04 02:58	145184              c:\windows\system32\javaw.exe
+ 2010-08-04 02:58 . 2010-08-04 02:58	145184              c:\windows\system32\java.exe
- 2004-08-04 12:00 . 2010-05-06 10:31	184320              c:\windows\system32\iepeers.dll
+ 2004-08-04 12:00 . 2010-06-24 12:21	184320              c:\windows\system32\iepeers.dll
- 2004-08-04 12:00 . 2010-05-06 10:31	387584              c:\windows\system32\iedkcs32.dll
+ 2004-08-04 12:00 . 2010-06-24 12:21	387584              c:\windows\system32\iedkcs32.dll
- 2004-08-04 12:00 . 2010-05-05 13:30	173056              c:\windows\system32\ie4uinit.exe
+ 2004-08-04 12:00 . 2010-06-23 12:08	173056              c:\windows\system32\ie4uinit.exe
+ 2008-06-10 10:50 . 2011-03-22 13:51	375264              c:\windows\system32\FNTCACHE.DAT
+ 2004-08-04 12:00 . 2010-06-21 15:27	354304              c:\windows\system32\drivers\srv.sys
+ 2009-11-29 21:14 . 2009-11-29 21:14	288032              c:\windows\system32\DLLRES32.dll
+ 2009-11-29 21:14 . 2009-11-29 21:14	226592              c:\windows\system32\DLLDRV32.dll
+ 2007-04-27 09:43 . 2007-04-27 09:43	120200              c:\windows\system32\DLLDEV32i.dll
+ 2009-11-29 21:14 . 2009-11-29 21:14	218400              c:\windows\system32\DLLDEV32.dll
+ 2009-11-29 21:14 . 2009-11-29 21:14	152864              c:\windows\system32\DLLCPY32.dll
+ 2010-06-18 17:44 . 2010-06-18 17:44	293888              c:\windows\system32\dllcache\winsrv.dll
+ 2007-08-13 16:54 . 2010-06-24 12:22	916480              c:\windows\system32\dllcache\wininet.dll
- 2007-08-13 16:54 . 2010-05-06 10:31	916480              c:\windows\system32\dllcache\wininet.dll
+ 2010-04-16 15:36 . 2010-04-16 15:36	406016              c:\windows\system32\dllcache\usp10.dll
+ 2010-07-17 23:06 . 2010-07-17 23:06	580096              c:\windows\system32\dllcache\user32.dll
+ 2008-11-23 18:32 . 2010-06-21 15:27	354304              c:\windows\system32\dllcache\srv.sys
+ 2008-12-05 06:55 . 2010-06-30 12:28	149504              c:\windows\system32\dllcache\schannel.dll
+ 2009-04-15 14:51 . 2010-07-22 15:48	590848              c:\windows\system32\dllcache\rpcrt4.dll
+ 2007-08-13 16:44 . 2010-06-24 12:22	206848              c:\windows\system32\dllcache\occache.dll
- 2007-08-13 16:44 . 2010-05-06 10:31	206848              c:\windows\system32\dllcache\occache.dll
- 2007-08-13 16:54 . 2010-05-06 10:31	611840              c:\windows\system32\dllcache\mstime.dll
+ 2007-08-13 16:54 . 2010-06-24 12:22	611840              c:\windows\system32\dllcache\mstime.dll
- 2008-06-10 15:06 . 2010-05-06 10:31	599040              c:\windows\system32\dllcache\msfeeds.dll
+ 2008-06-10 15:06 . 2010-06-24 12:21	599040              c:\windows\system32\dllcache\msfeeds.dll
+ 2004-08-04 12:00 . 2010-04-05 09:54	384512              c:\windows\system32\dllcache\mp4sdmod.dll
- 2004-08-04 12:00 . 2008-04-14 02:22	384512              c:\windows\system32\dllcache\mp4sdmod.dll
+ 2009-07-01 00:45 . 2010-06-24 12:21	247808              c:\windows\system32\dllcache\ieproxy.dll
- 2009-07-01 00:45 . 2010-05-06 10:31	247808              c:\windows\system32\dllcache\ieproxy.dll
+ 2007-08-13 16:54 . 2010-06-24 12:21	184320              c:\windows\system32\dllcache\iepeers.dll
- 2007-08-13 16:54 . 2010-05-06 10:31	184320              c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-10 14:58 . 2010-06-24 12:21	743424              c:\windows\system32\dllcache\iedvtool.dll
- 2010-06-10 14:58 . 2010-05-06 10:31	743424              c:\windows\system32\dllcache\iedvtool.dll
- 2007-08-13 16:39 . 2010-05-06 10:31	387584              c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-13 16:39 . 2010-06-24 12:21	387584              c:\windows\system32\dllcache\iedkcs32.dll
- 2007-08-13 16:39 . 2010-05-05 13:30	173056              c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-13 16:39 . 2010-06-23 12:08	173056              c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-07-24 11:19 . 2010-06-14 14:31	744448              c:\windows\system32\dllcache\helpsvc.exe
+ 2009-11-29 21:14 . 2009-11-29 21:14	738592              c:\windows\system32\DLLAV32.dll
+ 2010-07-23 16:42 . 2010-08-04 02:58	423656              c:\windows\system32\deployJava1.dll
+ 2011-05-18 17:57 . 2011-05-18 17:57	299008              c:\windows\system32\config\systemprofile\ntuser.dat
+ 2010-08-18 06:13 . 2010-08-18 06:13	114688              c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2010-08-18 06:22 . 2010-08-18 06:22	467224              c:\windows\system32\Adobe\Shockwave 11\SwHelper_1158612.exe
+ 2010-05-05 14:36 . 2010-05-05 14:36	467224              c:\windows\system32\Adobe\Shockwave 11\SwHelper_1157609.exe
+ 2010-08-18 06:02 . 2010-08-18 06:02	136568              c:\windows\system32\Adobe\Shockwave 11\SCC.dll
+ 2010-08-18 06:14 . 2010-08-18 06:14	446464              c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2010-08-18 06:13 . 2010-08-18 06:13	372736              c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2010-08-18 06:02 . 2010-08-18 06:02	790016              c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2010-08-18 06:13 . 2010-08-18 06:13	503808              c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2010-08-18 06:22 . 2010-08-18 06:22	213272              c:\windows\system32\Adobe\Director\SwDir.dll
+ 2010-08-18 06:14 . 2010-08-18 06:14	131072              c:\windows\system32\Adobe\Director\np32dsw.dll
- 2008-06-10 10:05 . 2008-04-14 02:22	744448              c:\windows\pchealth\helpctr\binaries\helpsvc.exe
+ 2008-06-10 10:05 . 2010-06-14 14:31	744448              c:\windows\pchealth\helpctr\binaries\helpsvc.exe
+ 2010-05-11 04:40 . 2010-05-11 04:40	388936              c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2010-05-11 04:40 . 2010-05-11 04:40	989016              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2009-08-07 21:51 . 2009-08-07 21:51	989016              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-05-30 02:41 . 2011-05-30 02:41	219648              c:\windows\Installer\896b1.msi
+ 2011-03-22 04:31 . 2011-03-22 04:31	167424              c:\windows\Installer\36834a.msi
+ 2011-03-22 04:30 . 2011-03-22 04:30	912384              c:\windows\Installer\368335.msi
+ 2010-08-04 02:59 . 2010-08-04 02:59	180224              c:\windows\Installer\17ce469.msi
+ 2010-08-04 02:58 . 2010-08-04 02:58	676352              c:\windows\Installer\17ce463.msi
+ 2011-03-22 04:31 . 2011-03-22 04:31	367958              c:\windows\Installer\{E04D1AC1-B3AF-4C1A-B7E0-B37A058271CE}\ProgramIcon.exe
+ 2008-07-18 16:57 . 2010-09-24 13:40	409600              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-07-18 16:57 . 2010-06-10 22:02	409600              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-07-18 16:57 . 2010-09-24 13:40	286720              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-07-18 16:57 . 2010-06-10 22:02	286720              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-07-18 16:57 . 2010-09-24 13:40	249856              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-07-18 16:57 . 2010-06-10 22:02	249856              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-07-18 16:57 . 2010-09-24 13:40	794624              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-07-18 16:57 . 2010-06-10 22:02	794624              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-07-18 16:57 . 2010-06-10 22:02	135168              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-07-18 16:57 . 2010-09-24 13:40	135168              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-07-18 16:57 . 2010-06-10 22:02	593920              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-07-18 16:57 . 2010-09-24 13:40	593920              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2011-03-22 04:30 . 2011-03-22 04:30	360518              c:\windows\Installer\{300DFCBA-348B-4FD6-AE50-1D3CDFEE6314}\ProgramIcon.exe
+ 2007-04-19 12:01 . 2007-04-19 12:01	238424              c:\windows\Installer\$PatchCache$\Managed\7040110900063D11C8EF10054038389C\11.0.8173\MSCDM.DLL
+ 2010-09-24 13:31 . 2010-05-06 10:31	916480              c:\windows\ie8updates\KB2183461-IE8\wininet.dll
+ 2010-09-24 13:31 . 2010-02-22 14:22	388984              c:\windows\ie8updates\KB2183461-IE8\spuninst\updspapi.dll
+ 2010-09-24 13:31 . 2009-05-26 09:01	234872              c:\windows\ie8updates\KB2183461-IE8\spuninst\spuninst.exe
+ 2010-09-24 13:31 . 2010-05-06 10:31	206848              c:\windows\ie8updates\KB2183461-IE8\occache.dll
+ 2010-09-24 13:31 . 2010-05-06 10:31	611840              c:\windows\ie8updates\KB2183461-IE8\mstime.dll
+ 2010-09-24 13:31 . 2010-05-06 10:31	599040              c:\windows\ie8updates\KB2183461-IE8\msfeeds.dll
+ 2010-09-24 13:31 . 2010-05-06 10:31	247808              c:\windows\ie8updates\KB2183461-IE8\ieproxy.dll
+ 2010-09-24 13:31 . 2010-05-06 10:31	184320              c:\windows\ie8updates\KB2183461-IE8\iepeers.dll
+ 2010-09-24 13:31 . 2010-05-06 10:31	743424              c:\windows\ie8updates\KB2183461-IE8\iedvtool.dll
+ 2010-09-24 13:31 . 2010-05-06 10:31	387584              c:\windows\ie8updates\KB2183461-IE8\iedkcs32.dll
+ 2010-09-24 13:31 . 2010-05-05 13:30	173056              c:\windows\ie8updates\KB2183461-IE8\ie4uinit.exe
+ 2010-07-17 23:05 . 2008-08-07 13:27	163328              c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2010-07-17 23:05 . 2008-08-07 13:27	163328              c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2010-09-24 13:45 . 2010-09-24 13:45	240128              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\672c4d8e3c33e309c1ed90fa4cb85aba\WindowsFormsIntegration.ni.dll
+ 2010-09-24 13:45 . 2010-09-24 13:45	187904              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\cd91a32f4e36ccb2981c72c0d333e928\UIAutomationTypes.ni.dll
+ 2010-09-24 13:45 . 2010-09-24 13:45	447488              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\9df760fdf8071c7b0de78f39de365e6a\UIAutomationClient.ni.dll
+ 2010-09-24 13:44 . 2010-09-24 13:44	208384              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\90199b4aa63b1b9c8ed0c3de16eec824\System.Drawing.Design.ni.dll
+ 2010-09-24 13:40 . 2010-09-24 13:40	368128              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e7e7321956e6822b1bf3691c35c842f6\PresentationFramework.Aero.ni.dll
+ 2010-09-24 13:40 . 2010-09-24 13:40	258048              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a14488afff027f0f2985e659449097f5\PresentationFramework.Royale.ni.dll
+ 2010-09-24 13:40 . 2010-09-24 13:40	224768              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\787e60c5dd562cb45887080095d2a3b7\PresentationFramework.Classic.ni.dll
+ 2010-09-24 13:40 . 2010-09-24 13:40	539648              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2313ccc125dcb6a9800048ec1c51ec12\PresentationFramework.Luna.ni.dll
+ 2010-09-24 13:48 . 2010-09-24 13:48	842240              c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\56aec0938ef1bbdeca65b07a5fe8cd39\AspNetMMCExt.ni.dll
- 2010-06-24 00:58 . 2010-06-24 00:58	839680              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-09-24 13:34 . 2010-09-24 13:34	839680              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-06-24 00:58 . 2010-06-24 00:58	835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-09-24 13:34 . 2010-09-24 13:34	835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-06-24 00:59 . 2010-06-24 00:59	114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-09-24 13:35 . 2010-09-24 13:35	114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-06-24 00:59 . 2010-06-24 00:59	258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-09-24 13:35 . 2010-09-24 13:35	258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-09-24 13:35 . 2010-09-24 13:35	131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-06-24 00:59 . 2010-06-24 00:59	131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-06-24 00:59 . 2010-06-24 00:59	303104              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-09-24 13:35 . 2010-09-24 13:35	303104              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-09-24 13:35 . 2010-09-24 13:35	258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-06-24 00:59 . 2010-06-24 00:59	258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-09-24 13:35 . 2010-09-24 13:35	372736              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-06-24 00:59 . 2010-06-24 00:59	372736              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-09-24 13:35 . 2010-09-24 13:35	626688              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-06-24 00:59 . 2010-06-24 00:59	626688              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-09-24 13:35 . 2010-09-24 13:35	401408              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-06-24 00:59 . 2010-06-24 00:59	401408              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-09-24 13:34 . 2010-09-24 13:34	188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-06-24 00:58 . 2010-06-24 00:58	188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-09-24 13:35 . 2010-09-24 13:35	970752              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-06-24 00:59 . 2010-06-24 00:59	970752              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-06-24 00:59 . 2010-06-24 00:59	745472              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-09-24 13:35 . 2010-09-24 13:35	745472              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-09-24 13:35 . 2010-09-24 13:35	425984              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-06-24 00:59 . 2010-06-24 00:59	425984              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-09-24 13:35 . 2010-09-24 13:35	110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-06-24 00:59 . 2010-06-24 00:59	110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-09-24 13:34 . 2010-09-24 13:34	659456              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-06-24 00:58 . 2010-06-24 00:58	659456              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-09-24 13:35 . 2010-09-24 13:35	372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-06-24 00:59 . 2010-06-24 00:59	372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-06-24 00:59 . 2010-06-24 00:59	110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-09-24 13:35 . 2010-09-24 13:35	110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-06-24 00:59 . 2010-06-24 00:59	749568              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-09-24 13:35 . 2010-09-24 13:35	749568              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-06-24 00:59 . 2010-06-24 00:59	655360              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-09-24 13:35 . 2010-09-24 13:35	655360              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-06-24 00:59 . 2010-06-24 00:59	348160              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-09-24 13:35 . 2010-09-24 13:35	348160              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-09-24 13:34 . 2010-09-24 13:34	507904              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-06-24 00:58 . 2010-06-24 00:58	507904              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-06-24 00:59 . 2010-06-24 00:59	261632              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-09-24 13:35 . 2010-09-24 13:35	261632              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-09-24 13:35 . 2010-09-24 13:35	113664              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-06-24 00:59 . 2010-06-24 00:59	113664              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-06-24 00:59 . 2010-06-24 00:59	258048              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-09-24 13:35 . 2010-09-24 13:35	258048              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-09-24 13:35 . 2010-09-24 13:35	486400              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2010-06-24 00:59 . 2010-06-24 00:59	486400              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-09-24 13:37 . 2010-02-22 14:22	388984              c:\windows\$NtUninstallKB982802$\spuninst\updspapi.dll
+ 2010-09-24 13:37 . 2010-02-22 14:22	234872              c:\windows\$NtUninstallKB982802$\spuninst\spuninst.exe
+ 2010-09-24 13:37 . 2009-04-15 14:51	585216              c:\windows\$NtUninstallKB982802$\rpcrt4.dll
+ 2010-09-24 13:26 . 2010-02-22 14:22	388984              c:\windows\$NtUninstallKB982665$\spuninst\updspapi.dll
+ 2010-09-24 13:26 . 2010-02-22 14:22	234872              c:\windows\$NtUninstallKB982665$\spuninst\spuninst.exe
+ 2010-09-24 13:39 . 2009-12-31 16:50	353792              c:\windows\$NtUninstallKB982214$\srv.sys
+ 2010-09-24 13:39 . 2010-02-22 14:22	388984              c:\windows\$NtUninstallKB982214$\spuninst\updspapi.dll
+ 2010-09-24 13:39 . 2010-02-22 14:22	234872              c:\windows\$NtUninstallKB982214$\spuninst\spuninst.exe
+ 2010-09-24 13:26 . 2009-05-26 11:40	388984              c:\windows\$NtUninstallKB981997$\spuninst\updspapi.dll
+ 2010-09-24 13:26 . 2009-05-26 11:40	234872              c:\windows\$NtUninstallKB981997$\spuninst\spuninst.exe
+ 2010-09-24 13:37 . 2010-02-22 14:22	388984              c:\windows\$NtUninstallKB981852$\spuninst\updspapi.dll
+ 2010-09-24 13:37 . 2010-02-22 14:22	234872              c:\windows\$NtUninstallKB981852$\spuninst\spuninst.exe
+ 2010-09-24 13:30 . 2008-04-14 02:22	406016              c:\windows\$NtUninstallKB981322$\usp10.dll
+ 2010-09-24 13:30 . 2009-05-26 11:40	388984              c:\windows\$NtUninstallKB981322$\spuninst\updspapi.dll
+ 2010-09-24 13:30 . 2009-05-26 11:40	234872              c:\windows\$NtUninstallKB981322$\spuninst\spuninst.exe
+ 2010-09-24 13:30 . 2009-05-26 11:40	388984              c:\windows\$NtUninstallKB980436$\spuninst\updspapi.dll
+ 2010-09-24 13:30 . 2009-05-26 11:40	234872              c:\windows\$NtUninstallKB980436$\spuninst\spuninst.exe
+ 2010-09-24 13:30 . 2008-12-05 06:55	144896              c:\windows\$NtUninstallKB980436$\schannel.dll
+ 2010-09-24 13:39 . 2007-07-27 21:11	382840              c:\windows\$NtUninstallKB975558_WM8$\spuninst\updspapi.dll
+ 2010-09-24 13:39 . 2007-07-27 18:46	234872              c:\windows\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe
+ 2010-09-24 13:39 . 2008-04-14 02:22	384512              c:\windows\$NtUninstallKB975558_WM8$\mp4sdmod.dll
+ 2010-09-24 13:38 . 2009-05-26 11:40	388984              c:\windows\$NtUninstallKB2347290$\spuninst\updspapi.dll
+ 2010-09-24 13:38 . 2009-05-26 11:40	234872              c:\windows\$NtUninstallKB2347290$\spuninst\spuninst.exe
+ 2010-08-10 16:20 . 2010-02-22 14:22	388984              c:\windows\$NtUninstallKB2286198$\spuninst\updspapi.dll
+ 2010-08-10 16:20 . 2010-02-22 14:22	234872              c:\windows\$NtUninstallKB2286198$\spuninst\spuninst.exe
+ 2010-09-24 13:39 . 2009-05-26 09:01	388984              c:\windows\$NtUninstallKB2259922$\spuninst\updspapi.dll
+ 2010-09-24 13:39 . 2009-05-26 09:01	234872              c:\windows\$NtUninstallKB2259922$\spuninst\spuninst.exe
+ 2010-07-25 00:54 . 2010-02-22 17:52	388984              c:\windows\$NtUninstallKB2229593$\spuninst\updspapi.dll
+ 2010-07-25 00:54 . 2009-05-26 11:40	234872              c:\windows\$NtUninstallKB2229593$\spuninst\spuninst.exe
+ 2010-07-25 00:54 . 2008-04-14 02:22	744448              c:\windows\$NtUninstallKB2229593$\helpsvc.exe
+ 2010-09-24 13:30 . 2010-02-22 14:22	388984              c:\windows\$NtUninstallKB2160329$\spuninst\updspapi.dll
+ 2010-09-24 13:30 . 2010-02-22 14:22	234872              c:\windows\$NtUninstallKB2160329$\spuninst\spuninst.exe
+ 2010-09-29 12:17 . 2010-02-22 14:22	388984              c:\windows\$NtUninstallKB2158563$\spuninst\updspapi.dll
+ 2010-09-29 12:17 . 2010-02-22 14:22	234872              c:\windows\$NtUninstallKB2158563$\spuninst\spuninst.exe
+ 2010-09-24 13:37 . 2008-04-14 02:22	293888              c:\windows\$NtUninstallKB2121546$\winsrv.dll
+ 2010-09-24 13:37 . 2010-02-22 14:22	388984              c:\windows\$NtUninstallKB2121546$\spuninst\updspapi.dll
+ 2010-09-24 13:37 . 2010-02-22 14:22	234872              c:\windows\$NtUninstallKB2121546$\spuninst\spuninst.exe
+ 2010-09-24 13:39 . 2009-05-26 11:40	388984              c:\windows\$NtUninstallKB2115168$\spuninst\updspapi.dll
+ 2010-09-24 13:39 . 2009-05-26 11:40	234872              c:\windows\$NtUninstallKB2115168$\spuninst\spuninst.exe
+ 2010-09-24 13:37 . 2009-05-26 11:40	388984              c:\windows\$NtUninstallKB2079403$\spuninst\updspapi.dll
+ 2010-09-24 13:37 . 2009-05-26 11:40	234872              c:\windows\$NtUninstallKB2079403$\spuninst\spuninst.exe
+ 2010-09-24 13:37 . 2010-02-22 14:22	388984              c:\windows\$hf_mig$\KB982802\update\updspapi.dll
+ 2010-09-24 13:37 . 2010-02-22 14:22	765304              c:\windows\$hf_mig$\KB982802\update\update.exe
+ 2010-09-24 13:37 . 2010-02-22 14:22	234872              c:\windows\$hf_mig$\KB982802\spuninst.exe
+ 2010-07-23 06:13 . 2010-07-23 06:13	590848              c:\windows\$hf_mig$\KB982802\SP3QFE\rpcrt4.dll
+ 2010-09-24 13:26 . 2010-02-22 14:22	388984              c:\windows\$hf_mig$\KB982665\update\updspapi.dll
+ 2010-09-24 13:26 . 2010-02-22 14:22	765304              c:\windows\$hf_mig$\KB982665\update\update.exe
+ 2010-09-24 13:26 . 2010-02-22 14:22	234872              c:\windows\$hf_mig$\KB982665\spuninst.exe
+ 2010-09-24 13:39 . 2010-02-22 14:22	388984              c:\windows\$hf_mig$\KB982214\update\updspapi.dll
+ 2010-09-24 13:39 . 2010-02-22 14:22	765304              c:\windows\$hf_mig$\KB982214\update\update.exe
+ 2010-09-24 13:39 . 2010-02-22 14:22	234872              c:\windows\$hf_mig$\KB982214\spuninst.exe
+ 2010-09-24 13:24 . 2010-06-21 14:18	354304              c:\windows\$hf_mig$\KB982214\SP3QFE\srv.sys
+ 2010-09-24 13:26 . 2009-05-26 11:40	388984              c:\windows\$hf_mig$\KB981997\update\updspapi.dll
+ 2010-09-24 13:26 . 2009-05-26 11:40	765304              c:\windows\$hf_mig$\KB981997\update\update.exe
+ 2010-09-24 13:26 . 2009-05-26 11:40	234872              c:\windows\$hf_mig$\KB981997\spuninst.exe
+ 2010-09-24 13:37 . 2010-02-22 14:22	388984              c:\windows\$hf_mig$\KB981852\update\updspapi.dll
+ 2010-09-24 13:37 . 2010-02-22 14:22	765304              c:\windows\$hf_mig$\KB981852\update\update.exe
+ 2010-09-24 13:37 . 2010-02-22 14:22	234872              c:\windows\$hf_mig$\KB981852\spuninst.exe
+ 2010-09-24 13:30 . 2009-05-26 11:40	388984              c:\windows\$hf_mig$\KB981322\update\updspapi.dll
+ 2010-09-24 13:30 . 2009-05-26 11:40	765304              c:\windows\$hf_mig$\KB981322\update\update.exe
+ 2010-09-24 13:30 . 2009-05-26 11:40	234872              c:\windows\$hf_mig$\KB981322\spuninst.exe
+ 2010-04-16 15:29 . 2010-04-16 15:29	406016              c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
+ 2010-09-24 13:30 . 2009-05-26 11:40	388984              c:\windows\$hf_mig$\KB980436\update\updspapi.dll
+ 2010-09-24 13:30 . 2009-05-26 11:40	765304              c:\windows\$hf_mig$\KB980436\update\update.exe
+ 2010-09-24 13:30 . 2009-05-26 11:40	234872              c:\windows\$hf_mig$\KB980436\spuninst.exe
+ 2010-06-30 12:23 . 2010-06-30 12:23	149504              c:\windows\$hf_mig$\KB980436\SP3QFE\schannel.dll
+ 2010-09-24 13:38 . 2009-05-26 11:40	388984              c:\windows\$hf_mig$\KB2347290\update\updspapi.dll
+ 2010-09-24 13:38 . 2009-05-26 11:40	765304              c:\windows\$hf_mig$\KB2347290\update\update.exe
+ 2010-09-24 13:38 . 2009-05-26 11:40	234872              c:\windows\$hf_mig$\KB2347290\spuninst.exe
+ 2010-08-10 16:20 . 2010-02-22 14:22	388984              c:\windows\$hf_mig$\KB2286198\update\updspapi.dll
+ 2010-08-10 16:20 . 2010-02-22 14:22	765304              c:\windows\$hf_mig$\KB2286198\update\update.exe
+ 2010-08-10 16:20 . 2010-02-22 14:22	234872              c:\windows\$hf_mig$\KB2286198\spuninst.exe
+ 2010-09-24 13:39 . 2009-05-26 09:01	388984              c:\windows\$hf_mig$\KB2259922\update\updspapi.dll
+ 2010-09-24 13:39 . 2009-05-26 09:01	765304              c:\windows\$hf_mig$\KB2259922\update\update.exe
+ 2010-09-24 13:39 . 2009-05-26 09:01	234872              c:\windows\$hf_mig$\KB2259922\spuninst.exe
+ 2010-07-25 00:54 . 2010-02-22 17:52	388984              c:\windows\$hf_mig$\KB2229593\update\updspapi.dll
+ 2010-07-25 00:54 . 2010-02-22 14:21	765304              c:\windows\$hf_mig$\KB2229593\update\update.exe
+ 2010-07-25 00:54 . 2009-05-26 11:40	234872              c:\windows\$hf_mig$\KB2229593\spuninst.exe
+ 2010-07-24 11:19 . 2010-06-14 14:38	744448              c:\windows\$hf_mig$\KB2229593\SP3QFE\helpsvc.exe
+ 2010-09-24 13:31 . 2010-02-22 14:22	388984              c:\windows\$hf_mig$\KB2183461-IE8\update\updspapi.dll
+ 2010-09-24 13:31 . 2009-05-26 11:40	765304              c:\windows\$hf_mig$\KB2183461-IE8\update\update.exe
+ 2010-09-24 13:31 . 2009-05-26 09:01	234872              c:\windows\$hf_mig$\KB2183461-IE8\spuninst.exe
+ 2010-09-24 13:23 . 2010-06-24 12:27	919040              c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll
+ 2010-09-24 13:23 . 2010-06-24 12:27	206848              c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\occache.dll
+ 2010-09-24 13:23 . 2010-06-24 12:27	611840              c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\mstime.dll
+ 2010-09-24 13:23 . 2010-06-24 12:27	599040              c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\msfeeds.dll
+ 2010-09-24 13:23 . 2010-06-24 12:27	247808              c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\ieproxy.dll
+ 2010-09-24 13:23 . 2010-06-24 12:27	184320              c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\iepeers.dll
+ 2010-09-24 13:23 . 2010-06-24 12:27	743424              c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\iedvtool.dll
+ 2010-09-24 13:23 . 2010-06-24 12:27	387584              c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\iedkcs32.dll
+ 2010-09-24 13:23 . 2010-06-23 11:30	173056              c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\ie4uinit.exe
+ 2010-09-24 13:30 . 2010-02-22 14:22	388984              c:\windows\$hf_mig$\KB2160329\update\updspapi.dll
+ 2010-09-24 13:30 . 2010-02-22 14:22	765304              c:\windows\$hf_mig$\KB2160329\update\update.exe
+ 2010-09-24 13:30 . 2010-02-22 14:22	234872              c:\windows\$hf_mig$\KB2160329\spuninst.exe
+ 2010-09-24 13:37 . 2010-02-22 14:22	388984              c:\windows\$hf_mig$\KB2121546\update\updspapi.dll
+ 2010-09-24 13:37 . 2010-02-22 14:22	765304              c:\windows\$hf_mig$\KB2121546\update\update.exe
+ 2010-09-24 13:37 . 2010-02-22 14:22	234872              c:\windows\$hf_mig$\KB2121546\spuninst.exe
+ 2010-06-18 17:43 . 2010-06-18 17:43	293888              c:\windows\$hf_mig$\KB2121546\SP3QFE\winsrv.dll
+ 2010-09-24 13:39 . 2009-05-26 11:40	388984              c:\windows\$hf_mig$\KB2115168\update\updspapi.dll
+ 2010-09-24 13:39 . 2009-05-26 11:40	765304              c:\windows\$hf_mig$\KB2115168\update\update.exe
+ 2010-09-24 13:39 . 2009-05-26 11:40	234872              c:\windows\$hf_mig$\KB2115168\spuninst.exe
+ 2010-09-24 13:37 . 2009-05-26 11:40	388984              c:\windows\$hf_mig$\KB2079403\update\updspapi.dll
+ 2010-09-24 13:37 . 2009-05-26 11:40	765304              c:\windows\$hf_mig$\KB2079403\update\update.exe
+ 2010-09-24 13:37 . 2009-05-26 11:40	234872              c:\windows\$hf_mig$\KB2079403\spuninst.exe
+ 2009-07-11 22:02 . 2009-07-11 22:02	3780424              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02	3765048              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2010-07-14 07:43 . 2011-05-31 21:54	2293760              c:\windows\Temporäre Internetdateien\Content.IE5\index.dat
+ 2004-08-04 12:00 . 2010-06-24 09:02	1852032              c:\windows\system32\win32k.sys
+ 2004-08-04 12:00 . 2010-06-24 12:22	1210368              c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2010-07-27 06:29	8503296              c:\windows\system32\shell32.dll
+ 2004-08-04 12:00 . 2010-04-28 18:11	2192256              c:\windows\system32\ntoskrnl.exe
- 2004-08-04 12:00 . 2010-02-17 12:04	2192256              c:\windows\system32\ntoskrnl.exe
- 2004-08-04 00:50 . 2010-02-16 19:04	2069120              c:\windows\system32\ntkrnlpa.exe
+ 2004-08-04 00:50 . 2010-04-28 05:41	2069120              c:\windows\system32\ntkrnlpa.exe
+ 2011-03-18 23:28 . 2005-05-18 10:52	1212416              c:\windows\system32\NCTAudioInformation2.dll
+ 2011-03-18 23:28 . 2005-05-17 11:37	1986560              c:\windows\system32\NCTAudioFile2.dll
+ 2004-08-04 12:00 . 2010-06-14 07:41	1172480              c:\windows\system32\msxml3.dll
- 2004-08-04 12:00 . 2009-07-31 04:32	1172480              c:\windows\system32\msxml3.dll
+ 2004-08-04 12:00 . 2010-06-24 12:22	5951488              c:\windows\system32\mshtml.dll
+ 2008-03-25 03:21 . 2010-11-30 04:25	5971408              c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2007-08-13 16:34 . 2010-06-24 12:21	1986560              c:\windows\system32\iertutil.dll
+ 2008-11-23 18:30 . 2010-06-24 09:02	1852032              c:\windows\system32\dllcache\win32k.sys
+ 2007-08-13 16:54 . 2010-06-24 12:22	1210368              c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:00 . 2010-07-27 06:29	8503296              c:\windows\system32\dllcache\shell32.dll
- 2008-11-23 18:29 . 2010-02-17 12:04	2192256              c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-11-23 18:29 . 2010-04-28 18:11	2192256              c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-11-23 18:29 . 2010-04-28 05:41	2027008              c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-11-23 18:29 . 2010-02-16 19:04	2027008              c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-11-23 18:29 . 2010-02-16 19:04	2069120              c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-11-23 18:29 . 2010-04-28 05:41	2069120              c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-11-23 18:29 . 2010-02-16 19:04	2148864              c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-11-23 18:29 . 2010-04-28 05:41	2148864              c:\windows\system32\dllcache\ntkrnlmp.exe
- 2008-11-23 18:28 . 2009-07-31 04:32	1172480              c:\windows\system32\dllcache\msxml3.dll
+ 2008-11-23 18:28 . 2010-06-14 07:41	1172480              c:\windows\system32\dllcache\msxml3.dll
+ 2007-08-13 16:54 . 2010-06-24 12:22	5951488              c:\windows\system32\dllcache\mshtml.dll
+ 2010-05-07 13:34 . 2010-06-18 13:36	3558912              c:\windows\system32\dllcache\moviemk.exe
- 2010-05-07 13:34 . 2009-10-23 15:28	3558912              c:\windows\system32\dllcache\moviemk.exe
+ 2008-06-10 15:06 . 2010-06-24 12:21	1986560              c:\windows\system32\dllcache\iertutil.dll
+ 2010-08-18 06:05 . 2010-08-18 06:05	1011712              c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2010-08-18 06:02 . 2010-08-18 06:02	2224816              c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2010-08-18 06:07 . 2010-08-18 06:07	1802240              c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
- 2009-08-07 21:51 . 2009-08-07 21:51	5812560              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 04:40 . 2010-05-11 04:40	5812560              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 04:40 . 2010-05-11 04:40	4550656              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2010-06-28 14:01 . 2010-06-28 14:01	7677952              c:\windows\Installer\eb64a.msp
+ 2010-06-28 20:53 . 2010-06-28 20:53	6819840              c:\windows\Installer\eb634.msp
+ 2010-08-25 15:06 . 2010-08-25 15:06	6479360              c:\windows\Installer\eb613.msp
+ 2010-07-10 18:14 . 2010-07-10 18:14	2850816              c:\windows\Installer\eb5fd.msp
+ 2011-03-22 04:31 . 2011-03-22 04:31	1092608              c:\windows\Installer\368342.msi
+ 2011-03-22 04:30 . 2011-03-22 04:30	1132032              c:\windows\Installer\36833c.msi
+ 2010-06-11 15:55 . 2010-06-11 15:55	1827328              c:\windows\Installer\109f6e4.msp
+ 2010-09-24 13:31 . 2010-05-06 10:31	1209344              c:\windows\ie8updates\KB2183461-IE8\urlmon.dll
+ 2010-09-24 13:31 . 2010-05-06 10:31	5950976              c:\windows\ie8updates\KB2183461-IE8\mshtml.dll
+ 2010-09-24 13:31 . 2010-05-06 10:31	1985536              c:\windows\ie8updates\KB2183461-IE8\iertutil.dll
+ 2010-07-17 23:05 . 2010-07-17 23:05	1228800              c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2010-07-17 23:05 . 2010-07-17 23:05	1228800              c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
- 2008-11-23 18:29 . 2010-02-17 12:04	2192256              c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-11-23 18:29 . 2010-04-28 18:11	2192256              c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2008-11-23 18:29 . 2010-02-16 19:04	2027008              c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-11-23 18:29 . 2010-04-28 05:41	2027008              c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-11-23 18:29 . 2010-02-16 19:04	2069120              c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-11-23 18:29 . 2010-04-28 05:41	2069120              c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-11-23 18:29 . 2010-02-16 19:04	2148864              c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-11-23 18:29 . 2010-04-28 05:41	2148864              c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-09-24 13:38 . 2010-09-24 13:38	3325440              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cec7ecb8eac09dd630d180ce87d23b80\WindowsBase.ni.dll
+ 2010-09-24 13:45 . 2010-09-24 13:45	1049600              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\b7f6e7b265f9aae807ddc4284563e550\UIAutomationClientsideProviders.ni.dll
+ 2010-09-24 13:37 . 2010-09-24 13:37	7949824              c:\windows\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
+ 2010-09-24 13:45 . 2010-09-24 13:45	5450752              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
+ 2010-09-24 13:44 . 2010-09-24 13:44	1917952              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5eb08849d17b272ed2a393420cb0305b\System.Speech.ni.dll
+ 2010-09-24 13:44 . 2010-09-24 13:44	1035776              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\99767d4df92b83fdfb06012512722ec1\System.Printing.ni.dll
+ 2010-09-24 13:44 . 2010-09-24 13:44	1587200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll
+ 2010-09-24 13:41 . 2010-09-24 13:41	6616576              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f04ef00e652a8655a717639e8aeb7b63\System.Data.ni.dll
+ 2010-09-24 13:41 . 2010-09-24 13:41	2516480              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c18c236a09e715138daec2e25be205bb\System.Data.Linq.ni.dll
+ 2010-09-24 13:40 . 2010-09-24 13:40	2295296              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\faeda674832135a080bc73eda51813ff\System.Core.ni.dll
+ 2010-09-24 13:40 . 2010-09-24 13:40	2128896              c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\3e85c3d63ce3c3f37061aa626feb2a52\ReachFramework.ni.dll
+ 2010-09-24 13:40 . 2010-09-24 13:40	1657856              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\bf67db30179ff6e8cb1bdbaa290d122e\PresentationUI.ni.dll
+ 2010-09-24 13:37 . 2010-09-24 13:37	1451008              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\835786d8a0caabae09ad440f6e3abfc6\PresentationBuildTasks.ni.dll
+ 2010-09-24 13:35 . 2010-09-24 13:35	3182592              c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-06-24 00:59 . 2010-06-24 00:59	3182592              c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-06-24 00:59 . 2010-06-24 00:59	2048000              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-09-24 13:35 . 2010-09-24 13:35	2048000              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-09-24 13:34 . 2010-09-24 13:34	5025792              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-06-24 00:58 . 2010-06-24 00:58	5025792              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-06-24 00:58 . 2010-06-24 00:58	5062656              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-09-24 13:34 . 2010-09-24 13:34	5062656              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-06-24 00:58 . 2010-06-24 00:58	5242880              c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-09-24 13:34 . 2010-09-24 13:34	5242880              c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-06-24 00:59 . 2010-06-24 00:59	2933248              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-09-24 13:35 . 2010-09-24 13:35	2933248              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-09-24 13:35 . 2010-09-24 13:35	4550656              c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-09-24 13:26 . 2009-10-23 15:28	3558912              c:\windows\$NtUninstallKB981997$\moviemk.exe
+ 2010-09-24 13:37 . 2010-02-17 12:04	2192256              c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
+ 2010-09-24 13:37 . 2010-02-16 19:04	2027008              c:\windows\$NtUninstallKB981852$\ntkrpamp.exe
+ 2010-09-24 13:37 . 2010-02-16 19:04	2069120              c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
+ 2010-09-24 13:37 . 2010-02-16 19:04	2148864              c:\windows\$NtUninstallKB981852$\ntkrnlmp.exe
+ 2010-08-10 16:20 . 2008-06-17 19:00	8502272              c:\windows\$NtUninstallKB2286198$\shell32.dll
+ 2010-09-24 13:30 . 2010-05-02 08:05	1851392              c:\windows\$NtUninstallKB2160329$\win32k.sys
+ 2010-09-24 13:37 . 2009-07-31 04:32	1172480              c:\windows\$NtUninstallKB2079403$\msxml3.dll
+ 2010-09-24 13:21 . 2010-06-18 13:43	3558912              c:\windows\$hf_mig$\KB981997\SP3QFE\moviemk.exe
+ 2010-09-24 13:24 . 2010-04-28 05:15	2192384              c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
+ 2010-09-24 13:24 . 2010-04-28 05:15	2027008              c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrpamp.exe
+ 2010-04-28 21:15 . 2010-04-28 21:15	2069248              c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
+ 2010-09-24 13:24 . 2010-04-28 05:15	2148864              c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlmp.exe
+ 2010-07-27 06:27 . 2010-07-27 06:27	8504320              c:\windows\$hf_mig$\KB2286198\SP3QFE\shell32.dll
+ 2010-09-24 13:23 . 2010-06-24 12:27	1211904              c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\urlmon.dll
+ 2010-09-24 13:23 . 2010-06-24 12:27	5954560              c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll
+ 2010-09-24 13:23 . 2010-06-24 12:27	1987072              c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\iertutil.dll
+ 2010-06-24 21:29 . 2010-06-24 21:29	1861248              c:\windows\$hf_mig$\KB2160329\SP3QFE\win32k.sys
+ 2010-06-14 07:39 . 2010-06-14 07:39	1172480              c:\windows\$hf_mig$\KB2079403\SP3QFE\msxml3.dll
+ 2008-06-10 15:03 . 2010-09-10 12:34	35552200              c:\windows\system32\MRT.exe
+ 2007-08-13 16:54 . 2010-06-24 15:51	11077120              c:\windows\system32\ieframe.dll
+ 2008-06-10 15:06 . 2010-06-24 15:51	11077120              c:\windows\system32\dllcache\ieframe.dll
+ 2010-05-19 11:08 . 2010-05-19 11:08	11408896              c:\windows\Installer\eb61e.msp
+ 2010-06-11 15:52 . 2010-06-11 15:52	45542912              c:\windows\Installer\109f6e5.msp
+ 2010-09-24 13:31 . 2010-05-06 10:31	11076096              c:\windows\ie8updates\KB2183461-IE8\ieframe.dll
+ 2010-09-24 13:44 . 2010-09-24 13:44	12430848              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll
+ 2010-09-24 13:44 . 2010-09-24 13:44	10683392              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\b307acf63075b997d02a97a7492d0d9c\System.Design.ni.dll
+ 2010-09-24 13:40 . 2010-09-24 13:40	14328320              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a632f3ef85ffd35341b383eed577cb93\PresentationFramework.ni.dll
+ 2010-09-24 13:38 . 2010-09-24 13:38	12215808              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f00db8db51f5707c7fe52c0683dc6136\PresentationCore.ni.dll
+ 2010-09-24 13:37 . 2010-09-24 13:37	11490816              c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
+ 2010-09-24 13:23 . 2010-06-24 12:27	11079168              c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\ieframe.dll
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10	122512	----a-w-	c:\programme\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Mobile Printing"="c:\programme\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE" [2003-05-23 630784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 335872]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"Cpqset"="c:\programme\HPQ\Default Settings\cpqset.exe" [2004-03-01 200766]
"AClntUsr"="c:\program files\Altiris\AClient\AClntUsr.EXE" [2011-05-31 180224]
"LVCOMSX"="c:\programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe" [2006-11-15 244512]
"eabconfg.cpl"="c:\programme\HPQ\Quick Launch Buttons\EabServr.exe" [2003-07-15 274432]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avast"="c:\programme\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21	548352	----a-w-	c:\programme\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AutoCAD Startup Accelerator.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AClntUsr]
2011-05-31 21:35	180224	----a-w-	c:\program files\Altiris\AClient\AClntUsr.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2003-05-30 16:01	88267	----a-r-	c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChkAdmin]
2003-05-12 15:33	81920	----a-w-	c:\progra~1\Compaq\COMPAQ~1\Chkadmin.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 12:00	208952	----a-w-	c:\windows\ime\IMJP8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ Malwarebytes Anti-Malware  (reboot)]
2010-12-20 17:08	963976	----a-w-	c:\programme\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-04 12:00	455168	----a-w-	c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-04 12:00	455168	----a-w-	c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 15:18	413696	----a-w-	c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RemoteRegistry"=2 (0x2)
"DfwWebAgent"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programme\\Trillian\\trillian.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programme\\Zattoo\\zattood.exe"=
"c:\\Programme\\Zattoo\\Zattoo2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"f:\\age of empire 2\\age2_x1.exe"=
"c:\\Program Files\\Altiris\\AClient\\AClntUsr.EXE"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"f:\\C&C Generals\\game.dat"=
"c:\\Dokumente und Einstellungen\\user\\Anwendungsdaten\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:*:Disabled:Services
"52344:TCP"= 52344:TCP:*:Disabled:Services
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [30.5.2011 04:41 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [30.5.2011 04:41 307928]
R1 ClntMgmt;HP Client Management Driver;c:\windows\system32\drivers\Clntmgmt.sys [10.6.2008 12:44 55336]
R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 20:41 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30.5.2011 04:41 19544]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe [27.8.2009 18:09 1253376]
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [10.6.2008 15:23 182101]
R3 WLAN_400_500_SERVICE;HP WLAN W400/W500 Wireless Network Adapter Service;c:\windows\system32\drivers\ar5211.sys [10.6.2008 12:45 468768]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 cpqWebDmi;Insight Web Agent;c:\progra~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe [10.6.2008 12:49 24576]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [29.8.2009 12:37 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [29.8.2009 12:37 3072]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe [7.8.2008 12:10 3276800]
S3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [10.6.2008 15:23 5689]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 xcpip;TCP/IP-Protokolltreiber;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC-Treiber;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.3.2009 07:11 717296]
S4 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [24.3.2010 18:48 323992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/ig?hl=de
uInternet Settings,ProxyOverride = <local>
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Senden an &Bluetooth - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: tu-braunschweig.de\www
TCP: DhcpNameServer = 192.168.178.1
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\dokumente und einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\b47okumb.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Adobe ARM - c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVG7\avgcc.exe
MSConfigStartUp-ISTray - c:\programme\Spyware Doctor\pctsTray.exe
MSConfigStartUp-RSShutdown - c:\programme\RichiStudios\Shutdown\Autostart.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-05-31 23:54
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = c:\programme\HPQ\Default Settings\cpqset.exe????????????8?0?8?4??p???? ???B???????????????B???????? 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]
"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(868)
c:\programme\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(1076)
c:\windows\system32\webcheck.dll
.
Zeit der Fertigstellung: 2011-05-31  23:58:15
ComboFix-quarantined-files.txt  2011-05-31 21:57
ComboFix2.txt  2010-07-21 11:57
ComboFix3.txt  2010-07-21 11:26
ComboFix4.txt  2010-07-21 09:44
ComboFix5.txt  2011-05-31 21:40
.
Vor Suchlauf: 280.387.584 Bytes frei
Nach Suchlauf: 457.408.512 Bytes frei
.
- - End Of File - - DB7E1E904BEE9305F2BD175803DFDBA0

cosinus · 01.06.2011, 09:30

Ja, CF löscht Objekte, die auf der "schwarzen Liste" stehen

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Giz · 06.06.2011, 00:07

Das GMER log ist leider zu groß, kann es auch weder als doc oder pdf auf die hier max erlaubte größe bringen. Als rar klappt auch nicht.
Also hier erstmal das OSAM log. Könnte GMER nur über C laufen lassen dann müsst es passen wenn das ok ist.

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 00:44:57 on 06.06.2011

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"cpqdiag.cpl" - "Hewlett-Packard" - C:\WINDOWS\system32\cpqdiag.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"plotman.cpl" - "Autodesk, Inc." - C:\WINDOWS\system32\plotman.cpl
"styleman.cpl" - "Autodesk, Inc." - C:\WINDOWS\system32\styleman.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"eabconfg.cpl" - "Hewlett-Packard" - C:\Programme\HPQ\Quick Launch Buttons\EABCONFG.CPL
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
"SMAX3CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax3CP.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AEGIS Protocol (IEEE 802.1x) v3.2.0.3" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswFsBlk.sys
"aswMon2" (aswMon2) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswMon2.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswRdr.sys
"aswSnx" (aswSnx) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSnx.sys
"aswSP" (aswSP) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSP.sys
"avast! Asynchronous Virus Monitor" (Aavmker4) - "AVAST Software" - C:\WINDOWS\system32\drivers\Aavmker4.sys
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswTdi.sys
"Bluetooth Port Client Driver" (BTSLBCSP) - ? - C:\WINDOWS\system32\drivers\btslbcsp.sys  (File not found)
"Bluetooth Protocol Stack" (BTKRNL) - ? - C:\WINDOWS\System32\drivers\btkrnl.sys  (File not found)
"Bluetooth Serial Driver" (BTSERIAL) - ? - C:\WINDOWS\system32\drivers\btserial.sys  (File not found)
"catchme" (catchme) - ? - C:\DOKUME~1\user\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"Diagnostics CPU Driver" (cqcpu) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\cqcpu.sys
"Diagnostics Driver" (cpqdfw) - ? - C:\WINDOWS\system32\drivers\cpqdfw.sys  (File found, but it contains no detailed information)
"Diagnostics Memory Driver" (cq_mem) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\cq_mem.sys
"EABFiltr" (eabfiltr) - "Hewlett-Packard Company" - C:\WINDOWS\system32\drivers\EABFiltr.sys
"eabusb" (eabusb) - "Hewlett-Packard Company" - C:\WINDOWS\system32\drivers\eabusb.sys
"epmntdrv" (epmntdrv) - ? - C:\WINDOWS\system32\epmntdrv.sys  (File found, but it contains no detailed information)
"EuGdiDrv" (EuGdiDrv) - ? - C:\WINDOWS\system32\EuGdiDrv.sys  (File found, but it contains no detailed information)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\WINDOWS\System32\DRIVERS\hamachi.sys
"HP Client Management Driver" (ClntMgmt) - "Hewlett-Packard" - C:\WINDOWS\System32\Drivers\ClntMgmt.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"IPSEC-Treiber" (xpsec) - ? - C:\WINDOWS\system32\drivers\xpsec.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"SANDRA" (SANDRA) - ? - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\Sandra.sys  (File not found)
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
"TCP/IP-Protokolltreiber" (xcpip) - ? - C:\WINDOWS\system32\drivers\xcpip.sys  (File not found)
"TfFsMon" (TfFsMon) - ? - C:\WINDOWS\System32\drivers\TfFsMon.sys  (File not found)
"TfNetMon" (TfNetMon) - ? - C:\WINDOWS\system32\drivers\TfNetMon.sys  (File not found)
"TfSysMon" (TfSysMon) - ? - C:\WINDOWS\System32\drivers\TfSysMon.sys  (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Programme\SUPERAntiSpyware\SASSEH.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{6DEA92E9-8682-4b6a-97DE-354772FE5727} "ACDWFTHMBPRXY" - "Autodesk" - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll
{36A21736-36C2-4C11-8ACB-D4136F2B57BD} "AcSignIcon" - "Autodesk" - C:\WINDOWS\system32\AcSignIcon.dll
{AC1DB655-4F9A-4c39-8AD2-A65324A4C446} "ACTHUMBNAIL" - "Autodesk" - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Thumbnail\AcThumbnail16.dll
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Programme\AVAST Software\Avast\ashShell.dll
{C3DFC144-30F8-4138-81F9-578DBEB9324A} "axcrypt.File" - "Axantum Software AB" - C:\Programme\Axantum\AxCrypt\AxCryptShellExt.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{5E2121EE-0300-11D4-8D3B-444553540000} "Digital Protection extension" - ? -   (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{472734EA-242A-422B-ADF8-83D1E48CC825}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{6F15128C-E66A-490C-B848-5000B5ABEEAC} "HP Download Manager" - "Hewlett-Packard Co." - C:\WINDOWS\Downloaded Program Files\HPDEXAXO.dll / https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} "Zylom Games Player" - "Zylom Games" - C:\WINDOWS\Downloaded Program Files\zylomgamesplayer.dll / hxxp://game04.zylom.com/activex/zylomgamesplayer.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\user\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"HP Mobile Printing" - "Hewlett-Packard Company" - C:\Programme\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"AClntUsr" - ? - C:\Program Files\Altiris\AClient\AClntUsr.EXE
"ATIPTA" - "ATI Technologies, Inc." - C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
"avast" - "AVAST Software" - "C:\Programme\AVAST Software\Avast\avastUI.exe" /nogui
"Cpqset" - ? - C:\Programme\HPQ\Default Settings\cpqset.exe  (File found, but it contains no detailed information)
"eabconfg.cpl" - "Hewlett-Packard " - C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe /Start
"LVCOMSX" - "Logitech Inc." - "C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe"
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Bluetooth-Druckeranschluss" - ? - bthcrp.dll  (File not found)
"HP Mobile Port" - "Hewlett-Packard Company" - C:\WINDOWS\system32\HPBMOMON.dll
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Altiris Client-Dienst" (AClient) - "Altiris, Inc." - C:\Program Files\Altiris\AClient\AClient.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Autodesk Licensing Service" (Autodesk Licensing Service) - "Autodesk, Inc." - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Programme\AVAST Software\Avast\AvastSvc.exe
"cpqdmi" (cpqdmi) - "Compaq Computer Corporation" - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
"FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe
"getPlus(R) Helper" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Programme\NOS\bin\getPlus_Helper.dll
"Insight Local Alerter" (CPQALERT) - "Hewlett-Packard Company" - C:\Programme\Compaq\Compaq Management Agents\cpqalert.exe
"Insight Web Agent" (cpqWebDmi) - "Hewlett-Packard Company" - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"LVSrvLauncher" (LVSrvLauncher) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\Logitech\SrvLnch\SrvLnch.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"SoundMAX Agent Service" (SoundMAX Agent Service (default)) - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
"Win32Sl" (WIN32SL) - "Intel" - C:\Programme\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/CODE]

cosinus · 06.06.2011, 11:39

Dann pack das GMER-Log in eine ZIP oder lad es hier hoch => File-Upload.net - Ihr kostenloser File Hoster!

Giz · 07.06.2011, 06:47

Zitat:

Zitat von cosinus

Dann pack das GMER-Log in eine ZIP oder lad es hier hoch => File-Upload.net - Ihr kostenloser File Hoster!

hxxp://www.file-upload.net/download-3488314/gmer.log.html

26.05.2011, 19:38	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojan BankerBot.Gen Hast du die Dateien gelöscht? Evtl lag da ein Fehlalarm vor, der mit einer neuen Signatur behoben wird. __________________ Logfiles bitte immer in CODE-Tags posten

30.05.2011, 11:29	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojan BankerBot.Gen Da wurde ein Sinowal erkannt und entfernt. Bitte Windows neu starten und zur Kontrolle ein neues Log mit dem Kaspersky-TDSS-Killer machen. Am besten auch mit GMER. __________________ Logfiles bitte immer in CODE-Tags posten

06.06.2011, 11:39	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojan BankerBot.Gen Dann pack das GMER-Log in eine ZIP oder lad es hier hoch => File-Upload.net - Ihr kostenloser File Hoster! __________________ Logfiles bitte immer in CODE-Tags posten

Trojan BankerBot.Gen

Plagegeister aller Art und deren Bekämpfung: Trojan BankerBot.Gen