bundeskriminalamt-virus vollständig löschen

Gargamel456 · 06.09.2011, 13:20

Wie beim ersten mal auch, ist OTL auch diesmal an dieser Stelle hängengeblieben:

O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)

Was nun?

cosinus · 06.09.2011, 15:59

Lass diese Zeile mal im Script weg. Die Asktoolbar ist zwar nervig, sollte aber keine Gefahr sein...

Gargamel456 · 06.09.2011, 18:00

Nachdem ich diese Zeile weggelassen habe, ist er an einer anderem Zeile mit 03 vorne hängengeblieben (ich glaube es war die vierte von den untenstehenden). Ich habe daher alle vier Zeilen, die mit 03 beginnen, weggelassen:

O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)

Hoffe, dass das so in Ordnung war, jedenfalls gab es diesmal ein Ergebnis:

HTML-Code:

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Folder C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\84t4r4d3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\ not found.
Folder C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\84t4r4d3.default\extensions\toolbar@ask.com\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
C:\Programme\Ask.com\Updater folder moved successfully.
C:\Programme\Ask.com\assets\oobe folder moved successfully.
C:\Programme\Ask.com\assets folder moved successfully.
C:\Programme\Ask.com folder moved successfully.
C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: HP_Besitzer
->Temp folder emptied: 181630313 bytes
->Temporary Internet Files folder emptied: 37819053 bytes
->Java cache emptied: 5467801 bytes
->FireFox cache emptied: 89446525 bytes
->Flash cache emptied: 513 bytes
 
User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 864592 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 248963 bytes
RecycleBin emptied: 101376 bytes
 
Total Files Cleaned = 301,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.23.0 log created on 09062011_185418

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 07.09.2011, 09:25

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

Gargamel456 · 07.09.2011, 13:37

Alles klar, hier das logfile von TDSS Killer:
Das Unhide Tool habe ich nicht gemacht, da ich meiner Meinung nach alles sehen und benutzen kann...

HTML-Code:

2011/09/07 14:33:37.0578 2108	TDSS rootkit removing tool 2.5.19.0 Sep  6 2011 19:23:56
2011/09/07 14:33:37.0921 2108	================================================================================
2011/09/07 14:33:37.0921 2108	SystemInfo:
2011/09/07 14:33:37.0921 2108	
2011/09/07 14:33:37.0921 2108	OS Version: 5.1.2600 ServicePack: 3.0
2011/09/07 14:33:37.0921 2108	Product type: Workstation
2011/09/07 14:33:37.0921 2108	ComputerName: NAME-CD5FDA878D
2011/09/07 14:33:37.0921 2108	UserName: HP_Besitzer
2011/09/07 14:33:37.0921 2108	Windows directory: C:\WINDOWS
2011/09/07 14:33:37.0921 2108	System windows directory: C:\WINDOWS
2011/09/07 14:33:37.0921 2108	Processor architecture: Intel x86
2011/09/07 14:33:37.0921 2108	Number of processors: 1
2011/09/07 14:33:37.0921 2108	Page size: 0x1000
2011/09/07 14:33:37.0921 2108	Boot type: Normal boot
2011/09/07 14:33:37.0921 2108	================================================================================
2011/09/07 14:33:41.0828 2108	Initialize success
2011/09/07 14:33:47.0609 0376	================================================================================
2011/09/07 14:33:47.0609 0376	Scan started
2011/09/07 14:33:47.0609 0376	Mode: Manual; 
2011/09/07 14:33:47.0609 0376	================================================================================
2011/09/07 14:33:49.0953 0376	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/07 14:33:50.0234 0376	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/07 14:33:50.0500 0376	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/07 14:33:50.0765 0376	AFD             (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/09/07 14:33:51.0406 0376	ALCXWDM         (7f26d024355cbadb60838f53dfb171ec) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/09/07 14:33:51.0906 0376	AmdK8           (769844eb65df6a62aa51b886290fe51d) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/09/07 14:33:52.0140 0376	Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/09/07 14:33:52.0500 0376	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/07 14:33:52.0734 0376	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/07 14:33:52.0859 0376	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/07 14:33:53.0000 0376	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/07 14:33:53.0265 0376	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
2011/09/07 14:33:53.0375 0376	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/09/07 14:33:53.0531 0376	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/09/07 14:33:53.0750 0376	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/07 14:33:53.0937 0376	btaudio         (74ef010b27a2bf44dd5649dd331899a0) C:\WINDOWS\system32\drivers\btaudio.sys
2011/09/07 14:33:54.0093 0376	BTDriver        (3c7c61c3d0b0f87136ad925ca624dc1c) C:\WINDOWS\system32\DRIVERS\btport.sys
2011/09/07 14:33:54.0296 0376	BTKRNL          (515617cc36e7c5bee744b3c62affb4f5) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/09/07 14:33:54.0515 0376	BTWDNDIS        (2ccd954aac705aaa98ad7e545bd44efe) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2011/09/07 14:33:54.0796 0376	btwhid          (af60e6ffef11cc9653d5edc0b238893b) C:\WINDOWS\system32\DRIVERS\btwhid.sys
2011/09/07 14:33:54.0968 0376	BTWUSB          (dceffeeae5672e57dd1343236fbb5763) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/09/07 14:33:55.0328 0376	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/07 14:33:55.0515 0376	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/09/07 14:33:55.0781 0376	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/07 14:33:55.0953 0376	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/07 14:33:56.0093 0376	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/07 14:33:56.0718 0376	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/07 14:33:56.0937 0376	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/07 14:33:57.0140 0376	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/07 14:33:57.0296 0376	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/07 14:33:57.0468 0376	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/07 14:33:57.0843 0376	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/07 14:33:58.0140 0376	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/07 14:33:58.0343 0376	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/09/07 14:33:58.0421 0376	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/07 14:33:58.0515 0376	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/09/07 14:33:58.0781 0376	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/07 14:33:59.0078 0376	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/07 14:33:59.0250 0376	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/07 14:33:59.0515 0376	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/07 14:33:59.0781 0376	hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/07 14:34:00.0015 0376	HPZid412        (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/09/07 14:34:00.0140 0376	HPZipr12        (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/09/07 14:34:00.0312 0376	HPZius12        (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/09/07 14:34:00.0578 0376	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/07 14:34:00.0781 0376	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/07 14:34:00.0875 0376	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/07 14:34:01.0015 0376	IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/09/07 14:34:01.0093 0376	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/07 14:34:01.0171 0376	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/07 14:34:01.0250 0376	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/07 14:34:01.0343 0376	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/07 14:34:01.0406 0376	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/07 14:34:01.0500 0376	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/07 14:34:01.0593 0376	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/07 14:34:01.0671 0376	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/07 14:34:01.0734 0376	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/07 14:34:01.0812 0376	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/09/07 14:34:01.0875 0376	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/07 14:34:01.0953 0376	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/07 14:34:02.0093 0376	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/07 14:34:02.0156 0376	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/07 14:34:02.0218 0376	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/07 14:34:02.0281 0376	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/07 14:34:02.0328 0376	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/07 14:34:02.0421 0376	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/07 14:34:02.0515 0376	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/07 14:34:02.0593 0376	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/07 14:34:02.0656 0376	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/07 14:34:02.0703 0376	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/07 14:34:02.0765 0376	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/07 14:34:02.0859 0376	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/07 14:34:02.0937 0376	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/09/07 14:34:03.0015 0376	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/07 14:34:03.0093 0376	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/09/07 14:34:03.0187 0376	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/07 14:34:03.0265 0376	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/09/07 14:34:03.0343 0376	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/07 14:34:03.0421 0376	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/07 14:34:03.0468 0376	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/07 14:34:03.0562 0376	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/07 14:34:03.0656 0376	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/07 14:34:03.0734 0376	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/07 14:34:03.0875 0376	NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/09/07 14:34:03.0937 0376	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/07 14:34:04.0015 0376	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/07 14:34:04.0125 0376	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/07 14:34:04.0312 0376	nv              (94c9962a2d51115be99dbed20801edae) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/09/07 14:34:04.0484 0376	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/07 14:34:04.0562 0376	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/07 14:34:04.0640 0376	ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/09/07 14:34:04.0796 0376	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/07 14:34:04.0859 0376	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/07 14:34:04.0906 0376	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/07 14:34:04.0953 0376	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/07 14:34:05.0062 0376	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/07 14:34:05.0125 0376	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/07 14:34:05.0406 0376	phaudlwr        (427e58b9357fba0fdcec08f3930a7325) C:\WINDOWS\system32\DRIVERS\phaudlwr.sys
2011/09/07 14:34:05.0500 0376	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/07 14:34:05.0562 0376	Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/09/07 14:34:05.0656 0376	Ps2             (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
2011/09/07 14:34:05.0703 0376	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/07 14:34:05.0750 0376	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/07 14:34:05.0828 0376	PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/07 14:34:06.0015 0376	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/07 14:34:06.0093 0376	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/07 14:34:06.0156 0376	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/07 14:34:06.0203 0376	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/07 14:34:06.0281 0376	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/07 14:34:06.0359 0376	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/07 14:34:06.0437 0376	RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/07 14:34:06.0515 0376	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/07 14:34:06.0609 0376	RTL8023xp       (7889e3981e0a5d347e037abd467d53a5) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/09/07 14:34:06.0687 0376	rtl8139         (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/09/07 14:34:06.0734 0376	s117bus         (1f561844318914e7eb6e54673a4cc54c) C:\WINDOWS\system32\DRIVERS\s117bus.sys
2011/09/07 14:34:06.0796 0376	s117mdfl        (ba93eec3cdf6a63b77ae66221aa4f902) C:\WINDOWS\system32\DRIVERS\s117mdfl.sys
2011/09/07 14:34:06.0843 0376	s117mdm         (cba12fd8a8ee5b5cdfbbae2381cd6703) C:\WINDOWS\system32\DRIVERS\s117mdm.sys
2011/09/07 14:34:06.0890 0376	s117mgmt        (bd6483e64b1da17e812b34bcdefd9459) C:\WINDOWS\system32\DRIVERS\s117mgmt.sys
2011/09/07 14:34:06.0953 0376	s117nd5         (c7ca36c3054b4cd47a1f6611b046e2f9) C:\WINDOWS\system32\DRIVERS\s117nd5.sys
2011/09/07 14:34:07.0046 0376	s117obex        (e290b3a6b58fb72ca97dd48d64e4fc1c) C:\WINDOWS\system32\DRIVERS\s117obex.sys
2011/09/07 14:34:07.0093 0376	s117unic        (5c4d1ba23c7511ac880e8ba7baa80dba) C:\WINDOWS\system32\DRIVERS\s117unic.sys
2011/09/07 14:34:07.0187 0376	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/07 14:34:07.0265 0376	seehcri         (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
2011/09/07 14:34:07.0328 0376	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/07 14:34:07.0390 0376	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/07 14:34:07.0453 0376	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/07 14:34:07.0578 0376	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/09/07 14:34:07.0656 0376	SONYPVU1        (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/09/07 14:34:07.0765 0376	SPC530          (437198c0d349b0e0d4305d3081c5e912) C:\WINDOWS\system32\drivers\SPC530.sys
2011/09/07 14:34:07.0828 0376	SPC530m         (92e0ce241498b483404a957e709329cc) C:\WINDOWS\system32\drivers\SPC530m.sys
2011/09/07 14:34:07.0906 0376	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/07 14:34:08.0031 0376	sptd            (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys
2011/09/07 14:34:08.0031 0376	Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
2011/09/07 14:34:08.0046 0376	sptd - detected LockedFile.Multi.Generic (1)
2011/09/07 14:34:08.0062 0376	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/07 14:34:08.0156 0376	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/07 14:34:08.0234 0376	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/09/07 14:34:08.0328 0376	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/09/07 14:34:08.0375 0376	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/07 14:34:08.0437 0376	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/07 14:34:08.0640 0376	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/07 14:34:08.0750 0376	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/07 14:34:08.0828 0376	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/07 14:34:08.0875 0376	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/07 14:34:08.0921 0376	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/07 14:34:09.0031 0376	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/07 14:34:09.0140 0376	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/07 14:34:09.0234 0376	usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/09/07 14:34:09.0296 0376	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/07 14:34:09.0359 0376	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/07 14:34:09.0437 0376	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/07 14:34:09.0500 0376	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/09/07 14:34:09.0578 0376	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/07 14:34:09.0625 0376	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/07 14:34:09.0687 0376	usbstor         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/07 14:34:09.0718 0376	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/07 14:34:09.0812 0376	vaxscsi         (92cebc2bc7be2c8d49391b365569f306) C:\WINDOWS\System32\Drivers\vaxscsi.sys
2011/09/07 14:34:09.0906 0376	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/07 14:34:10.0000 0376	ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/09/07 14:34:10.0078 0376	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/07 14:34:10.0156 0376	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/07 14:34:10.0234 0376	Wdf01000        (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/09/07 14:34:10.0359 0376	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/07 14:34:10.0484 0376	WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/09/07 14:34:10.0562 0376	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/09/07 14:34:10.0609 0376	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/07 14:34:10.0671 0376	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/07 14:34:10.0781 0376	MBR (0x1B8)     (958338c2d641d56774cebb0acd294050) \Device\Harddisk0\DR0
2011/09/07 14:34:10.0828 0376	Boot (0x1200)   (cfe231d98560742ce12f9cc71424a13d) \Device\Harddisk0\DR0\Partition0
2011/09/07 14:34:10.0843 0376	Boot (0x1200)   (9efc29bfb69d725f4a1422fcfbd9b6a1) \Device\Harddisk0\DR0\Partition1
2011/09/07 14:34:10.0843 0376	================================================================================
2011/09/07 14:34:10.0843 0376	Scan finished
2011/09/07 14:34:10.0843 0376	================================================================================
2011/09/07 14:34:10.0875 2744	Detected object count: 1
2011/09/07 14:34:10.0875 2744	Actual detected object count: 1
2011/09/07 14:34:28.0921 2744	LockedFile.Multi.Generic(sptd) - User select action: Skip

cosinus · 07.09.2011, 14:04

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Gargamel456 · 07.09.2011, 15:24

Alles klar, hier ist die Cofi logdatei:

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-09-07.04 - HP_Besitzer 07.09.2011  16:10:21.5.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1022.623 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\HP_Besitzer\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory
c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory\ngen.exe.2c05686e.ini
c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory\SL52.tmp.b470469.ini
c:\dokumente und einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory
c:\dokumente und einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory\csc.exe.3e4ac0af.ini
c:\dokumente und einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory\HpqDIA.exe.fd906699.ini
c:\dokumente und einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory\HPQDOC~1.EXE.893698d7.ini
c:\dokumente und einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory\HPQDocViewer.exe.7e1a2875.ini
c:\dokumente und einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory\hpqimzone.exe.bfe59c6d.ini
c:\dokumente und einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory\hpqthb08.exe.76f0bec1.ini
c:\dokumente und einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory\ngen.exe.2c05686e.ini
c:\dokumente und einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory\SL52.tmp.b470469.ini
c:\windows\system32\ps2.bat
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-08-07 bis 2011-09-07  ))))))))))))))))))))))))))))))
.
.
2011-09-07 10:30 . 2011-09-07 10:30	--------	d-----w-	c:\windows\LastGood
2011-09-06 22:48 . 2011-09-06 22:48	--------	d-----w-	c:\dokumente und einstellungen\HP_Besitzer\Anwendungsdaten\ZoomBrowser EX
2011-09-06 22:16 . 2011-09-06 22:16	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\ZoomBrowser
2011-09-06 22:15 . 2011-09-06 22:18	--------	d-----w-	c:\programme\Canon
2011-09-06 22:14 . 2011-09-06 22:14	--------	d-----w-	c:\programme\Gemeinsame Dateien\Canon
2011-09-05 15:34 . 2011-09-05 15:34	--------	d-----w-	C:\_OTL
2011-09-02 23:35 . 2011-09-02 23:35	--------	d-----w-	c:\programme\ESET
2011-09-01 10:16 . 2011-09-01 18:20	--------	d-----w-	c:\dokumente und einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\AskToolbar
2011-09-01 10:15 . 2011-09-01 10:15	--------	d-----w-	c:\dokumente und einstellungen\HP_Besitzer\Anwendungsdaten\Philipp Winterberg
2011-09-01 10:15 . 2011-09-01 10:15	--------	d-----w-	c:\programme\Free RAR Extract Frog
2011-08-27 07:55 . 2011-09-01 10:15	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-10 18:00 . 2011-06-24 14:10	139656	------w-	c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 17:59 . 2011-07-08 14:02	10496	------w-	c:\windows\system32\dllcache\ndistapi.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:29 . 2004-08-04 04:00	456320	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-04 04:00	10496	------w-	c:\windows\system32\drivers\ndistapi.sys
2011-07-06 17:52 . 2011-06-02 17:57	41272	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2011-06-02 17:57	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-06-30 19:16 . 2010-07-12 11:32	66616	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-06-30 19:16 . 2010-07-12 11:32	138192	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-06-24 14:10 . 2004-08-04 04:00	139656	------w-	c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:31 . 2004-08-04 04:00	916480	----a-w-	c:\windows\system32\wininet.dll
2011-06-23 18:31 . 2004-08-04 04:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2011-06-23 18:31 . 2004-08-04 04:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-04 04:00	385024	----a-w-	c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-04 04:00	293888	----a-w-	c:\windows\system32\winsrv.dll
2011-09-07 12:35 . 2011-05-11 04:31	134104	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((   SnapShot_2011-06-21_17.19.54   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-07 10:27 . 2011-09-07 10:27	16384              c:\windows\Temp\Perflib_Perfdata_4e8.dat
+ 2007-07-18 12:42 . 2011-07-08 13:49	46080              c:\windows\system32\tzchange.exe
- 2007-07-18 12:42 . 2010-11-03 13:12	46080              c:\windows\system32\tzchange.exe
+ 2004-11-02 18:10 . 2011-09-07 10:27	73574              c:\windows\system32\perfc009.dat
+ 2004-11-02 18:10 . 2011-09-07 10:27	87382              c:\windows\system32\perfc007.dat
+ 2004-08-04 04:00 . 2011-06-23 18:31	66560              c:\windows\system32\mshtmled.dll
- 2004-08-04 04:00 . 2011-04-25 16:05	66560              c:\windows\system32\mshtmled.dll
+ 2009-03-08 02:31 . 2011-06-23 18:31	55296              c:\windows\system32\msfeedsbs.dll
- 2009-03-08 02:31 . 2011-04-25 16:05	55296              c:\windows\system32\msfeedsbs.dll
- 2004-08-04 04:00 . 2011-04-25 16:05	25600              c:\windows\system32\jsproxy.dll
+ 2004-08-04 04:00 . 2011-06-23 18:31	25600              c:\windows\system32\jsproxy.dll
- 2010-07-18 23:00 . 2011-04-25 16:05	12800              c:\windows\system32\dllcache\xpshims.dll
+ 2010-07-18 23:00 . 2011-06-23 18:31	12800              c:\windows\system32\dllcache\xpshims.dll
- 2009-03-08 02:31 . 2011-04-25 16:05	66560              c:\windows\system32\dllcache\mshtmled.dll
+ 2009-03-08 02:31 . 2011-06-23 18:31	66560              c:\windows\system32\dllcache\mshtmled.dll
- 2010-07-18 23:00 . 2011-04-25 16:05	55296              c:\windows\system32\dllcache\msfeedsbs.dll
+ 2010-07-18 23:00 . 2011-06-23 18:31	55296              c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-03-08 02:34 . 2011-04-25 16:05	43520              c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-08 02:34 . 2011-06-23 18:31	43520              c:\windows\system32\dllcache\licmgr10.dll
- 2009-03-08 02:33 . 2011-04-25 16:05	25600              c:\windows\system32\dllcache\jsproxy.dll
+ 2009-03-08 02:33 . 2011-06-23 18:31	25600              c:\windows\system32\dllcache\jsproxy.dll
+ 2009-12-14 07:08 . 2011-04-26 11:07	33280              c:\windows\system32\dllcache\csrsrv.dll
- 2009-12-14 07:08 . 2010-12-09 14:29	33280              c:\windows\system32\dllcache\csrsrv.dll
+ 2004-08-04 04:00 . 2011-04-26 11:07	33280              c:\windows\system32\csrsrv.dll
- 2004-08-04 04:00 . 2010-12-09 14:29	33280              c:\windows\system32\csrsrv.dll
+ 2011-08-09 20:28 . 2011-08-09 20:28	22016              c:\windows\Installer\296d0f.msi
+ 2011-06-26 17:40 . 2011-06-26 17:40	65536              c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2011-06-26 17:40 . 2011-06-26 17:40	65536              c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2011-06-26 17:40 . 2011-06-26 17:40	65536              c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2011-06-26 17:40 . 2011-06-26 17:40	65536              c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2011-06-26 17:40 . 2011-06-26 17:40	65536              c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2011-06-26 17:40 . 2011-06-26 17:40	65536              c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2011-06-26 17:40 . 2011-06-26 17:40	65536              c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\ARPPRODUCTICON.exe
+ 2008-04-29 16:56 . 2011-08-11 15:34	23040              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-04-29 16:56 . 2011-06-16 21:35	23040              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-04-29 16:56 . 2011-08-11 15:34	61440              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-04-29 16:56 . 2011-06-16 21:35	61440              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-04-29 16:56 . 2011-08-11 15:34	27136              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-04-29 16:56 . 2011-06-16 21:35	27136              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-04-29 16:56 . 2011-08-11 15:34	11264              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-04-29 16:56 . 2011-06-16 21:35	11264              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-04-29 16:56 . 2011-06-16 21:35	86016              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-04-29 16:56 . 2011-08-11 15:34	86016              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-04-29 16:56 . 2011-06-16 21:35	12288              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-04-29 16:56 . 2011-08-11 15:34	12288              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2011-09-01 10:16 . 2011-09-01 10:16	77824              c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
+ 2011-08-11 15:29 . 2011-04-25 16:05	12800              c:\windows\ie8updates\KB2559049-IE8\xpshims.dll
+ 2011-08-11 15:29 . 2011-04-25 16:05	66560              c:\windows\ie8updates\KB2559049-IE8\mshtmled.dll
+ 2011-08-11 15:29 . 2011-04-25 16:05	55296              c:\windows\ie8updates\KB2559049-IE8\msfeedsbs.dll
+ 2011-08-11 15:29 . 2011-04-25 16:05	43520              c:\windows\ie8updates\KB2559049-IE8\licmgr10.dll
+ 2011-08-11 15:29 . 2011-04-25 16:05	25600              c:\windows\ie8updates\KB2559049-IE8\jsproxy.dll
+ 2011-06-30 21:24 . 2011-06-30 21:24	60928              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\1492e9393417d6e91b5ddc746b5ef320\UIAutomationProvider.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58	37888              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\343c52b741531ce9ae874ea7508831a7\System.Windows.Presentation.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58	36864              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\246110974e3c48733458819b07464b23\System.Web.DynamicData.Design.ni.dll
+ 2011-08-11 15:56 . 2011-08-11 15:56	94208              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ace861fe8dbf146c3e449abaa7691e9f\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-06-30 22:19 . 2011-06-30 22:19	82944              c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\177a17af98d803ab79006d6785706462\System.AddIn.Contract.ni.dll
+ 2011-08-11 15:44 . 2011-08-11 15:44	47104              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\40ee65aacd9d7472cd6f8dddbfca604b\PresentationFontCache.ni.exe
+ 2011-08-11 15:44 . 2011-08-11 15:44	39424              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\12c424eed7ee0e9c017bf72ff09eb78c\PresentationCFFRasterizer.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58	55296              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f9c514544c8e23220493cd42a0e20678\Microsoft.Vsa.ni.dll
+ 2011-06-30 22:19 . 2011-06-30 22:19	65024              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\f5057c30d89ad8d99e38c946a68def9e\Microsoft.Build.Framework.ni.dll
+ 2011-06-30 22:18 . 2011-06-30 22:18	74752              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\623c05a555ac0719a1367f511d4a9270\Microsoft.Build.Framework.ni.dll
+ 2011-06-30 22:18 . 2011-06-30 22:18	14336              c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\c40d3caad8bff3c52db7e7562286406a\dfsvc.ni.exe
+ 2011-06-30 22:18 . 2011-06-30 22:18	25600              c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	77824              c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	77824              c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	81920              c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	81920              c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	81920              c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-04-17 15:20 . 2011-04-17 15:20	81920              c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	32768              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	32768              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	12800              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	12800              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	28672              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	28672              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	77824              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	77824              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	36864              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	36864              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	77824              c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	77824              c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	13312              c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	13312              c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	10752              c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	10752              c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	72192              c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	72192              c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	69120              c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	69120              c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-07-13 20:38 . 2010-12-09 14:29	33280              c:\windows\$NtUninstallKB2507938$\csrsrv.dll
+ 2011-07-13 20:34 . 2010-07-05 13:14	26488              c:\windows\$hf_mig$\KB2555917\update\spcustom.dll
+ 2011-07-13 20:34 . 2010-07-05 13:14	18808              c:\windows\$hf_mig$\KB2555917\spmsg.dll
+ 2011-06-29 16:38 . 2010-07-05 13:14	26488              c:\windows\$hf_mig$\KB2541763\update\spcustom.dll
+ 2011-06-29 16:38 . 2010-07-05 13:14	18808              c:\windows\$hf_mig$\KB2541763\spmsg.dll
+ 2011-07-13 20:38 . 2010-07-05 13:14	26488              c:\windows\$hf_mig$\KB2507938\update\spcustom.dll
+ 2011-07-13 20:38 . 2010-07-05 13:14	18808              c:\windows\$hf_mig$\KB2507938\spmsg.dll
+ 2011-04-26 11:02 . 2011-04-26 11:02	33280              c:\windows\$hf_mig$\KB2507938\SP3QFE\csrsrv.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	8192              c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	8192              c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2008-04-29 16:56 . 2011-08-11 15:34	4096              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-04-29 16:56 . 2011-06-16 21:35	4096              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2011-08-11 15:42 . 2011-08-11 15:42	7168              c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	7168              c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-04-17 15:20 . 2011-04-17 15:20	5632              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	5632              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	6656              c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	6656              c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	8192              c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	8192              c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	113664              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	113664              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2004-08-04 04:00 . 2009-03-08 02:34	105984              c:\windows\system32\url.dll
+ 2004-08-04 04:00 . 2011-06-23 18:31	105984              c:\windows\system32\url.dll
+ 2004-08-04 04:00 . 2011-04-29 17:25	151552              c:\windows\system32\schannel.dll
+ 2004-11-02 18:10 . 2011-09-07 10:27	446752              c:\windows\system32\perfh009.dat
+ 2004-11-02 18:10 . 2011-09-07 10:27	465684              c:\windows\system32\perfh007.dat
- 2004-08-04 04:00 . 2011-04-25 16:05	206848              c:\windows\system32\occache.dll
+ 2004-08-04 04:00 . 2011-06-23 18:31	206848              c:\windows\system32\occache.dll
+ 2004-08-04 04:00 . 2011-06-23 18:31	611840              c:\windows\system32\mstime.dll
- 2004-08-04 04:00 . 2011-04-25 16:05	611840              c:\windows\system32\mstime.dll
+ 2009-03-08 02:32 . 2011-06-23 18:31	602112              c:\windows\system32\msfeeds.dll
- 2009-03-08 02:32 . 2011-04-25 16:05	602112              c:\windows\system32\msfeeds.dll
+ 2011-08-27 07:55 . 2011-08-27 07:55	243360              c:\windows\system32\Macromed\Flash\FlashUtil10w_Plugin.exe
+ 2011-09-01 10:15 . 2011-09-01 10:15	243360              c:\windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe
+ 2011-09-01 10:15 . 2011-09-01 10:15	328864              c:\windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.dll
+ 2004-08-04 04:00 . 2011-06-23 18:31	184320              c:\windows\system32\iepeers.dll
- 2004-08-04 04:00 . 2011-04-25 16:05	184320              c:\windows\system32\iepeers.dll
+ 2004-08-04 04:00 . 2011-06-23 18:31	387584              c:\windows\system32\iedkcs32.dll
- 2004-08-04 04:00 . 2011-04-25 16:05	387584              c:\windows\system32\iedkcs32.dll
+ 2004-08-04 04:00 . 2011-06-23 12:05	173568              c:\windows\system32\ie4uinit.exe
- 2004-08-04 04:00 . 2011-04-25 12:01	173568              c:\windows\system32\ie4uinit.exe
- 2004-11-02 18:08 . 2011-04-17 15:57	314768              c:\windows\system32\FNTCACHE.DAT
+ 2004-11-02 18:08 . 2011-07-14 15:33	314768              c:\windows\system32\FNTCACHE.DAT
+ 2010-06-18 17:44 . 2011-06-20 17:44	293888              c:\windows\system32\dllcache\winsrv.dll
- 2010-06-18 17:44 . 2010-06-18 17:44	293888              c:\windows\system32\dllcache\winsrv.dll
+ 2008-04-21 06:42 . 2011-06-23 18:31	916480              c:\windows\system32\dllcache\wininet.dll
- 2008-04-21 06:42 . 2011-04-25 16:05	916480              c:\windows\system32\dllcache\wininet.dll
- 2009-03-08 02:34 . 2009-03-08 02:34	105984              c:\windows\system32\dllcache\url.dll
+ 2009-03-08 02:34 . 2011-06-23 18:31	105984              c:\windows\system32\dllcache\url.dll
+ 2008-12-05 06:55 . 2011-04-29 17:25	151552              c:\windows\system32\dllcache\schannel.dll
- 2009-03-08 02:34 . 2011-04-25 16:05	206848              c:\windows\system32\dllcache\occache.dll
+ 2009-03-08 02:34 . 2011-06-23 18:31	206848              c:\windows\system32\dllcache\occache.dll
+ 2009-03-08 02:32 . 2011-06-23 18:31	611840              c:\windows\system32\dllcache\mstime.dll
- 2009-03-08 02:32 . 2011-04-25 16:05	611840              c:\windows\system32\dllcache\mstime.dll
- 2010-07-18 23:00 . 2011-04-25 16:05	602112              c:\windows\system32\dllcache\msfeeds.dll
+ 2010-07-18 23:00 . 2011-06-23 18:31	602112              c:\windows\system32\dllcache\msfeeds.dll
+ 2008-11-12 12:25 . 2011-07-15 13:29	456320              c:\windows\system32\dllcache\mrxsmb.sys
- 2008-11-12 12:25 . 2011-04-29 16:19	456320              c:\windows\system32\dllcache\mrxsmb.sys
- 2010-07-18 23:00 . 2011-04-25 16:05	247808              c:\windows\system32\dllcache\ieproxy.dll
+ 2010-07-18 23:00 . 2011-06-23 18:31	247808              c:\windows\system32\dllcache\ieproxy.dll
+ 2010-04-16 16:06 . 2011-06-23 18:31	184320              c:\windows\system32\dllcache\iepeers.dll
- 2010-04-16 16:06 . 2011-04-25 16:05	184320              c:\windows\system32\dllcache\iepeers.dll
- 2010-07-18 23:00 . 2011-04-25 16:05	743424              c:\windows\system32\dllcache\iedvtool.dll
+ 2010-07-18 23:00 . 2011-06-23 18:31	743424              c:\windows\system32\dllcache\iedvtool.dll
- 2009-03-08 12:09 . 2011-04-25 16:05	387584              c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 12:09 . 2011-06-23 18:31	387584              c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 02:32 . 2011-04-25 12:01	173568              c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-03-08 02:32 . 2011-06-23 12:05	173568              c:\windows\system32\dllcache\ie4uinit.exe
- 2011-01-18 02:39 . 2011-01-18 02:39	388936              c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-03-25 04:15 . 2011-03-25 04:15	388936              c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2011-01-18 02:39 . 2011-01-18 02:39	363856              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-03-25 04:15 . 2011-03-25 04:15	363856              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2011-01-18 02:39 . 2011-01-18 02:39	989016              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-03-25 04:15 . 2011-03-25 04:15	989016              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-07-14 15:36 . 2011-07-14 15:36	691200              c:\windows\Installer\14b36.msi
+ 2011-07-14 15:36 . 2011-07-14 15:36	371272              c:\windows\Installer\{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}\SkypeIcon.exe
+ 2008-04-29 16:56 . 2011-08-11 15:34	409600              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-04-29 16:56 . 2011-06-16 21:35	409600              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-04-29 16:56 . 2011-08-11 15:34	286720              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-04-29 16:56 . 2011-06-16 21:35	286720              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-04-29 16:56 . 2011-08-11 15:34	249856              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-04-29 16:56 . 2011-06-16 21:35	249856              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-04-29 16:56 . 2011-08-11 15:34	794624              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-04-29 16:56 . 2011-06-16 21:35	794624              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-04-29 16:56 . 2011-08-11 15:34	135168              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-04-29 16:56 . 2011-06-16 21:35	135168              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-04-29 16:56 . 2011-06-16 21:35	593920              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-04-29 16:56 . 2011-08-11 15:34	593920              c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2011-08-11 15:29 . 2011-04-25 16:05	916480              c:\windows\ie8updates\KB2559049-IE8\wininet.dll
+ 2011-08-11 15:29 . 2009-03-08 02:34	105984              c:\windows\ie8updates\KB2559049-IE8\url.dll
+ 2011-08-11 15:29 . 2010-07-05 13:14	388984              c:\windows\ie8updates\KB2559049-IE8\spuninst\updspapi.dll
+ 2011-08-11 15:29 . 2010-07-05 13:14	234872              c:\windows\ie8updates\KB2559049-IE8\spuninst\spuninst.exe
+ 2011-08-11 15:29 . 2011-04-25 16:05	206848              c:\windows\ie8updates\KB2559049-IE8\occache.dll
+ 2011-08-11 15:29 . 2011-04-25 16:05	611840              c:\windows\ie8updates\KB2559049-IE8\mstime.dll
+ 2011-08-11 15:29 . 2011-04-25 16:05	602112              c:\windows\ie8updates\KB2559049-IE8\msfeeds.dll
+ 2011-08-11 15:29 . 2011-04-25 16:05	247808              c:\windows\ie8updates\KB2559049-IE8\ieproxy.dll
+ 2011-08-11 15:29 . 2011-04-25 16:05	184320              c:\windows\ie8updates\KB2559049-IE8\iepeers.dll
+ 2011-08-11 15:29 . 2011-04-25 16:05	743424              c:\windows\ie8updates\KB2559049-IE8\iedvtool.dll
+ 2011-08-11 15:29 . 2011-04-25 16:05	387584              c:\windows\ie8updates\KB2559049-IE8\iedkcs32.dll
+ 2011-08-11 15:29 . 2011-04-25 12:01	173568              c:\windows\ie8updates\KB2559049-IE8\ie4uinit.exe
- 2008-11-12 12:25 . 2011-04-29 16:19	456320              c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-11-12 12:25 . 2011-07-15 13:29	456320              c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2011-08-11 15:56 . 2011-08-11 15:56	321536              c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\cc14c69205b984edba1db26fd5e421ac\WsatConfig.ni.exe
+ 2011-08-11 15:46 . 2011-08-11 15:46	240128              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\39ce0c9c9cc294c0ee26c4ff01522961\WindowsFormsIntegration.ni.dll
+ 2011-06-30 21:24 . 2011-06-30 21:24	187904              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\3740d6db28af31a6523a79fcdd71fbeb\UIAutomationTypes.ni.dll
+ 2011-08-11 15:46 . 2011-08-11 15:46	447488              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\431e918aee8da919f5b9e3a5195ccf93\UIAutomationClient.ni.dll
+ 2011-08-11 15:59 . 2011-08-11 15:59	400896              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\946eefb99bc116ee68e0e7c69a5a8a5c\System.Xml.Linq.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58	129536              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\a82eef3128b9527dc05b3c8667e713bc\System.Web.Routing.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58	202240              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\203c148c913357bfc2ae9d209101f2b3\System.Web.RegularExpressions.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58	859648              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f89fe39468ea6faf71c4257c89cf3c54\System.Web.Extensions.Design.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58	328704              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\2314ff800782dc85224e69e802a073f7\System.Web.Entity.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58	301056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f690a8f5d784a5bb20f2cbaa7277eb6c\System.Web.Entity.Design.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58	547328              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\c5c96400424b85536443623f96f64581\System.Web.DynamicData.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58	141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\5f8e87b47465a038403e73012c6d102a\System.Web.Abstractions.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58	627200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\846dd505f97805f00999ee26aec9bf75\System.Transactions.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58	212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll
+ 2011-08-11 15:56 . 2011-08-11 15:56	679936              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\de9cd25ccb24bcf8a0316756e766721f\System.Security.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58	311296              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\21248037960cf6dfa2ce401d355bd6c9\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58	621056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\480ea914e13fe41cdd8fb542bb1f7e81\System.Net.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58	998400              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e563a58e6fc0117070d5b8fd59e4e1b\System.Management.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58	330752              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\dc72c7581f1b3794c0ea595ba02ff7ad\System.Management.Instrumentation.ni.dll
+ 2011-08-11 15:55 . 2011-08-11 15:55	381440              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\fcf8612a210d1f76e0b37dc8467b4696\System.IO.Log.ni.dll
+ 2011-08-11 15:55 . 2011-08-11 15:55	212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\ec017b5a95d02fccaefd835490ef1e14\System.IdentityModel.Selectors.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58	280064              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.Wrapper.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58	627712              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.ni.dll
+ 2011-08-11 15:45 . 2011-08-11 15:45	208384              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\f7cd3d07c15366b76fe4c38d24455d6b\System.Drawing.Design.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58	881152              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\822c996e6ad4901219b7de399a6f78bf\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58	455680              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\1ffe911e62f482e42be2c4428bd08c10\System.DirectoryServices.Protocols.ni.dll
+ 2011-08-11 15:57 . 2011-08-11 15:57	354816              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e1c009b2c9becdb732a2ea45f32a46b8\System.Data.Services.Design.ni.dll
+ 2011-08-11 15:57 . 2011-08-11 15:57	939008              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1defd94e1662a4478ccf2cd0b1b4e6a6\System.Data.Services.Client.ni.dll
+ 2011-08-11 15:57 . 2011-08-11 15:57	756736              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\04267c1dbdcdd8ec37e1518126767ead\System.Data.Entity.Design.ni.dll
+ 2011-08-11 15:57 . 2011-08-11 15:57	135680              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\f2a6d41b3f6e26eea6dcac9298aa637b\System.Data.DataSetExtensions.ni.dll
+ 2011-08-11 15:56 . 2011-08-11 15:56	971264              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58	141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\585e68739b2a8aff61ee6b2786513245\System.Configuration.Install.ni.dll
+ 2011-08-11 15:56 . 2011-08-11 15:56	633856              c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\fbf6ef12d1456058acde29f2640092fb\System.AddIn.ni.dll
+ 2011-08-11 15:56 . 2011-08-11 15:56	366080              c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\896e42071939e038008b0bbbfed1213c\SMSvcHost.ni.exe
+ 2011-08-11 15:56 . 2011-08-11 15:56	256000              c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\ca07e9cf488af1290d2340d682574a24\SMDiagnostics.ni.dll
+ 2011-08-11 15:56 . 2011-08-11 15:56	320512              c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a5aa977dd575a6beb3a416bd480b98a7\ServiceModelReg.ni.exe
+ 2011-08-11 15:45 . 2011-08-11 15:45	224768              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f52e48f55258d0a04fbab3a1f93752e9\PresentationFramework.Classic.ni.dll
+ 2011-08-11 15:45 . 2011-08-11 15:45	368128              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\cf812b99f587ab514afb36fa9d4c1567\PresentationFramework.Aero.ni.dll
+ 2011-08-11 15:45 . 2011-08-11 15:45	539648              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b7795999cc67f3a6cec40f5b24005e00\PresentationFramework.Luna.ni.dll
+ 2011-08-11 15:45 . 2011-08-11 15:45	258048              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09f5af61ea2af04eb32c04b3091ffc86\PresentationFramework.Royale.ni.dll
+ 2011-08-11 15:56 . 2011-08-11 15:56	133632              c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\2d89c7b72bc8e527b26d5b6f3b931012\MSBuild.ni.exe
+ 2011-08-11 15:56 . 2011-08-11 15:56	386560              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\39e9d172f0cf5eec30b1b67212cc032b\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-08-11 15:56 . 2011-08-11 15:56	144384              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\f1b0ec3ccde9142e67ac681fb521ac66\Microsoft.Build.Utilities.ni.dll
+ 2011-08-11 15:56 . 2011-08-11 15:56	175104              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\9250f038410f0d6432e3ccb0b046862b\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-08-11 15:56 . 2011-08-11 15:56	839680              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\a4672179aba638cd78bdfe268391b47b\Microsoft.Build.Engine.ni.dll
+ 2011-08-11 15:56 . 2011-08-11 15:56	222720              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\37db660a84ee52b61a7ca55812581bbd\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-06-30 22:19 . 2011-06-30 22:19	220672              c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\80bd17388778c90f301746ad88700758\CustomMarshalers.ni.dll
+ 2011-08-11 15:56 . 2011-08-11 15:56	410112              c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\fe9a21b94803f74697bb42b9d1fdea5b\ComSvcConfig.ni.exe
+ 2011-08-11 15:55 . 2011-08-11 15:55	842240              c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\f160c8e40b60edd47ae74b0b911fece1\AspNetMMCExt.ni.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	839680              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	839680              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	303104              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	303104              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	372736              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	372736              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	626688              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	626688              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	401408              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	401408              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-04-17 15:20 . 2011-04-17 15:20	970752              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	970752              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	745472              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-04-17 15:20 . 2011-04-17 15:20	745472              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-04-17 15:20 . 2011-04-17 15:20	425984              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	425984              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-04-17 15:20 . 2011-04-17 15:20	110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	659456              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	659456              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	749568              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	749568              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	655360              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	655360              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	348160              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	348160              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	507904              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	507904              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	261632              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	261632              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	113664              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	113664              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	258048              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	258048              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-04-17 15:20 . 2011-04-17 15:20	486400              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	486400              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-07-13 20:34 . 2010-07-05 13:14	388984              c:\windows\$NtUninstallKB2555917$\spuninst\updspapi.dll
+ 2011-07-13 20:34 . 2010-07-05 13:14	234872              c:\windows\$NtUninstallKB2555917$\spuninst\spuninst.exe
+ 2011-06-29 16:38 . 2010-07-05 13:14	388984              c:\windows\$NtUninstallKB2541763$\spuninst\updspapi.dll
+ 2011-06-29 16:38 . 2010-07-05 13:14	234872              c:\windows\$NtUninstallKB2541763$\spuninst\spuninst.exe
+ 2011-06-29 16:38 . 2010-06-30 12:28	149504              c:\windows\$NtUninstallKB2541763$\schannel.dll
+ 2011-07-13 20:38 . 2010-06-18 17:44	293888              c:\windows\$NtUninstallKB2507938$\winsrv.dll
+ 2011-07-13 20:38 . 2010-07-05 13:14	388984              c:\windows\$NtUninstallKB2507938$\spuninst\updspapi.dll
+ 2011-07-13 20:38 . 2010-07-05 13:14	234872              c:\windows\$NtUninstallKB2507938$\spuninst\spuninst.exe
+ 2011-07-13 20:34 . 2010-07-05 13:14	388984              c:\windows\$hf_mig$\KB2555917\update\updspapi.dll
+ 2011-07-13 20:34 . 2010-07-05 13:14	765304              c:\windows\$hf_mig$\KB2555917\update\update.exe
+ 2011-07-13 20:34 . 2010-07-05 13:14	234872              c:\windows\$hf_mig$\KB2555917\spuninst.exe
+ 2011-06-29 16:38 . 2010-07-05 13:14	388984              c:\windows\$hf_mig$\KB2541763\update\updspapi.dll
+ 2011-06-29 16:38 . 2010-07-05 13:14	765304              c:\windows\$hf_mig$\KB2541763\update\update.exe
+ 2011-06-29 16:38 . 2010-07-05 13:14	234872              c:\windows\$hf_mig$\KB2541763\spuninst.exe
+ 2011-04-29 17:23 . 2011-04-29 17:23	151552              c:\windows\$hf_mig$\KB2541763\SP3QFE\schannel.dll
+ 2011-07-13 20:38 . 2010-07-05 13:14	388984              c:\windows\$hf_mig$\KB2507938\update\updspapi.dll
+ 2011-07-13 20:38 . 2010-07-05 13:14	765304              c:\windows\$hf_mig$\KB2507938\update\update.exe
+ 2011-07-13 20:38 . 2010-07-05 13:14	234872              c:\windows\$hf_mig$\KB2507938\spuninst.exe
+ 2011-04-26 11:02 . 2011-04-26 11:02	293888              c:\windows\$hf_mig$\KB2507938\SP3QFE\winsrv.dll
+ 2004-08-04 04:00 . 2011-06-06 11:35	1859072              c:\windows\system32\win32k.sys
+ 2004-08-04 04:00 . 2011-06-23 18:31	1212416              c:\windows\system32\urlmon.dll
+ 2004-08-04 04:00 . 2011-07-25 15:09	5969920              c:\windows\system32\mshtml.dll
+ 2009-02-03 02:15 . 2011-08-27 07:55	6277280              c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2009-03-08 02:32 . 2011-04-25 16:05	1991680              c:\windows\system32\iertutil.dll
+ 2009-03-08 02:32 . 2011-06-23 18:31	1991680              c:\windows\system32\iertutil.dll
+ 2008-10-16 11:08 . 2011-06-06 11:35	1859072              c:\windows\system32\dllcache\win32k.sys
+ 2008-06-26 08:12 . 2011-06-23 18:31	1212416              c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-21 06:42 . 2011-07-25 15:09	5969920              c:\windows\system32\dllcache\mshtml.dll
- 2010-07-18 23:00 . 2011-04-25 16:05	1991680              c:\windows\system32\dllcache\iertutil.dll
+ 2010-07-18 23:00 . 2011-06-23 18:31	1991680              c:\windows\system32\dllcache\iertutil.dll
- 2008-07-25 09:17 . 2008-07-25 09:17	5025792              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-03-25 04:15 . 2011-03-25 04:15	5025792              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-04-28 19:50 . 2011-04-28 19:50	3182592              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2010-03-23 03:32 . 2010-03-23 03:32	3182592              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-03-25 04:15 . 2011-03-25 04:15	5912400              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2011-03-25 04:15 . 2011-03-25 04:15	4550656              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2011-01-18 02:39 . 2011-01-18 02:39	4550656              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-05-01 22:06 . 2011-05-01 22:06	2705920              c:\windows\Installer\bf350.msp
+ 2011-07-26 11:50 . 2011-07-26 11:50	5522432              c:\windows\Installer\bf348.msp
+ 2011-09-01 10:16 . 2011-09-01 10:16	2208768              c:\windows\Installer\9a3b5d.msi
+ 2011-01-18 21:36 . 2011-01-18 21:36	2687488              c:\windows\Installer\8fec81.msp
+ 2011-06-26 17:40 . 2011-06-26 17:40	1529344              c:\windows\Installer\805026.msi
+ 2011-07-14 15:36 . 2011-07-14 15:36	1541120              c:\windows\Installer\14b2f.msi
+ 2011-05-23 12:15 . 2011-05-23 12:15	3617792              c:\windows\Installer\11e37ed.msp
+ 2007-04-19 13:09 . 2007-04-19 13:09	1061720              c:\windows\Installer\$PatchCache$\Managed\7040110900063D11C8EF10054038389C\11.0.8173\OMFC.DLL
+ 2011-08-11 15:29 . 2011-04-25 16:05	1211904              c:\windows\ie8updates\KB2559049-IE8\urlmon.dll
+ 2011-08-11 15:29 . 2011-05-30 22:12	5964800              c:\windows\ie8updates\KB2559049-IE8\mshtml.dll
+ 2011-08-11 15:29 . 2011-04-25 16:05	1991680              c:\windows\ie8updates\KB2559049-IE8\iertutil.dll
+ 2011-08-22 14:41 . 2011-08-22 14:41	3126944              c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2011-08-22 14:41 . 2011-08-22 14:41	3126944              c:\windows\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe
+ 2011-08-11 15:44 . 2011-08-11 15:44	3325440              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd6e0cd6f124a6d041ef1b4c9a5f080b\WindowsBase.ni.dll
+ 2011-08-11 15:46 . 2011-08-11 15:46	1049600              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\162600dde59fbaa0c048a949158ecba3\UIAutomationClientsideProviders.ni.dll
+ 2011-08-11 15:44 . 2011-08-11 15:44	7950848              c:\windows\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
+ 2011-08-11 15:46 . 2011-08-11 15:46	5450752              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
+ 2011-08-11 15:59 . 2011-08-11 15:59	1356288              c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\22229a30650a9afbac984e1093898b13\System.WorkflowServices.ni.dll
+ 2011-08-11 15:59 . 2011-08-11 15:59	1908224              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\4d6b3cc1fc7a4788612241af7966715a\System.Workflow.Runtime.ni.dll
+ 2011-08-11 15:59 . 2011-08-11 15:59	4514304              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\e4c9853af945c9cfede19f3faf18af6e\System.Workflow.ComponentModel.ni.dll
+ 2011-08-11 15:59 . 2011-08-11 15:59	2992640              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\ab4b50c7c789e46a485903365765fde8\System.Workflow.Activities.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58	1840640              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a2392c995b1bb6b63079091259222357\System.Web.Services.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58	2209280              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\3da92a0b9b8ac97e11ca8bf4df671a78\System.Web.Mobile.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58	2405376              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\01f4d6aa3299a41b8578b7e96afdcfb1\System.Web.Extensions.ni.dll
+ 2011-08-11 15:46 . 2011-08-11 15:46	1917952              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\e1208f0d981c420fc59f806bfbaa713b\System.Speech.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58	1706496              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\27e1b8dfd5e1ccf2c5b9efc51f674c69\System.ServiceModel.Web.ni.dll
+ 2011-08-11 15:55 . 2011-08-11 15:55	2345472              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dece01bd9e9c32e47630fdfc78d3bd32\System.Runtime.Serialization.ni.dll
+ 2011-08-11 15:46 . 2011-08-11 15:46	1035776              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\90b444d02047ef27921153d46967ef0e\System.Printing.ni.dll
+ 2011-08-11 15:55 . 2011-08-11 15:55	1070080              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\a50e2fc92db32751857fb8d297f9d7bc\System.IdentityModel.ni.dll
+ 2011-08-11 15:45 . 2011-08-11 15:45	1587200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58	1116672              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\259ecf480769f4e60514b7ae2abaa6f1\System.DirectoryServices.ni.dll
+ 2011-08-11 15:57 . 2011-08-11 15:57	1801216              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\71cf3eb40fc38e6ac8fba09e872d2878\System.Deployment.ni.dll
+ 2011-08-11 15:45 . 2011-08-11 15:45	6616576              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\db2d84e279807592a680ef4135e9fe9a\System.Data.ni.dll
+ 2011-08-11 15:56 . 2011-08-11 15:56	2510336              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\0b16305773369cf740c6a2b1f1d785b2\System.Data.SqlXml.ni.dll
+ 2011-08-11 15:57 . 2011-08-11 15:57	1328128              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\c1b9b8ce390548dcca661a5e6a908408\System.Data.Services.ni.dll
+ 2011-08-11 15:45 . 2011-08-11 15:45	2516480              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\571af34939797a7c1cd05b0b925a45bf\System.Data.Linq.ni.dll
+ 2011-08-11 15:57 . 2011-08-11 15:57	9924096              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\2b58cc071d6bf0c741e91f86c09de5d7\System.Data.Entity.ni.dll
+ 2011-08-11 15:45 . 2011-08-11 15:45	2295296              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e54e013315849f5e34d8f2a8e7fdb450\System.Core.ni.dll
+ 2011-08-11 15:45 . 2011-08-11 15:45	2128896              c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\24ab0cacc77e8696ceff3157942a2de4\ReachFramework.ni.dll
+ 2011-08-11 15:45 . 2011-08-11 15:45	1657856              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\fac1ca86f4fea17de40d7fdaba38563e\PresentationUI.ni.dll
+ 2011-08-11 15:44 . 2011-08-11 15:44	1451008              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b187becbc388c4ce7f33ede4da76e7b1\PresentationBuildTasks.ni.dll
+ 2011-08-11 15:56 . 2011-08-11 15:56	1712128              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\c6b19db2534042d435ede580f92bc75c\Microsoft.VisualBasic.ni.dll
+ 2011-08-11 15:56 . 2011-08-11 15:56	1093120              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\08594c4ba9ea0253a836fe1d8d341984\Microsoft.Transactions.Bridge.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58	2332160              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\345abd035c9378667b1cac54c1f21c97\Microsoft.JScript.ni.dll
+ 2011-08-11 15:56 . 2011-08-11 15:56	1966080              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\906cd5555b79e4e0486dc8ef2a748b13\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-08-11 15:56 . 2011-08-11 15:56	1620992              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\7baff7d694394aaba490082c88d48fd2\Microsoft.Build.Tasks.ni.dll
+ 2011-08-11 15:56 . 2011-08-11 15:56	1888768              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\235a22e1ae9742bb724d411629dd99d5\Microsoft.Build.Engine.ni.dll
- 2011-04-17 15:20 . 2011-04-17 15:20	3182592              c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	3182592              c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	2048000              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	2048000              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	5025792              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	5025792              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	5062656              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	5062656              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	5242880              c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	5242880              c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-04-17 15:20 . 2011-04-17 15:20	2933248              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	2933248              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-04-17 15:19 . 2011-04-17 15:19	4550656              c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-08-11 15:42 . 2011-08-11 15:42	4550656              c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-07-13 20:34 . 2011-03-03 13:53	1858048              c:\windows\$NtUninstallKB2555917$\win32k.sys
+ 2011-06-06 11:36 . 2011-06-06 11:36	1868032              c:\windows\$hf_mig$\KB2555917\SP3QFE\win32k.sys
+ 2008-08-29 16:13 . 2011-08-11 15:34	52390856              c:\windows\system32\MRT.exe
+ 2009-03-08 02:39 . 2011-06-23 18:31	11081728              c:\windows\system32\ieframe.dll
- 2009-03-08 02:39 . 2011-04-26 08:05	11081728              c:\windows\system32\ieframe.dll
+ 2010-07-18 23:00 . 2011-06-23 18:31	11081728              c:\windows\system32\dllcache\ieframe.dll
- 2010-07-18 23:00 . 2011-04-26 08:05	11081728              c:\windows\system32\dllcache\ieframe.dll
+ 2011-03-28 01:27 . 2011-03-28 01:27	15456256              c:\windows\Installer\8fec8e.msp
+ 2011-08-11 15:29 . 2011-04-26 08:05	11081728              c:\windows\ie8updates\KB2559049-IE8\ieframe.dll
+ 2011-08-11 15:46 . 2011-08-11 15:46	12430848              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll
+ 2011-08-11 15:58 . 2011-08-11 15:58	11800576              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\40893760431f8f0dcce3e18630e45b23\System.Web.ni.dll
+ 2011-08-11 15:56 . 2011-08-11 15:56	17403904              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e3a0205acab2215fbad7927d9d483aeb\System.ServiceModel.ni.dll
+ 2011-08-11 15:45 . 2011-08-11 15:45	10683392              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\63ad0cd9b5e038c8e2e41415657db8fc\System.Design.ni.dll
+ 2011-08-11 15:45 . 2011-08-11 15:45	14328320              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\704556e34128441ea9f1a81cc89f8a79\PresentationFramework.ni.dll
+ 2011-08-11 15:44 . 2011-08-11 15:44	12215808              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5f332c48d03eca57419c4f0e884092ee\PresentationCore.ni.dll
+ 2011-06-30 21:21 . 2011-06-30 21:21	11490816              c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\programme\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"Sony Ericsson PC Suite"="c:\programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-20 434176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-14 7323648]
"nwiz"="nwiz.exe" [2005-12-14 1519616]
"HPHUPD08"="c:\programme\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\programme\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"HP Software Update"="c:\programme\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2005-01-01 180269]
"WinampAgent"="c:\programme\Winamp\winampa.exe" [2007-10-10 36352]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2008-09-06 413696]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
.
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
BTTray.lnk - c:\programme\Belkin\Bluetooth Software\BTTray.exe [2006-6-7 553021]
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
VPro530.lnk - c:\windows\VPro530.exe [2010-11-19 155648]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\LECTURNITY Player\\jre5\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programme\\Philips\\Intelligent Agent\\Philips Intelligent Agent.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [01.11.2007 20:37 685816]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [12.07.2010 13:32 136360]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [30.12.2009 20:11 27632]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [06.11.2009 17:11 135664]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [07.09.2010 13:53 90112]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [06.11.2009 17:11 135664]
S3 phaudlwr;Philips Audio Filter;c:\windows\system32\drivers\phaudlwr.sys [19.11.2010 14:17 88704]
S3 SPC530;Philips SPC530NC PC Camera;c:\windows\system32\drivers\SPC530.sys [19.11.2010 14:17 486912]
S3 SPC530m;Philips SPC530NC PC Cameram;c:\windows\system32\drivers\SPC530m.sys [19.11.2010 14:17 7680]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [29.04.2008 18:45 223128]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 25855147
*Deregistered* - 25855147
.
Inhalt des "geplante Tasks" Ordners
.
2011-08-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-11-06 15:11]
.
2011-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-11-06 15:11]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uSearchAssistant = 
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\HP_Besitzer\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 83.169.186.225 192.168.0.1
FF - ProfilePath - c:\dokumente und einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\84t4r4d3.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-ApnUpdater - c:\programme\Ask.com\Updater\Updater.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-09-07 16:17
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2811243195-1895084649-3547694746-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Electronic Arts\C*o*m*m*a*n*d* *&* *C*o*n*q*u*e*r* *3* *T*i*b*e*r*i*u*m* *W*a*r*s*"!\Kundendienst]
"Order"=hex:08,00,00,00,02,00,00,00,b8,02,00,00,01,00,00,00,04,00,00,00,de,00,
   00,00,00,00,00,00,d0,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,be,00,32,\
.
[HKEY_USERS\S-1-5-21-2811243195-1895084649-3547694746-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9a,67,5b,f6,99,da,28,09,ee,6b,b5,d1,b6,82,4d,c3,66,92,e4,31,6b,62,a6,
   45,f7,d1,e2,c5,76,28,0b,91,a0,21,63,b5,07,4d,49,c1,3a,10,88,f9,21,09,8a,6b,\
"??"=hex:ad,ce,7c,ef,11,66,aa,c4,b3,61,58,21,ae,7e,17,dc
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Zeit der Fertigstellung: 2011-09-07  16:20:11
ComboFix-quarantined-files.txt  2011-09-07 14:19
ComboFix2.txt  2011-06-21 17:23
ComboFix3.txt  2011-06-08 17:15
ComboFix4.txt  2010-07-16 17:09
ComboFix5.txt  2011-09-07 14:07
.
Vor Suchlauf: 18 Verzeichnis(se), 124.970.024.960 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 125.076.164.608 Bytes frei
.
- - End Of File - - 26CDD1EDC0EDF4F3054B763E61DD9592

--- --- ---

cosinus · 07.09.2011, 19:21

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Gargamel456 · 12.09.2011, 16:06

Alles klar, hier die logfiles. Bei OSAM habe ich aus Versehen vergessen den Virenscanner auszuschalten (Avira AntiVir), hat aber trotzdem ohne Probleme funktioniert.

GMER
GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-09-10 17:31:16
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_SP2504C rev.VT100-38
Running: ddwj7cfm.exe; Driver: C:\DOKUME~1\HP_BES~1\LOKALE~1\Temp\kxtcifob.sys


---- System - GMER 1.0.15 ----

SSDT            F7C841D4                                                                                                             ZwClose
SSDT            F7C8418E                                                                                                             ZwCreateKey
SSDT            F7C841DE                                                                                                             ZwCreateSection
SSDT            F7C84184                                                                                                             ZwCreateThread
SSDT            F7C84193                                                                                                             ZwDeleteKey
SSDT            F7C8419D                                                                                                             ZwDeleteValueKey
SSDT            F7C841CF                                                                                                             ZwDuplicateObject
SSDT            sptd.sys                                                                                                             ZwEnumerateKey [0xF736BFB2]
SSDT            sptd.sys                                                                                                             ZwEnumerateValueKey [0xF736C340]
SSDT            F7C841A2                                                                                                             ZwLoadKey
SSDT            sptd.sys                                                                                                             ZwOpenKey [0xF73660B0]
SSDT            F7C84170                                                                                                             ZwOpenProcess
SSDT            F7C84175                                                                                                             ZwOpenThread
SSDT            sptd.sys                                                                                                             ZwQueryKey [0xF736C418]
SSDT            sptd.sys                                                                                                             ZwQueryValueKey [0xF736C298]
SSDT            F7C841AC                                                                                                             ZwReplaceKey
SSDT            F7C841A7                                                                                                             ZwRestoreKey
SSDT            F7C841E3                                                                                                             ZwSetContextThread
SSDT            F7C84198                                                                                                             ZwSetValueKey
SSDT            F7C8417F                                                                                                             ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

?               C:\WINDOWS\system32\drivers\sptd.sys                                                                                 Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                             section is writeable [0xF6244360, 0x20FDBD, 0xE8000020]
.text           USBPORT.SYS!DllUnload                                                                                                F62248AC 5 Bytes  JMP 86D9A770 
?               System32\Drivers\a9wj0g4k.SYS                                                                                        Das System kann den angegebenen Pfad nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text           C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[252] USER32.dll!DefWindowProcA + 11A                 7E37C298 7 Bytes  JMP 1004BF70 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text           C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[252] USER32.dll!SetWindowRgn + 2BD                   7E37E7E5 7 Bytes  JMP 1004BE30 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text           C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[252] USER32.dll!SetClipboardData + 19D               7E38113B 7 Bytes  JMP 1004BF50 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text           C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[252] USER32.dll!MessageBoxA + 49                     7E3A0833 7 Bytes  JMP 1004C040 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text           C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[252] USER32.dll!MessageBoxExW + 1F                   7E3A0857 7 Bytes  JMP 1004C090 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text           C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[252] USER32.dll!MessageBoxTimeoutA + CA              7E3B64D0 7 Bytes  JMP 1004BFC0 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                   [F7366AD4] sptd.sys
IAT             atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                           [F7366C1A] sptd.sys
IAT             atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                  [F7366B9C] sptd.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                          [F7367748] sptd.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                  [F736761E] sptd.sys
IAT             \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                   [F737C29A] sptd.sys

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                               86F651E8
Device          \FileSystem\Fastfat \FatCdrom                                                                                        86A31790
Device          \Driver\usbohci \Device\USBPDO-0                                                                                     86D951E8
Device          \Driver\usbohci \Device\USBPDO-1                                                                                     86D951E8
Device          \Driver\PCI_NTPNP5422 \Device\00000045                                                                               sptd.sys
Device          \Driver\usbehci \Device\USBPDO-2                                                                                     86D941E8
Device          \Driver\usbstor \Device\00000070                                                                                     86B18790
Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                               86FD41E8
Device          \Driver\usbstor \Device\00000071                                                                                     86B18790
Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                               86FD41E8
Device          \Driver\Cdrom \Device\CdRom0                                                                                         86D6F410
Device          \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-11                                                                         [F72DFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                          [F72DFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                   [F72DFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                   [F72DFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                   [F72DFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                   [F72DFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-19                                                                         [F72DFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\Cdrom \Device\CdRom1                                                                                         86D6F410
Device          \Driver\Cdrom \Device\CdRom2                                                                                         86D6F410
Device          \Driver\Cdrom \Device\CdRom3                                                                                         86D6F410
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                              866E01E8
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                     866E01E8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{C679FCD5-B4DB-4854-AA53-6CDBBE614F77}                                             866E01E8
Device          \Driver\usbohci \Device\USBFDO-0                                                                                     86D951E8
Device          \Driver\usbstor \Device\0000006d                                                                                     86B18790
Device          \Driver\usbohci \Device\USBFDO-1                                                                                     86D951E8
Device          \Driver\usbstor \Device\0000006e                                                                                     86B18790
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                    866C91E8
Device          \Driver\usbehci \Device\USBFDO-2                                                                                     86D941E8
Device          \Driver\usbstor \Device\0000006f                                                                                     86B18790
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                          866C91E8
Device          \Driver\Ftdisk \Device\FtControl                                                                                     86FD41E8
Device          \Driver\a9wj0g4k \Device\Scsi\a9wj0g4k1Port4Path0Target1Lun0                                                         86D6E1E8
Device          \Driver\a9wj0g4k \Device\Scsi\a9wj0g4k1                                                                              86D6E1E8
Device          \Driver\a9wj0g4k \Device\Scsi\a9wj0g4k1Port4Path0Target0Lun0                                                         86D6E1E8
Device          \FileSystem\Fastfat \Fat                                                                                             86A31790

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                             fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device          \FileSystem\Cdfs \Cdfs                                                                                               86DAD790

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                   771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                   285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                   1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                     
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                     
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  C:\Programme\DAEMON Tools\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                               0x61 0x4C 0xC6 0x0F ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                            
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                         0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0x64 0x2C 0xEE 0xB1 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0xB1 0xB4 0x18 0x2D ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                0x52 0xB6 0x92 0xB5 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools\
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0x61 0x4C 0xC6 0x0F ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x64 0x2C 0xEE 0xB1 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0xB1 0xB4 0x18 0x2D ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0x52 0xB6 0x92 0xB5 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools\
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0x61 0x4C 0xC6 0x0F ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x64 0x2C 0xEE 0xB1 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0xB1 0xB4 0x18 0x2D ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0x52 0xB6 0x92 0xB5 ...

---- Disk sectors - GMER 1.0.15 ----

Disk            \Device\Harddisk0\DR0                                                                                                malicious Win32:MBRoot code @ sector 488391123
Disk            \Device\Harddisk0\DR0                                                                                                PE file @ sector 488391145

---- EOF - GMER 1.0.15 ----

--- --- ---

OSAM

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:59:44 on 10.09.2011

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ALSNDMGR.CPL" - ? - C:\WINDOWS\system32\ALSNDMGR.CPL  (File signed by Microsoft | File found, but it contains no detailed information)
"btcpl.cpl" - "Broadcom Corporation." - C:\WINDOWS\system32\btcpl.cpl
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"ISUSPM.cpl" - "InstallShield Software Corporation" - C:\WINDOWS\system32\ISUSPM.cpl
"javacpl.cpl" - "Oracle" - C:\WINDOWS\system32\javacpl.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"a9wj0g4k" (a9wj0g4k) - ? - C:\WINDOWS\system32\drivers\a9wj0g4k.sys  (Hidden registry entry, rootkit activity | File not found)
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"Bluetooth-Audiogerät" (btaudio) - "Broadcom Corporation." - C:\WINDOWS\System32\drivers\btaudio.sys
"Bluetooth-Bus-Enumerator" (BTKRNL) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btkrnl.sys
"Bluetooth-LAN-Zugangsserver" (BTWDNDIS) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btwdndis.sys
"btwhid" (btwhid) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btwhid.sys
"catchme" (catchme) - ? - C:\DOKUME~1\HP_BES~1\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"EagleNT" (EagleNT) - ? - C:\WINDOWS\system32\drivers\EagleNT.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"kxtcifob" (kxtcifob) - ? - C:\DOKUME~1\HP_BES~1\LOKALE~1\Temp\kxtcifob.sys  (Hidden registry entry, rootkit activity | File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"vaxscsi" (vaxscsi) - "Alcohol Soft Co., Ltd." - C:\WINDOWS\System32\Drivers\vaxscsi.sys
"Virtueller Bluetooth-Kommunikationstreiber" (BTDriver) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btport.sys
"VN Series Device" (VNUSB) - ? - C:\WINDOWS\System32\DRIVERS\VNUSB.sys  (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WIDCOMM USB Bluetooth Driver" (BTWUSB) - "Broadcom Corporation." - C:\WINDOWS\System32\Drivers\btwusb.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{6af09ec9-b429-11d4-a1fb-0090960218cb} "Bluetooth-Umgebung" - "Broadcom Corporation." - C:\WINDOWS\system32\btneighborhood.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\WINDOWS\system32\btncopy.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\WINDOWS\system32\ShellvRTF.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Oracle" - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Oracle" - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Oracle" - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10w.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Programme\Belkin\Bluetooth Software\btsendto_ie.htm
"Hilfe zu Verbindungen" - ? - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle" - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Oracle" - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
"BTTray.lnk" - "Broadcom Corporation." - C:\Programme\Belkin\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
"VPro530.lnk" - "Philips" - C:\WINDOWS\VPro530.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\HP_Besitzer\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools" - "DT Soft Ltd." - "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
"Sony Ericsson PC Suite" - "Sony Ericsson Mobile Communications AB" - "C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"DivXUpdate" - ? - "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"HP Software Update" - "Hewlett-Packard Co." - C:\Programme\HP\HP Software Update\HPwuSchd2.exe
"HPBootOp" - "Hewlett-Packard Company" - "C:\Programme\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
"HPHUPD08" - "Hewlett-Packard" - c:\Programme\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
"nwiz" - "NVIDIA Corporation" - nwiz.exe /installquiet /keeploaded /nodetect
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"Recguard" - ? - C:\WINDOWS\SMINST\RECGUARD.EXE
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"TkBellExe" - "RealNetworks, Inc." - "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
"WinampAgent" - ? - C:\Programme\Winamp\winampa.exe  (File found, but it contains no detailed information)

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Bluetooth-Druckeranschluss" - "Broadcom Corporation." - C:\WINDOWS\system32\bthcrp.dll
"Bullzip PDF Print Monitor" - "BullZip" - C:\WINDOWS\system32\bzpdf.dll
"HP Standard TCP/IP Port" - "Hewlett Packard" - C:\WINDOWS\system32\HpTcpMon.dll
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Programme\Belkin\Bluetooth Software\bin\btwdins.exe
"Canon Camera Access Library 8" (CCALib8) - "Canon Inc." - C:\Programme\Canon\CAL\CALMAIN.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Java Quick Starter" (JavaQuickStarterService) - "Oracle" - C:\Programme\Java\jre6\bin\jqs.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Sony Ericsson OMSI download service" (OMSI download service) - ? - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe  (File found, but it contains no detailed information)
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

aswMBR

HTML-Code:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-12 16:25:31
-----------------------------
16:25:31.609    OS Version: Windows 5.1.2600 Service Pack 3
16:25:31.609    Number of processors: 1 586 0x2F02
16:25:31.609    ComputerName: NAME-CD5FDA878D  UserName: HP_Besitzer
16:25:33.156    Initialize success
16:30:16.109    AVAST engine defs: 11091200
16:30:44.265    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:30:44.265    Disk 0 Vendor: SAMSUNG_SP2504C VT100-38 Size: 238475MB BusType: 3
16:30:46.296    Disk 0 MBR read successfully
16:30:46.296    Disk 0 MBR scan
16:30:46.390    Disk 0 unknown MBR code
16:30:46.390    Disk 0 scanning sectors +488391120
16:30:46.421    Disk 0 malicious Win32:MBRoot code @ sector 488391123 !
16:30:46.421    Disk 0 PE file @ sector 488391145 !
16:30:46.500    Disk 0 scanning C:\WINDOWS\system32\drivers
16:31:15.187    Service scanning
16:31:16.750    Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
16:31:17.328    Modules scanning
16:31:24.281    Disk 0 trace - called modules:
16:31:24.312    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x86f878ac]<<
16:31:24.312    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f37ab8]
16:31:24.312    3 CLASSPNP.SYS[f75b0fd7] -> nt!IofCallDriver -> \Device\00000062[0x86ea0f18]
16:31:24.312    5 ACPI.sys[f7324620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f1fd98]
16:31:25.562    AVAST engine scan C:\WINDOWS
16:31:58.890    AVAST engine scan C:\WINDOWS\system32
16:35:55.906    AVAST engine scan C:\WINDOWS\system32\drivers
16:36:23.765    AVAST engine scan C:\Dokumente und Einstellungen\HP_Besitzer
16:43:07.578    AVAST engine scan C:\Dokumente und Einstellungen\All Users
16:46:17.593    Scan finished successfully
17:02:43.000    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\MBR.dat"
17:02:43.000    The log file has been saved successfully to "C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\aswMBR.txt"

cosinus · 12.09.2011, 20:33

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.
Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.
Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

Gargamel456 · 17.09.2011, 12:51

Alles klar, erledigt

HTML-Code:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-17 13:32:59
-----------------------------
13:32:59.953    OS Version: Windows 5.1.2600 Service Pack 3
13:32:59.953    Number of processors: 1 586 0x2F02
13:32:59.953    ComputerName: NAME-CD5FDA878D  UserName: HP_Besitzer
13:33:01.843    Initialize success
13:33:11.640    AVAST engine defs: 11091700
13:33:25.203    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:33:25.203    Disk 0 Vendor: SAMSUNG_SP2504C VT100-38 Size: 238475MB BusType: 3
13:33:27.218    Disk 0 MBR read successfully
13:33:27.218    Disk 0 MBR scan
13:33:27.296    Disk 0 Windows XP default MBR code
13:33:27.296    Disk 0 scanning sectors +488391120
13:33:27.312    Disk 0 malicious Win32:MBRoot code @ sector 488391123 !
13:33:27.312    Disk 0 PE file @ sector 488391145 !
13:33:27.359    Disk 0 scanning C:\WINDOWS\system32\drivers
13:33:41.921    Service scanning
13:33:42.437    Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
13:33:42.984    Modules scanning
13:33:47.484    Disk 0 trace - called modules:
13:33:48.015    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x86f878ac]<<
13:33:48.015    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f37ab8]
13:33:48.031    3 CLASSPNP.SYS[f75b0fd7] -> nt!IofCallDriver -> \Device\00000062[0x86ea0f18]
13:33:48.031    5 ACPI.sys[f7324620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f1fd98]
13:33:48.750    AVAST engine scan C:\WINDOWS
13:34:13.562    AVAST engine scan C:\WINDOWS\system32
13:37:21.125    AVAST engine scan C:\WINDOWS\system32\drivers
13:37:40.890    AVAST engine scan C:\Dokumente und Einstellungen\HP_Besitzer
13:44:26.718    AVAST engine scan C:\Dokumente und Einstellungen\All Users
13:47:46.687    Scan finished successfully
13:51:02.546    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\MBR.dat"
13:51:02.546    The log file has been saved successfully to "C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\aswMBRlog2.txt"

cosinus · 19.09.2011, 08:33

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Gargamel456 · 23.09.2011, 11:04

Ok hier ist der Malwarebytes log, die anderen folgen:

HTML-Code:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7778

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23.09.2011 07:35:31
mbam-log-2011-09-23 (07-35-31).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|J:\|K:\|L:\|M:\|N:\|)
Objects scanned: 411851
Time elapsed: 2 hour(s), 19 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Gargamel456 · 05.10.2011, 23:58

Sorry die Verzögerung, ich bin in der Zwischenzeit umgezogen und mein PC war fast 2 Wochen in Umzugskartons

Hier sind die anderen beiden logfiles.

SASW:

HTML-Code:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/05/2011 at 03:47 PM

Application Version : 5.0.1118

Core Rules Database Version : 7757
Trace Rules Database Version: 5569

Scan type       : Complete Scan
Total Scan Time : 03:07:01

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 634
Memory threats detected   : 0
Registry items scanned    : 38857
Registry threats detected : 0
File items scanned        : 160603
File threats detected     : 38

Adware.Tracking Cookie
	C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@ad.adc-serv[1].txt
	C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@ad.alturalabs[1].txt
	C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@ad.yieldmanager[1].txt
	C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@ad.zanox[1].txt
	C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@ad1.adfarm1.adition[2].txt
	C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@ad2.adfarm1.adition[1].txt
	C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@adfarm1.adition[1].txt
	C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@advertising[1].txt
	C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@adx.chip[2].txt
	C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@apmebf[1].txt
	C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@atdmt[1].txt
	C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@content.yieldmanager[1].txt
	C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@doubleclick[2].txt
	C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@in.getclicky[1].txt
	C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@interclick[1].txt
	C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@invitemedia[1].txt
	C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@mediaplex[1].txt
	C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@overture[1].txt
	C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@philips.112.2o7[1].txt
	C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@pumaonlinestorede.112.2o7[1].txt
	C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@serving-sys[2].txt
	C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@smartadserver[2].txt
	C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@studivz.adfarm1.adition[1].txt
	C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@tracking.quisma[1].txt
	C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@tradedoubler[2].txt
	C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@traffictrack[2].txt
	C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@watch.findisuper[2].txt
	C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@webmasterplan[2].txt
	C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@zanox-affiliate[1].txt
	C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\hp_besitzer@zanox[2].txt
	C:\Dokumente und Einstellungen\HP_Besitzer\Cookies\AI0JT4TW.txt
	ad.zanox.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\JRS04NFA.DEFAULT\COOKIES.SQLITE ]
	.tracking.3gnet.de [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\JRS04NFA.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\JRS04NFA.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\JRS04NFA.DEFAULT\COOKIES.SQLITE ]
	.www.traffictrack.de [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\JRS04NFA.DEFAULT\COOKIES.SQLITE ]
	.kaspersky.122.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\JRS04NFA.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\JRS04NFA.DEFAULT\COOKIES.SQLITE ]

ESET:

HTML-Code:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=905011a2064a664bb0d1ed66a36e219d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-03 02:14:59
# local_time=2011-09-03 04:14:59 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775141 100 93 188272 51543488 0 0
# compatibility_mode=8192 67108863 100 0 127 127 0 0
# scanned=147327
# found=0
# cleaned=0
# scan_time=9470
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=905011a2064a664bb0d1ed66a36e219d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-05 10:42:03
# local_time=2011-10-06 12:42:03 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775145 100 93 34904 54380734 1121487 0
# compatibility_mode=8192 67108863 100 0 2837373 2837373 0 0
# scanned=230201
# found=1
# cleaned=0
# scan_time=10648
C:\Dokumente und Einstellungen\HP_Besitzer\Eigene Dateien\Downloads\SoftonicDownloader_fuer_free-rar-extract-frog.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I

cosinus · 06.10.2011, 12:57

Nur Cookies. Der Fund von ESET ist harmlos.
Rechner soweit wieder im Lot?

06.09.2011, 15:59	#32
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	bundeskriminalamt-virus vollständig löschen Lass diese Zeile mal im Script weg. Die Asktoolbar ist zwar nervig, sollte aber keine Gefahr sein... __________________ __________________

12.09.2011, 20:33	#40
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	bundeskriminalamt-virus vollständig löschen Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Anschließend Windows neu starten und ein neues Log mit aswMBR machen. __________________ Logfiles bitte immer in CODE-Tags posten

06.10.2011, 12:57	#45
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	bundeskriminalamt-virus vollständig löschen Nur Cookies. Der Fund von ESET ist harmlos. Rechner soweit wieder im Lot? __________________ Logfiles bitte immer in CODE-Tags posten

bundeskriminalamt-virus vollständig löschen

Plagegeister aller Art und deren Bekämpfung: bundeskriminalamt-virus vollständig löschen