Trojaner-Board - "Goolge Suche" unter Vista/Mozilla Firefox verlinkt Falsch

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - "Goolge Suche" unter Vista/Mozilla Firefox verlinkt Falsch (https://www.trojaner-board.de/75565-goolge-suche-vista-mozilla-firefox-verlinkt-falsch.html)

Komischer weise läd er Kaspersky nach dem anclicken von "Akzeptieren (der AGB)" nicht herunter -.-
Verstehe ich nicht.
Ich versuche möglichst alles nötige noch zu machen, Andreas, bin aber leider noch mit Ausarbeitungen im Verzug. Ich hoffe du nimmst es mir nicht allzuübel, wenn ich heute zu nichts mehr komme!

Gruß
Solced

Kein Problem, aber bitte die Reihenfolge genau einhalten.

ciao, andreas

hey john.doe. bin leider erst ebend wieder zu Hause angekommen und werde heute über den Tag und die Nacht Ausarbeitungen fertig stellen müssen! Werde morgen abend den Rest in angriff nehmen!

Lieber gruß
Solced

Alles klar. :)

ciao, andreas

Hey. john.doe
Tut mir leid, doch hatte ich sehr viel arbeit die Woche. Kita.Schulanfänger-abgangsfeier etc. Werde es richtung WE in angriff nehmen können. Verzeih mir

Kein Problem, ist ja nicht so schlimm, ist ja nicht mein Rechner. :D

ciao, andreas

So. Endlich mal die Antwort!
Also: Google verlinkt nicht mehr Falsch
Hier die Qoobox: http://www.materialordner.de/otJHSZqLttboKDdJwxYDUJbbY2jHBdm.html
Weiter lässt Kaspersky sich nicht herunter laden
Deswegen hier erst einmal die Combofix (Nachtrag:)

Zitat:

Google verlinkt nicht mehr Falsch

:daumenhoc

Vom schlimmsten Plagegeist hat dich ComboFix befreit, jetzt suchen wir noch nach nachgeladenen Schädlingen.

Zitat:

Weiter lässt Kaspersky sich nicht herunter laden

Der zickt häufiger herum. Einfach überspringen und statt dessen den hier nehmen.

Panda Active Scan

Folgende Seite führt dich durch die Installation: PandaActiveScan2.0 Installation

Drücke auf Jetzt Scannen!

Eine Registrierung ist nicht erforderlich!

Nachdem der Scan abgeschlossen ist drücke auf das Text-Icon Export und speichere das log auf dem Desktop.
Öffne die Datei ActiveScan.txt die sich nun auf deinem Desktop befindet und poste uns den Inhalt.

ciao, andreas

Hier einmal Panda:

;***************************************************************************************************************************************************** ******************************
ANALYSIS: 2009-08-04 21:07:49
PROTECTIONS: 3
MALWARE: 11
SUSPECTS: 6
;***************************************************************************************************************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================== ==============================
Avira AntiVir PersonalEdition 7.0.3.158
Yes Yes
Avira AntiVir PersonalEdition 7.0.3.158
No Yes
Windows-Defender 1.1.1505.0 No Yes
;===================================================================================================================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================== ==============================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Solced\AppData\Roaming\Microsoft\Windows\Cookies\solced@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Solced\AppData\Roaming\Microsoft\Windows\Cookies\solced@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Solced\AppData\Roaming\Microsoft\Windows\Cookies\solced@tradedoubler[1].txt
00149425 Hacktool/Hammer HackTools No 0 Yes No C:\Program Files\Robster Productions\Halflife Logo Creator\HLC.exe
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Solced\AppData\Roaming\Microsoft\Windows\Cookies\solced@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Solced\AppData\Roaming\Microsoft\Windows\Cookies\solced@bs.serving-sys[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Solced\AppData\Roaming\Microsoft\Windows\Cookies\solced@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Solced\AppData\Roaming\Microsoft\Windows\Cookies\solced@atwola[2].txt
02059071 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\Qoobox\Quarantine\C\Windows\Temp\qpimqqxtbn.exe.vir
02059071 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\Qoobox.zip[Qoobox/Quarantine/C/Windows/Temp/qpimqqxtbn.exe.vir]
02243827 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\Qoobox.zip[Qoobox/Quarantine/C/Windows/System32/drivers/_SKYNETrvxwttur_.sys.zip][SKYNETrvxwttur.sys]
02243827 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\Qoobox\Quarantine\C\Windows\System32\drivers\SKYNETrvxwttur.sys.vir
02243827 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\Qoobox.zip[Qoobox/Quarantine/C/Windows/System32/drivers/SKYNETrvxwttur.sys.vir]
02243827 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\Qoobox\Quarantine\C\Windows\System32\drivers\_SKYNETrvxwttur_.sys.zip[SKYNETrvxwttur.sys]
02444111 Trj/Alureon.AW Virus/Trojan No 0 Yes No C:\Qoobox.zip[Qoobox/Quarantine/C/ProgramData/STOPzilla!/Quarantine/598134c8-56ef-411c-b383-29cdbb5bf429.pre.vir]
02444111 Trj/Alureon.AW Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\Windows\System32\SKYNETcipkxvfx.dll.vir
02444111 Trj/Alureon.AW Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\ProgramData\STOPzilla!\Quarantine\598134c8-56ef-411c-b383-29cdbb5bf429.pre.vir
02444111 Trj/Alureon.AW Virus/Trojan No 0 Yes No C:\Qoobox.zip[Qoobox/Quarantine/C/Windows/System32/SKYNETcipkxvfx.dll.vir]
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\Windows\System32\SKYNETxrdvipdm.dll.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Users\Mehmet\Desktop\ff06_v39\FlusiFix-2006 V3.9\ProSpeed.dll
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Qoobox.zip[Qoobox/Quarantine/C/Windows/System32/SKYNETxrdvipdm.dll.vir]
;===================================================================================================================================================== ==============================
SUSPECTS
Sent Location �cAڸ�j �9
;===================================================================================================================================================== ==============================
No C:\Program Files\ArchiCrypt\Shredder 4\ACShredder4.exe �cAڸ�j �9
No C:\Program Files\ArchiCrypt\Shredder 4\Quarantine.exe �cAڸ�j �9
No C:\Program Files\ArchiCrypt\Shredder 4\Scheduler.exe �cAڸ�j �9
No C:\Users\Solced\Downloads\HLC_1_setup.exe �cAڸ�j �9
No D:\Alcohol\Alcohol_120_Percent_v1[1].9.6.5429_Patch\Alcohol 120% 1.9.6.5429 Patch.exe �cAڸ�j �9
No D:\Solced\Neuer Ordner (2)\free-wma-mp3-converter.exe �cAڸ�j �9
;===================================================================================================================================================== ==============================
VULNERABILITIES
Id Severity Description �cAڸ�j �9
;===================================================================================================================================================== ==============================
;===================================================================================================================================================== ==============================

Fetze jetzt noch einmal COMBOFIX drüber und schicke dir die log

Wieso bin ich jetzt stinkend sauer? :koch:

Zitat:

D:\Alcohol\Alcohol_120_Percent_v1[1].9.6.5429_Patch\Alcohol 120% 1.9.6.5429 Patch.exe

Lies hier => http://www.trojaner-board.de/452276-post7.html

Hier geht es weiter => http://www.trojaner-board.de/51262-a...sicherung.html

Du bist entlassen und ich bin raus,
andreas

Teil I

ComboFix 09-08-04.01 - Solced 04.08.2009 21:21.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.2046.1403 [GMT 2:00]
ausgeführt von:: c:\users\Solced\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Windows Live Messenger .lnk

.
((((((((((((((((((((((( Dateien erstellt von 2009-07-04 bis 2009-08-04 ))))))))))))))))))))))))))))))
.

2009-08-04 19:26 . 2009-08-04 19:26 -------- d-----w- c:\users\Solced\AppData\Local\temp
2009-08-04 17:38 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-08-04 17:38 . 2009-08-04 17:38 -------- d-----w- c:\program files\Panda Security
2009-08-04 14:31 . 2009-08-04 14:31 12197745 ----a-w- C:\Qoobox.zip
2009-08-02 23:00 . 2009-08-02 23:01 -------- d-----w- c:\users\Solced\AppData\Roaming\vlc
2009-08-02 22:59 . 2009-08-02 22:59 -------- d-----w- c:\program files\VideoLAN
2009-08-02 18:39 . 2009-08-02 18:39 -------- d-----w- c:\program files\Robster Productions
2009-08-02 18:30 . 2009-08-02 18:30 -------- d-----w- C:\mydecal
2009-08-02 11:34 . 2009-08-02 11:34 -------- d-----w- c:\users\Solced\SystemRequirementsLab
2009-07-29 23:42 . 2009-07-29 23:42 -------- d-----w- c:\users\Solced\AppData\Roaming\JonDo
2009-07-29 23:39 . 2009-07-29 23:40 -------- d-----w- c:\program files\JAP
2009-07-23 18:57 . 2009-07-23 20:39 -------- d-----w- c:\users\Solced\AppData\Local\VirtualStore
2009-07-21 20:55 . 2009-07-21 20:55 -------- d-----w- c:\program files\The KMPlayer
2009-07-21 20:43 . 2009-07-21 20:43 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 20:43 . 2009-07-21 20:43 -------- d-----w- c:\program files\Java
2009-07-21 20:39 . 2009-07-21 20:39 -------- d-----w- c:\program files\FoxitReader30_enu
2009-07-21 20:27 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-21 20:27 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-21 20:27 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-21 20:27 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-21 18:05 . 2009-07-21 18:05 -------- d-----w- c:\users\Solced\AppData\Roaming\Malwarebytes
2009-07-21 18:05 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-21 18:05 . 2009-07-21 18:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-21 18:05 . 2009-07-21 18:05 -------- d-----w- c:\progra~2\Malwarebytes
2009-07-21 18:05 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-21 15:02 . 2009-07-21 15:02 -------- d-----w- c:\users\Solced\AppData\Local\Toshiba
2009-07-21 13:16 . 2009-07-21 13:16 -------- d-----w- c:\program files\Common Files\iS3
2009-07-11 17:01 . 2009-02-13 08:49 1255936 ----a-w- c:\windows\system32\lsasrv.dll
2009-07-11 17:01 . 2009-03-17 03:38 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-07-11 17:01 . 2009-03-17 03:38 24064 ----a-w- c:\windows\system32\amxread.dll
2009-07-11 17:01 . 2009-02-13 08:49 72704 ----a-w- c:\windows\system32\secur32.dll
2009-07-11 16:59 . 2008-12-06 04:42 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-07-11 16:59 . 2008-06-06 03:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2009-07-11 16:59 . 2008-06-06 03:27 38912 ----a-w- c:\windows\system32\xolehlp.dll
2009-07-11 16:56 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-07-11 14:16 . 2009-07-21 09:25 -------- d-----w- c:\progra~2\TrackMania

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-03 23:55 . 2009-01-07 15:04 -------- d-----w- c:\users\Solced\AppData\Roaming\dvdcss
2009-08-02 11:34 . 2008-02-15 22:04 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-30 11:54 . 2009-03-05 20:02 1 ----a-w- c:\users\Solced\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-07-21 21:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-21 20:34 . 2007-09-23 09:56 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-21 20:32 . 2008-12-21 21:07 -------- d-----w- c:\progra~2\Skype
2009-07-21 20:28 . 2008-02-25 00:49 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-21 18:50 . 2007-11-26 22:40 -------- d-----w- c:\program files\Mozilla Sunbird
2009-07-21 14:23 . 2009-07-21 13:22 2200 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-07-21 13:23 . 2009-07-21 13:23 296 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2009-07-20 19:04 . 2006-11-02 15:33 673866 ----a-w- c:\windows\system32\perfh007.dat
2009-07-20 19:04 . 2006-11-02 15:33 139086 ----a-w- c:\windows\system32\perfc007.dat
2009-07-18 16:06 . 2009-07-29 09:28 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-29 09:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-29 09:28 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-04 10:56 . 2009-05-12 20:05 -------- d-----w- c:\users\Solced\AppData\Roaming\Xfire
2009-07-03 19:34 . 2009-01-15 16:12 -------- d-----w- c:\program files\Common Files\Steam
2009-07-03 19:29 . 2009-05-12 20:05 -------- d-----w- c:\progra~2\Xfire
2009-06-28 20:22 . 2009-01-01 18:00 -------- d-----w- c:\program files\Full Tilt Poker
2009-06-27 12:13 . 2009-06-27 12:13 -------- d-----w- c:\program files\Sierra On-Line
2009-06-26 16:45 . 2008-12-21 21:09 -------- d-----w- c:\users\Solced\AppData\Roaming\skypePM
2009-06-26 14:50 . 2009-06-26 14:50 -------- d-----w- c:\program files\Valve
2009-06-12 10:45 . 2009-06-12 10:41 -------- d-----w- c:\program files\ICQ6.5
2009-06-11 22:29 . 2009-06-11 22:29 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-07-15 21:31 . 2009-07-21 20:37 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2007-08-07 18:47 . 2007-08-07 18:47 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16480_none_ef1b6bb652cf8744\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-07-23_17.25.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-29 09:28 . 2009-07-18 12:09 52736 c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.21089_none_2a4b88e181591ecb\iebrshim.dll
+ 2009-07-29 09:28 . 2009-07-18 12:10 52736 c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16890_none_29ae416e684b83a1\iebrshim.dll
+ 2009-07-29 09:28 . 2009-07-18 12:09 56320 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21089_none_c42672717aa9496e\iesetup.dll
+ 2009-07-29 09:28 . 2009-07-18 12:09 44544 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21089_none_c42672717aa9496e\iernonce.dll
+ 2009-07-29 09:28 . 2009-07-18 10:02 70656 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21089_none_c42672717aa9496e\ie4uinit.exe
+ 2009-07-29 09:28 . 2009-07-18 12:10 56320 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16890_none_c3892afe619bae44\iesetup.dll
+ 2009-07-29 09:28 . 2009-07-18 12:10 44544 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16890_none_c3892afe619bae44\iernonce.dll
+ 2009-07-29 09:28 . 2009-07-18 10:00 70656 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16890_none_c3892afe619bae44\ie4uinit.exe
+ 2009-07-29 09:28 . 2009-07-18 09:52 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22475_none_2fa4f48433505a52\ieUnatt.exe
+ 2009-07-29 09:28 . 2009-07-18 09:46 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18294_none_2f04b5b11a43dbec\ieUnatt.exe
+ 2009-07-29 09:28 . 2009-07-18 10:02 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21089_none_2db7bd56362e80c9\ieUnatt.exe
+ 2009-07-29 09:28 . 2009-07-18 10:00 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16890_none_2d1a75e31d20e59f\ieUnatt.exe
+ 2009-07-29 09:28 . 2009-07-18 12:09 63488 c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.21089_none_58f13cb3806e0725\icardie.dll
+ 2009-07-29 09:28 . 2009-07-18 12:10 63488 c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16890_none_5853f54067606bfb\icardie.dll
+ 2009-07-29 09:28 . 2009-07-18 09:51 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.22475_none_f3b07afbd37875ca\mshtmler.dll
+ 2009-07-29 09:28 . 2009-07-18 11:52 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.22475_none_f3b07afbd37875ca\ieencode.dll
+ 2006-11-02 07:33 . 2006-11-02 07:33 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.18294_none_f3103c28ba6bf764\mshtmler.dll
+ 2009-07-29 09:28 . 2009-07-18 16:01 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.18294_none_f3103c28ba6bf764\ieencode.dll
+ 2009-07-29 09:28 . 2009-07-18 08:42 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.21089_none_f1c343cdd6569c41\mshtmler.dll
+ 2009-07-29 09:28 . 2009-07-18 12:09 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.21089_none_f1c343cdd6569c41\ieencode.dll
+ 2009-07-29 09:28 . 2009-07-18 08:34 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.16890_none_f125fc5abd490117\mshtmler.dll
+ 2009-07-29 09:28 . 2009-07-18 12:10 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.16890_none_f125fc5abd490117\ieencode.dll
+ 2009-07-29 09:28 . 2009-07-18 11:50 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22475_none_ae7516482017c315\admparse.dll
+ 2008-04-03 00:47 . 2008-01-18 21:33 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18294_none_add4d775070b44af\admparse.dll
+ 2009-07-29 09:28 . 2009-07-18 12:06 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.21089_none_ac87df1a22f5e98c\admparse.dll
+ 2009-07-29 09:28 . 2009-07-18 12:07 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.16890_none_abea97a709e84e62\admparse.dll
+ 2009-07-29 09:28 . 2009-07-18 09:36 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22180_none_04028882b857ddd1\WininetPlugin.dll
+ 2009-07-29 09:28 . 2009-07-18 11:45 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22180_none_04028882b857ddd1\jsproxy.dll
+ 2009-07-11 17:01 . 2009-04-11 06:28 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18071_none_0384bbed9f313b6d\WininetPlugin.dll
+ 2009-07-11 17:01 . 2009-04-11 06:28 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18071_none_0384bbed9f313b6d\jsproxy.dll
+ 2009-07-29 09:28 . 2009-07-18 11:56 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22475_none_022be7f8bb24eb6f\WininetPlugin.dll
+ 2009-07-29 09:28 . 2009-07-18 11:53 28160 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22475_none_022be7f8bb24eb6f\jsproxy.dll
+ 2008-04-12 00:44 . 2008-02-22 05:01 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18294_none_018ba925a2186d09\WininetPlugin.dll
+ 2009-07-29 09:28 . 2009-07-18 16:02 28160 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18294_none_018ba925a2186d09\jsproxy.dll
+ 2009-07-29 09:28 . 2009-07-18 12:16 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21089_none_003eb0cabe0311e6\WininetPlugin.dll
+ 2009-07-29 09:28 . 2009-07-18 12:10 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21089_none_003eb0cabe0311e6\jsproxy.dll
+ 2009-07-29 09:28 . 2009-07-18 12:17 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16890_none_ffa16957a4f576bc\WininetPlugin.dll
+ 2009-07-29 09:28 . 2009-07-18 12:11 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16890_none_ffa16957a4f576bc\jsproxy.dll
+ 2009-07-29 09:28 . 2009-07-18 12:15 44544 c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.21089_none_ec1c2c762f9973ef\pngfilt.dll
+ 2009-07-29 09:28 . 2009-07-18 12:15 44544 c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16890_none_eb7ee503168bd8c5\pngfilt.dll
+ 2007-04-16 05:35 . 2009-08-04 19:14 74616 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-08-04 19:14 96350 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-21 17:19 . 2009-08-04 19:14 11698 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1012844329-1309873292-53014512-1001_UserData.bin
+ 2009-07-29 09:28 . 2009-07-18 16:02 28160 c:\windows\System32\jsproxy.dll
- 2009-07-11 17:01 . 2009-04-24 16:02 28160 c:\windows\System32\jsproxy.dll
- 2009-04-05 18:41 . 2009-07-23 17:15 41446 c:\windows\System32\config\systemprofile\AppData\Roaming\nvModes.dat
+ 2009-04-05 18:41 . 2009-08-04 19:18 41446 c:\windows\System32\config\systemprofile\AppData\Roaming\nvModes.dat
+ 2007-08-07 14:39 . 2009-08-02 12:09 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-08-07 14:39 . 2009-07-23 16:53 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-08-07 14:39 . 2009-07-23 16:53 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-08-07 14:39 . 2009-08-02 12:09 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-08-07 14:39 . 2009-08-02 12:09 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-08-07 14:39 . 2009-07-23 16:53 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-09-24 13:28 . 2006-09-24 13:28 5248 c:\windows\System32\speedfan.sys
+ 1996-04-03 19:33 . 1996-04-03 19:33 5248 c:\windows\System32\giveio.sys
- 2009-07-23 17:24 . 2009-07-23 17:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-08-04 19:13 . 2009-08-04 19:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-23 17:24 . 2009-07-23 17:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-08-04 19:13 . 2009-08-04 19:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-29 09:28 . 2009-07-18 10:02 301568 c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.21089_none_0b99cb87f04d1d33\ieuser.exe
+ 2009-07-29 09:28 . 2009-07-18 10:01 301568 c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16890_none_0afc8414d73f8209\ieuser.exe
+ 2009-07-29 09:28 . 2009-07-18 10:02 263168 c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.21089_none_e6f1966badd25d81\ieinstal.exe
+ 2009-07-29 09:28 . 2009-07-18 10:01 263168 c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16890_none_e6544ef894c4c257\ieinstal.exe
+ 2009-07-29 09:28 . 2009-07-18 09:24 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.22180_none_66bc01a4c4a3d534\ieui.dll
+ 2009-07-29 09:28 . 2009-07-18 09:20 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.18071_none_663e350fab7d32d0\ieui.dll
+ 2009-07-29 09:28 . 2009-07-18 11:52 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22475_none_64e5611ac770e2d2\ieui.dll
+ 2008-04-03 00:47 . 2008-01-18 21:34 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18294_none_64452247ae64646c\ieui.dll
+ 2009-07-29 09:28 . 2009-07-18 12:09 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.21089_none_62f829ecca4f0949\ieui.dll
+ 2009-07-29 09:28 . 2009-07-18 12:10 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16890_none_625ae279b1416e1f\ieui.dll
+ 2009-07-29 09:28 . 2009-07-18 11:56 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22475_none_47e69ed4a5d609cc\sqmapi.dll
+ 2009-07-29 09:28 . 2009-07-18 11:52 271360 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22475_none_47e69ed4a5d609cc\iertutil.dll
+ 2008-04-03 00:46 . 2008-01-18 21:36 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18294_none_474660018cc98b66\sqmapi.dll
+ 2009-07-29 09:28 . 2009-07-18 16:01 270848 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18294_none_474660018cc98b66\iertutil.dll
+ 2009-07-29 09:28 . 2009-07-18 12:15 134144 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.21089_none_45f967a6a8b43043\sqmapi.dll
+ 2009-07-29 09:28 . 2009-07-18 12:09 268288 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.21089_none_45f967a6a8b43043\iertutil.dll
+ 2009-07-29 09:28 . 2009-07-18 12:16 134144 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16890_none_455c20338fa69519\sqmapi.dll
+ 2009-07-29 09:28 . 2009-07-18 12:10 268288 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16890_none_455c20338fa69519\iertutil.dll
+ 2009-07-29 09:28 . 2009-07-18 11:55 146432 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.22475_none_37695ca72d74ef3a\occache.dll
+ 2009-07-29 09:28 . 2009-07-18 16:04 146432 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.18294_none_36c91dd4146870d4\occache.dll
+ 2009-07-29 09:28 . 2009-07-18 12:14 102912 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6000.21089_none_357c2579305315b1\occache.dll
+ 2009-07-29 09:28 . 2009-07-18 12:15 102912 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6000.16890_none_34dede0617457a87\occache.dll
+ 2009-07-29 09:28 . 2009-07-18 11:55 634648 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22475_none_2fa4f48433505a52\iexplore.exe
+ 2009-07-29 09:28 . 2009-07-18 21:39 634648 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18294_none_2f04b5b11a43dbec\iexplore.exe
+ 2009-07-29 09:28 . 2009-07-18 12:16 634648 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21089_none_2db7bd56362e80c9\iexplore.exe
+ 2009-07-29 09:28 . 2009-07-18 12:16 634648 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16890_none_2d1a75e31d20e59f\iexplore.exe

Teil II

+ 2009-07-29 09:28 . 2009-07-18 12:12 477696 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.21089_none_467ea6b45f94c4f4\mshtmled.dll
+ 2009-07-29 09:28 . 2009-07-18 12:13 477696 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16890_none_45e15f41468729ca\mshtmled.dll
+ 2009-07-29 09:28 . 2009-07-18 11:54 458240 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6001.22475_none_60297ec753c83e27\msfeeds.dll
+ 2009-07-29 09:28 . 2009-07-18 16:02 458240 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6001.18294_none_5f893ff43abbbfc1\msfeeds.dll
+ 2009-07-29 09:28 . 2009-07-18 12:12 459264 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6000.21089_none_5e3c479956a6649e\msfeeds.dll
+ 2009-07-29 09:28 . 2009-07-18 12:13 459264 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6000.16890_none_5d9f00263d98c974\msfeeds.dll
+ 2009-07-29 09:28 . 2009-07-18 12:08 214528 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.21089_none_961c0c5c9dd41267\dxtrans.dll
+ 2009-07-29 09:28 . 2009-07-18 12:08 347136 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.21089_none_961c0c5c9dd41267\dxtmsft.dll
+ 2009-07-29 09:28 . 2009-07-18 12:09 214528 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16890_none_957ec4e984c6773d\dxtrans.dll
+ 2009-07-29 09:28 . 2009-07-18 12:09 347136 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16890_none_957ec4e984c6773d\dxtmsft.dll
+ 2009-07-29 09:28 . 2009-07-18 12:09 380928 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.21089_none_f9e7d3a487ee8c39\ieapfltr.dll
+ 2009-07-29 09:28 . 2009-07-18 12:10 380928 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16890_none_f94a8c316ee0f10f\ieapfltr.dll
+ 2009-07-29 09:28 . 2009-07-18 11:52 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22475_none_ae7516482017c315\ieakui.dll
+ 2009-07-29 09:28 . 2009-07-18 11:52 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22475_none_ae7516482017c315\ieaksie.dll
+ 2006-11-02 07:27 . 2006-11-02 09:39 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18294_none_add4d775070b44af\ieakui.dll
+ 2009-07-29 09:28 . 2009-07-18 16:01 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18294_none_add4d775070b44af\ieaksie.dll
+ 2009-07-29 09:28 . 2009-07-18 12:09 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.21089_none_ac87df1a22f5e98c\ieakui.dll
+ 2009-07-29 09:28 . 2009-07-18 12:09 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.21089_none_ac87df1a22f5e98c\ieaksie.dll
+ 2009-07-29 09:28 . 2009-07-18 12:10 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.16890_none_abea97a709e84e62\ieakui.dll
+ 2009-07-29 09:28 . 2009-07-18 12:10 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.16890_none_abea97a709e84e62\ieaksie.dll
+ 2009-07-29 09:28 . 2009-07-18 11:52 389120 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6001.22475_none_749360f470cf0c36\iedkcs32.dll
+ 2009-07-29 09:28 . 2009-07-18 16:01 389120 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6001.18294_none_73f3222157c28dd0\iedkcs32.dll
+ 2009-07-29 09:28 . 2009-07-18 12:09 388608 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6000.21089_none_72a629c673ad32ad\iedkcs32.dll
+ 2009-07-29 09:28 . 2009-07-18 12:10 385024 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6000.16890_none_7208e2535a9f9783\iedkcs32.dll
+ 2009-07-29 09:28 . 2009-07-18 11:47 828928 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22180_none_04028882b857ddd1\wininet.dll
+ 2009-07-29 09:28 . 2009-07-18 11:35 828416 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18071_none_0384bbed9f313b6d\wininet.dll
+ 2009-07-29 09:28 . 2009-07-18 11:56 828416 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22475_none_022be7f8bb24eb6f\wininet.dll
+ 2009-07-29 09:28 . 2009-07-18 16:06 827904 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18294_none_018ba925a2186d09\wininet.dll
+ 2009-07-29 09:28 . 2009-07-18 12:16 828928 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21089_none_003eb0cabe0311e6\wininet.dll
+ 2009-07-29 09:28 . 2009-07-18 12:17 827392 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16890_none_ffa16957a4f576bc\wininet.dll
+ 2009-07-29 09:28 . 2009-07-18 11:54 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22475_none_e1089b1f95c4844b\mstime.dll
+ 2009-07-29 09:28 . 2009-07-18 16:03 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18294_none_e0685c4c7cb805e5\mstime.dll
+ 2009-07-29 09:28 . 2009-07-18 12:13 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.21089_none_df1b63f198a2aac2\mstime.dll
+ 2009-07-29 09:28 . 2009-07-18 12:13 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16890_none_de7e1c7e7f950f98\mstime.dll
+ 2009-07-29 09:28 . 2009-07-18 12:06 124928 c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.21089_none_aa2122c70f008df0\advpack.dll
+ 2009-07-29 09:28 . 2009-07-18 12:07 124928 c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16890_none_a983db53f5f2f2c6\advpack.dll
+ 2007-04-16 07:24 . 2009-08-04 16:45 271474 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-29 09:28 . 2009-07-18 16:04 146432 c:\windows\System32\occache.dll
- 2009-07-11 17:01 . 2009-04-24 16:03 671232 c:\windows\System32\mstime.dll
+ 2009-07-29 09:28 . 2009-07-18 16:03 671232 c:\windows\System32\mstime.dll
+ 2009-07-29 09:28 . 2009-07-18 16:02 458240 c:\windows\System32\msfeeds.dll
- 2009-07-11 17:01 . 2009-04-24 16:03 458240 c:\windows\System32\msfeeds.dll
- 2009-07-11 17:01 . 2009-04-24 16:02 270848 c:\windows\System32\iertutil.dll
+ 2009-07-29 09:28 . 2009-07-18 16:01 270848 c:\windows\System32\iertutil.dll
- 2009-07-11 17:01 . 2009-04-24 16:02 389120 c:\windows\System32\iedkcs32.dll
+ 2009-07-29 09:28 . 2009-07-18 16:01 389120 c:\windows\System32\iedkcs32.dll
- 2009-07-11 17:01 . 2009-04-24 16:02 230400 c:\windows\System32\ieaksie.dll
+ 2009-07-29 09:28 . 2009-07-18 16:01 230400 c:\windows\System32\ieaksie.dll
+ 2009-07-29 09:28 . 2009-07-18 11:45 6081024 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.22180_none_66bc01a4c4a3d534\ieframe.dll
+ 2009-07-29 09:28 . 2009-07-18 11:32 6079488 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.18071_none_663e350fab7d32d0\ieframe.dll
+ 2009-07-29 09:28 . 2009-07-18 09:55 6072832 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22475_none_64e5611ac770e2d2\ieframe.dll
+ 2009-07-29 09:28 . 2009-07-18 16:01 6069248 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18294_none_64452247ae64646c\ieframe.dll
+ 2009-07-29 09:28 . 2009-07-18 12:09 6070784 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.21089_none_62f829ecca4f0949\ieframe.dll
+ 2009-07-29 09:28 . 2009-07-18 12:10 6067200 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16890_none_625ae279b1416e1f\ieframe.dll
+ 2009-07-29 09:28 . 2009-07-18 11:45 3600384 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.22180_none_155ca7a138ae4707\mshtml.dll
+ 2009-07-29 09:28 . 2009-07-18 11:33 3599360 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.18071_none_14dedb0c1f87a4a3\mshtml.dll
+ 2009-07-29 09:28 . 2009-07-18 11:54 3584512 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22475_none_138607173b7b54a5\mshtml.dll
+ 2009-07-29 09:28 . 2009-07-18 16:02 3583488 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18294_none_12e5c844226ed63f\mshtml.dll
+ 2009-07-29 09:28 . 2009-07-18 12:12 3600384 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.21089_none_1198cfe93e597b1c\mshtml.dll
+ 2009-07-29 09:28 . 2009-07-18 12:13 3597824 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16890_none_10fb8876254bdff2\mshtml.dll
+ 2009-07-29 09:28 . 2009-06-18 06:56 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.21089_none_f9e7d3a487ee8c39\ieapfltr.dat
+ 2009-07-29 09:28 . 2009-06-18 06:57 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16890_none_f94a8c316ee0f10f\ieapfltr.dat
+ 2009-07-29 09:28 . 2009-07-18 11:47 1167872 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.22180_none_b6fcace0ed4eb73e\urlmon.dll
+ 2009-07-29 09:28 . 2009-07-18 11:34 1167872 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.18071_none_b67ee04bd42814da\urlmon.dll
+ 2009-07-29 09:28 . 2009-07-18 11:56 1166848 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22475_none_b5260c56f01bc4dc\urlmon.dll
+ 2009-07-29 09:28 . 2009-07-18 16:06 1166336 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18294_none_b485cd83d70f4676\urlmon.dll
+ 2009-07-29 09:28 . 2009-07-18 12:16 1163264 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.21089_none_b338d528f2f9eb53\urlmon.dll
+ 2009-07-29 09:28 . 2009-07-18 12:16 1159680 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16890_none_b29b8db5d9ec5029\urlmon.dll
- 2009-07-11 17:01 . 2009-04-24 16:05 1166336 c:\windows\System32\urlmon.dll
+ 2009-07-29 09:28 . 2009-07-18 16:06 1166336 c:\windows\System32\urlmon.dll
- 2006-11-02 10:22 . 2009-07-22 22:13 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:22 . 2009-07-30 01:02 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-07-29 09:28 . 2009-07-18 16:02 3583488 c:\windows\System32\mshtml.dll
+ 2009-07-29 09:28 . 2009-07-18 16:01 6069248 c:\windows\System32\ieframe.dll
- 2009-07-11 17:01 . 2009-04-24 16:02 6069248 c:\windows\System32\ieframe.dll
+ 2009-07-22 20:07 . 2009-07-29 09:26 61444888 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2006-12-03 15:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2006-12-03 15:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-13 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-13 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-13 81920]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-06-13 4489216]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-12-03 14:50 90112 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi6"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1012844329-1309873292-53014512-1000]
"EnableNotificationsRef"=dword:00000001

TEIL III

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BB980586-677E-40CB-B41F-9880906DE2D4}"= Profile=Private|c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{D693FD80-E933-4156-81F9-66A8B444D643}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= Disabled:UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{D1FBFF98-F375-4238-AE67-BB95BEA2FE19}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= Disabled:TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{9489D34C-E3D3-4081-991D-CB3FA13DD38F}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{3EA63B76-68C7-439F-B969-1857B72BAE9A}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{F2D661C9-3F61-4796-B60A-F23ADDE3E56A}c:\\program files\\icq6\\icq.exe"= Disabled:UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{A2DC48E8-EDE4-4EB2-A59E-035560BA04C4}c:\\program files\\icq6\\icq.exe"= Disabled:TCP:c:\program files\icq6\icq.exe:ICQ Library
"{9243BB5D-08FE-4865-8ACB-A4E37AA651C6}"= Disabled:UDP:c:\program files\THQ\Juiced2_HIN\Juiced2_HIN.exe:Juiced2_HIN
"{8D1D40F4-E132-4595-8C1C-520E6BFBA96D}"= Disabled:TCP:c:\program files\THQ\Juiced2_HIN\Juiced2_HIN.exe:Juiced2_HIN
"TCP Query User{BF7345A5-B7C0-44D4-B4B9-3E135A8189B8}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{84B757CD-AE0E-4515-BAAD-260F8195CB4E}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{8A2C9F09-4F09-41FF-A264-E6F81AB9DF07}"= Profile=Private|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{E55BAB8D-7FE1-4E16-9A27-C2D0B6441D00}c:\\program files\\flightgear\\bin\\win32\\fgfs.exe"= Disabled:UDP:c:\program files\flightgear\bin\win32\fgfs.exe:fgfs
"UDP Query User{92612533-B1BE-4089-820D-E36461D65DB9}c:\\program files\\flightgear\\bin\\win32\\fgfs.exe"= Disabled:TCP:c:\program files\flightgear\bin\win32\fgfs.exe:fgfs
"{8A597623-D0E8-4C8C-B8F8-D856E4E185DB}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{222774B3-86F3-4E48-965C-2D9C203E4A45}c:\\program files\\lucasarts\\star wars jk ii jedi outcast\\gamedata\\jk2mp.exe"= UDP:c:\program files\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe:jk2mp
"UDP Query User{726B9BE1-B37E-45A2-AB55-F8DCC716526D}c:\\program files\\lucasarts\\star wars jk ii jedi outcast\\gamedata\\jk2mp.exe"= TCP:c:\program files\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe:jk2mp
"{C715306C-79AF-4376-8607-5875E78E48C0}"= UDP:c:\program files\Windows Live\Messenger\msnmsgr.exe:Windows Live Messenger
"{18F6A95C-796A-4063-BFA0-B31E8A0ACB74}"= TCP:c:\program files\Windows Live\Messenger\msnmsgr.exe:Windows Live Messenger
"{6D853470-151D-49E4-AB4D-2B93F839E01F}"= UDP:c:\program files\Microsoft Games for Windows - LIVE\Client\GFWLive.exe:Games for Windows - LIVE
"{3C07032E-5A87-45D8-810D-58A78FFE2ACE}"= TCP:c:\program files\Microsoft Games for Windows - LIVE\Client\GFWLive.exe:Games for Windows - LIVE
"TCP Query User{401B3B43-5D40-42BC-AB59-C58DA4B7A35A}c:\\program files\\microsoft games for windows - live\\eidos\\kane and lynch dead men\\kaneandlynch.exe"= UDP:c:\program files\microsoft games for windows - live\eidos\kane and lynch dead men\kaneandlynch.exe:Kane & Lynch - Dead Men
"UDP Query User{F640DB72-67DB-4510-BA07-8720AAE5D6EB}c:\\program files\\microsoft games for windows - live\\eidos\\kane and lynch dead men\\kaneandlynch.exe"= TCP:c:\program files\microsoft games for windows - live\eidos\kane and lynch dead men\kaneandlynch.exe:Kane & Lynch - Dead Men
"TCP Query User{C607A43A-27A8-48C2-9615-044F8452FCD9}c:\\program files\\microsoft games for windows - live\\eidos\\kane and lynch dead men\\kaneandlynch.exe"= UDP:c:\program files\microsoft games for windows - live\eidos\kane and lynch dead men\kaneandlynch.exe:Kane & Lynch - Dead Men
"UDP Query User{704CFF66-85D0-4D07-A084-03D6A386387A}c:\\program files\\microsoft games for windows - live\\eidos\\kane and lynch dead men\\kaneandlynch.exe"= TCP:c:\program files\microsoft games for windows - live\eidos\kane and lynch dead men\kaneandlynch.exe:Kane & Lynch - Dead Men
"{32D59623-2550-4E9F-A3C1-CA32E214F691}"= UDP:c:\program files\Valve\Steam\Steam.exe:Steam
"{7FADD213-6EE3-46B1-A7AC-06908A6C01BB}"= TCP:c:\program files\Valve\Steam\Steam.exe:Steam
"TCP Query User{66E9EB07-FB04-4111-A6DB-B81F229B6CA9}c:\\program files\\novalogic\\delta force black hawk down\\update.exe"= UDP:c:\program files\novalogic\delta force black hawk down\update.exe:UPDATE
"UDP Query User{5F514F26-A3D9-4512-B1A2-C8576AB1A421}c:\\program files\\novalogic\\delta force black hawk down\\update.exe"= TCP:c:\program files\novalogic\delta force black hawk down\update.exe:UPDATE
"TCP Query User{226E942B-B6AE-495F-B41E-BE4B6C6EC2CC}c:\\program files\\sierra\\fear\\fpupdate.exe"= UDP:c:\program files\sierra\fear\fpupdate.exe:fpupdate
"UDP Query User{9BBB656A-DF7C-4119-9BFE-AB94EE52DF71}c:\\program files\\sierra\\fear\\fpupdate.exe"= TCP:c:\program files\sierra\fear\fpupdate.exe:fpupdate
"TCP Query User{6619EF38-C387-484C-B892-8B5DD5EFCA17}c:\\program files\\sierra\\fear\\fearserver.exe"= UDP:c:\program files\sierra\fear\fearserver.exe:F.E.A.R. - Stand-Alone Server
"UDP Query User{974B05E9-F9D2-4D91-83F3-4E057FD780B1}c:\\program files\\sierra\\fear\\fearserver.exe"= TCP:c:\program files\sierra\fear\fearserver.exe:F.E.A.R. - Stand-Alone Server
"{8EA4E7CE-AC7A-49C0-99F5-54DCB56A1E01}"= UDP:c:\program files\Sierra\FEAR\FEAR.exe:FEAR
"{84E3A3C7-6E62-4208-9A6E-E788DDDC7D93}"= TCP:c:\program files\Sierra\FEAR\FEAR.exe:FEAR
"{07E4232C-7A56-4698-9186-22F7D17355E7}"= UDP:c:\program files\Sierra\FEAR\FEARMP.exe:FEAR
"{83FEFE00-7F99-4F45-A034-5FE505298AFB}"= TCP:c:\program files\Sierra\FEAR\FEARMP.exe:FEAR
"TCP Query User{724706AD-09FE-4032-9801-6C32F2293181}d:\\programme 2\\doom 3\\doom3ded.exe"= UDP:d:\programme 2\doom 3\doom3ded.exe:DOOM 3
"UDP Query User{08966DCC-4C48-4037-9592-03267CAA2EC8}d:\\programme 2\\doom 3\\doom3ded.exe"= TCP:d:\programme 2\doom 3\doom3ded.exe:DOOM 3
"TCP Query User{B1E6870F-AAE7-4FF1-B68C-075016976576}d:\\programme 2\\xfire\\xfire.exe"= UDP:d:\programme 2\xfire\xfire.exe:Xfire
"UDP Query User{34F082A0-F425-41DA-8A8C-BC87AB8364CB}d:\\programme 2\\xfire\\xfire.exe"= TCP:d:\programme 2\xfire\xfire.exe:Xfire
"TCP Query User{51AFA22C-4FFA-46D3-8213-1F7A802DBA0B}c:\\program files\\savage 2 - a tortured soul\\savage2.exe"= UDP:c:\program files\savage 2 - a tortured soul\savage2.exe:savage2
"UDP Query User{C04D9A2D-9E08-42A6-8B72-5B31E2B34ECF}c:\\program files\\savage 2 - a tortured soul\\savage2.exe"= TCP:c:\program files\savage 2 - a tortured soul\savage2.exe:savage2
"TCP Query User{3C8D0CC7-8412-4E9B-962B-C1FBE85C0DEA}d:\\programme 2\\xfire\\xfire.exe"= UDP:d:\programme 2\xfire\xfire.exe:Xfire
"UDP Query User{BDDBAD50-BC64-4B80-A440-8F9240815CCC}d:\\programme 2\\xfire\\xfire.exe"= TCP:d:\programme 2\xfire\xfire.exe:Xfire
"TCP Query User{8DACD63C-BDB5-42F6-8242-3E468C205C54}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ
"UDP Query User{4F0DCF49-43E5-42E3-AAF2-8FE24F759992}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ
"TCP Query User{42B7F61C-4EF1-4685-9E27-ADD5BB23A3BF}c:\\program files\\valve\\steam\\steamapps\\solced\\condition zero\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\solced\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{FE0D4CC6-585F-4AB3-940B-0A4CE7E6C4F5}c:\\program files\\valve\\steam\\steamapps\\solced\\condition zero\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\solced\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{B2734F68-0737-4172-8946-020CC368559C}c:\\program files\\valve\\steam\\steamapps\\solced\\counter-strike\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\solced\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{745C66C0-68DF-44DB-917E-BFAECE148641}c:\\program files\\valve\\steam\\steamapps\\solced\\counter-strike\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\solced\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{63778396-D537-4AA5-A0B0-9A9641766108}c:\\program files\\valve\\steam\\steamapps\\solced\\ricochet\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\solced\ricochet\hl.exe:Half-Life Launcher
"UDP Query User{CDD320FB-830E-4224-82E1-AD85B6AA9C57}c:\\program files\\valve\\steam\\steamapps\\solced\\ricochet\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\solced\ricochet\hl.exe:Half-Life Launcher
"{82C0497B-8927-4673-BCA2-AF7A7F25DF95}"= UDP:c:\program files\Valve\Steam\SteamApps\common\trackmania nations forever\TmForever.exe:TrackMania Nations Forever
"{79230E82-B47C-44A6-923E-ADD9355520F4}"= TCP:c:\program files\Valve\Steam\SteamApps\common\trackmania nations forever\TmForever.exe:TrackMania Nations Forever
"{084ED45A-DCD9-4B22-B7A6-6AC394063E6C}"= UDP:c:\program files\Valve\Steam\SteamApps\common\trackmania nations forever\TmForeverLauncher.exe:TrackMania Nations Forever
"{0F195E34-DE6D-41B8-8621-FB7710AF34F5}"= TCP:c:\program files\Valve\Steam\SteamApps\common\trackmania nations forever\TmForeverLauncher.exe:TrackMania Nations Forever
"TCP Query User{0EC73DEC-EA6D-4F4A-A763-12E1D415D692}c:\\program files\\valve\\steam\\steamapps\\solced\\day of defeat\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\solced\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{18D57237-8D16-401A-8429-FDEDB676BA2A}c:\\program files\\valve\\steam\\steamapps\\solced\\day of defeat\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\solced\day of defeat\hl.exe:Half-Life Launcher

R0 CplIR;Embedded IR Driver;c:\windows\System32\drivers\CplIR.sys [06.03.2007 15:01 14848]
R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [04.08.2009 19:38 28544]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [05.07.2006 14:46 63352]
R2 SecureDZoneService;SecureDZone Helper Service;c:\program files\ArchiCrypt\Shredder 4\SecureDZoneService.exe [29.08.2007 19:58 531968]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe --> c:\program files\MAGIX\Common\Database\bin\fbserver.exe [?]
S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\System32\drivers\tascusb2.sys [22.02.2009 22:44 360448]
S3 TASCAM_US144_MIDI;TASCAM US-144 WDM MIDI Device;c:\windows\System32\drivers\tscusb2m.sys [22.02.2009 22:44 18944]
S3 TASCAM_US144_WDM;TASCAM US-144 WDM;c:\windows\System32\drivers\tscusb2a.sys [22.02.2009 22:44 33792]
S4 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [13.03.2008 20:08 24576]

--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - PAVBOOT

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
rsmsvcs REG_MULTI_SZ ntmssvc
bthsvcs REG_MULTI_SZ BthServ
.
.
------- Zusätzlicher Suchlauf -------
.
FF - ProfilePath - c:\users\Solced\AppData\Roaming\Mozilla\Firefox\Profiles\s4l8g8q6.default\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-04 21:26
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(680)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll

- - - - - - - > 'Explorer.exe'(3592)
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
.
Zeit der Fertigstellung: 2009-08-04 21:29
ComboFix-quarantined-files.txt 2009-08-04 19:28
ComboFix2.txt 2009-07-23 19:07
ComboFix3.txt 2009-07-23 17:31

Vor Suchlauf: 13 Verzeichnis(se), 26.992.799.744 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 27.055.685.632 Bytes frei

433 --- E O F --- 2009-08-04 09:29

Falls du es nicht gelesen haben solltest => http://www.trojaner-board.de/453765-post40.html

Ich danke dir für die Hilfe und den Zeitraum den du mir wirklich sehr geholfen hast @john.doe
Ein wirkliches Dankeschön!

Leider war ich nicht alleiniger Nutzer dieses Rechners gewesen und greife auch allg. nicht wirklich auf die D: Platte zu. Schade das keine Daten wie Datum dabei stehen um zu wissen, wann diese etwaigen Programme herunter geladen wurden. definitiv auch nicht über meinen Router.
Das bestmögliche sollte wirklich sein, das System neu aufzusetzen um mich auch wirklich von allem und dem Rest des Vorgängers zu befreien, ggf. auch vlt. von unrat den ich mir durch unwissen draufgehauen habe.

thx für alles

Pierre