Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Virus/Rootki Problem:R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyS (https://www.trojaner-board.de/91452-virus-rootki-problem-r1-hkcu-software-microsoft-windows-currentversion-internet-settings-proxys.html)

Demonico 04.10.2010 17:16
Virus/Rootki Problem:R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyS
 
Hallo! neues Mitglied erbittet Hilfe bei Problem ^^

Also mit diesem Problem habe ich mich zunächst an ein anderer Forum (ja Schande über mich) gewandt (Giga.de). Dort hat man mir auch früher schonmal geholfen. Die größten Schwierigkeiten konnte ich mit deren Hilfe auch beseitigen =)
ABER als es dann zu den letzten Schritten kam wurden mein Problem und ich wohl vergessen :( und mir wäre das irgendwie unangenehm, meinen Helfer extra zu errinnern...
Aufjedenfall vermute ich, dass sich noch immer auf meinem Netbook ein Rootkit befindet und ich kriegs nicht weg >.> Ich bin mir jetzt ehrlich gesagt nicht sicher ob ich die gesamte Vorgeschichte meines Viruses auch posten sollte... Das lasse ich erstmal... auf Anfrage, werd ich das aber natürlich nachholen! Im Folgenden werde ich dann ein HJT Logfile, ein neues OTL und von den letzten Scans, die ich im Rahmen der letzten Bearbeitung bei Giga.de ausführen sollte hochladen.

--HJT Logfile mit Verweis auf mein Problem:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:05:22, on 04.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programme\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\OpenOffice.org 3\program\soffice.exe
C:\Programme\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Java\jre6\bin\jucheck.exe
C:\Dokumente und Einstellungen\***\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O4 - HKLM\..\Run: [HDAudDeck] C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Windows Search.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe

--
End of file - 4267 bytes
Wie schon im Titel genannt liegt mein Problem wohl hier:
Code:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
-------------------

---OTL Logfiles neueste:
OTL.txt
Code:
OTL logfile created on: 04.10.2010 17:39:50 - Run 7
OTL by OldTimer - Version 3.2.5.0    Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.015,00 Mb Total Physical Memory | 457,00 Mb Available Physical Memory | 45,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,05 Gb Total Space | 104,21 Gb Free Space | 69,92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NETBOOK
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.08.19 14:29:30 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.05.21 17:01:17 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
PRC - [2010.05.21 13:29:08 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\***\Desktop\HiJackThis.exe
PRC - [2009.09.21 14:07:11 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre6\bin\jucheck.exe
PRC - [2009.04.23 06:47:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2009.04.23 06:46:40 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2008.08.08 14:11:12 | 000,490,952 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\daemon.exe
PRC - [2008.05.26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Desktop Search\WindowsSearch.exe
PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.05.21 17:01:17 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
MOD - [2008.04.14 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2004.10.22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.02.11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009.12.06 19:02:50 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.12.06 19:02:49 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.12.06 18:12:52 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.07.10 11:03:04 | 001,381,632 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008.07.10 10:33:00 | 000,306,176 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8187Se.sys -- (rtl8187Se)
DRV - [2008.04.14 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.04.14 01:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2008.02.15 13:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.19 14:29:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.19 14:29:43 | 000,000,000 | ---D | M]
 
[2009.12.02 18:48:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2010.10.04 17:12:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\165y198c.default\extensions
[2009.12.03 00:23:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Dome\Anwendungsdaten\Mozilla\Firefox\Profiles\165y198c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.29 09:38:13 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.08.19 14:29:35 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.19 14:29:35 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.19 14:29:35 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.19 14:29:35 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.19 14:29:35 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.04 23:16:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows Search.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.09.18 21:19:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.04 16:57:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.10.04 16:57:40 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.10.04 16:57:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.04 16:57:30 | 1064,685,568 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.05 01:07:35 | 003,932,160 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT
[2010.09.05 01:07:35 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini
[2010.09.05 01:07:29 | 005,359,762 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\IconCache.db
 
========== Files Created - No Company Name ==========
 
[2009.12.12 18:24:05 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009.12.06 18:12:52 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.11.28 22:55:46 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009.11.28 22:55:39 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009.09.22 14:31:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009.09.21 10:45:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Belinea.ini
[2009.09.18 14:13:29 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2009.06.26 16:51:30 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.05.26 22:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 22:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 22:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008.02.15 13:21:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
 
========== LOP Check ==========
 
[2010.08.05 08:32:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\96B0EE00D6ADE293A7082DD46387B32C
[2009.12.06 18:12:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools
[2009.11.29 13:57:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org
[2009.11.29 13:11:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ScummVM
[2009.12.21 14:14:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Teeworlds
[2009.09.21 15:13:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Desktop Search
[2009.11.30 18:29:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Search
 
========== Purity Check ==========
 
 
< End of report >
Extra.txt:
Code:
OTL logfile created on: 04.10.2010 17:39:50 - Run 7
OTL by OldTimer - Version 3.2.5.0    Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.015,00 Mb Total Physical Memory | 457,00 Mb Available Physical Memory | 45,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,05 Gb Total Space | 104,21 Gb Free Space | 69,92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NETBOOK
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.08.19 14:29:30 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.05.21 17:01:17 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
PRC - [2010.05.21 13:29:08 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\***\Desktop\HiJackThis.exe
PRC - [2009.09.21 14:07:11 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre6\bin\jucheck.exe
PRC - [2009.04.23 06:47:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2009.04.23 06:46:40 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2008.08.08 14:11:12 | 000,490,952 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\daemon.exe
PRC - [2008.05.26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Desktop Search\WindowsSearch.exe
PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.05.21 17:01:17 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
MOD - [2008.04.14 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2004.10.22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.02.11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009.12.06 19:02:50 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.12.06 19:02:49 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.12.06 18:12:52 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.07.10 11:03:04 | 001,381,632 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008.07.10 10:33:00 | 000,306,176 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8187Se.sys -- (rtl8187Se)
DRV - [2008.04.14 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.04.14 01:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2008.02.15 13:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.19 14:29:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.19 14:29:43 | 000,000,000 | ---D | M]
 
[2009.12.02 18:48:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2010.10.04 17:12:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\165y198c.default\extensions
[2009.12.03 00:23:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\165y198c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.29 09:38:13 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.08.19 14:29:35 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.19 14:29:35 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.19 14:29:35 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.19 14:29:35 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.19 14:29:35 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.04 23:16:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows Search.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.09.18 21:19:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========

 
========== Files - Modified Within 30 Days ==========
 
[2010.10.04 16:57:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.10.04 16:57:40 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.10.04 16:57:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.04 16:57:30 | 1064,685,568 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.05 01:07:35 | 003,932,160 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT
[2010.09.05 01:07:35 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini
[2010.09.05 01:07:29 | 005,359,762 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\IconCache.db
 
========== Files Created - No Company Name ==========
 
[2009.12.12 18:24:05 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009.12.06 18:12:52 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.11.28 22:55:46 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009.11.28 22:55:39 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009.09.22 14:31:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009.09.21 10:45:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Belinea.ini
[2009.09.18 14:13:29 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2009.06.26 16:51:30 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.05.26 22:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 22:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 22:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008.02.15 13:21:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
 
========== LOP Check ==========
 
[2010.08.05 08:32:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\96B0EE00D6ADE293A7082DD46387B32C
[2009.12.06 18:12:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools
[2009.11.29 13:57:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org
[2009.11.29 13:11:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ScummVM
[2009.12.21 14:14:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Teeworlds
[2009.09.21 15:13:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Desktop Search
[2009.11.30 18:29:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Search
 
========== Purity Check ==========
< End of report >
--------------------------

So nun das interessantere und zwar hab ich da noch 2 weitere Scans.
Einmal von GMER das von GMER ist etwas älter... aber ich hab seitdem wirklich nichts an meinem Netbook gemacht also wird sich da doch nichts geändert haben, denke ich. Naja und dann eben noch von RootRepeal.

das erste Logfile vom automatische Scan von GMER:

Code:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit quick scan 2010-08-09 19:47:09
Windows 5.1.2600 Service Pack 3
Running: s11580co.exe; Driver: C:\DOKUME~1\***\LOKALE~1\Temp\uwldqpog.sys


---- System - GMER 1.0.15 ----

SSDT    spsj.sys                ZwEnumerateKey [0xF73A6CA2]
SSDT    spsj.sys                ZwEnumerateValueKey [0xF73A7030]

---- Devices - GMER 1.0.15 ----

Device  \FileSystem\Ntfs \Ntfs  865681F8

---- EOF - GMER 1.0.15 ----
Dann das ausführliche, mit den Häkchen an: Drivers,Files,Processes,SSDT,Stealth Objects,Hidden Services,Shadow SSDT

Code:

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-09 21:09:59
Windows 5.1.2600 Service Pack 3
Running: s11580co.exe; Driver: C:\DOKUME~1\***\LOKALE~1\Temp\uwldqpog.sys

---- System - GMER 1.0.15 ----

SSDT      spmv.sys                                                                                                            ZwCreateKey [0xF73880E0]
SSDT      spmv.sys                                                                                                            ZwEnumerateKey [0xF73A6CA2]
SSDT      spmv.sys                                                                                                            ZwEnumerateValueKey [0xF73A7030]
SSDT      spmv.sys                                                                                                            ZwOpenKey [0xF73880C0]
SSDT      spmv.sys                                                                                                            ZwQueryKey [0xF73A7108]
SSDT      spmv.sys                                                                                                            ZwQueryValueKey [0xF73A6F88]
SSDT      spmv.sys                                                                                                            ZwSetValueKey [0xF73A719A]

INT 0x62  ?                                                                                                                    86569BF8
INT 0x63  ?                                                                                                                    86548BF8
INT 0x82  ?                                                                                                                    86569BF8
INT 0xA4  ?                                                                                                                    86548BF8
INT 0xB4  ?                                                                                                                    86548BF8

---- Kernel code sections - GMER 1.0.15 ----

?        spmv.sys                                                                                                            Das System kann die angegebene Datei nicht finden. !
.text    USBPORT.SYS!DllUnload                                                                                                F6B7C8AC 5 Bytes  JMP 865481D8
.text    axvjomqf.SYS                                                                                                        F6B2D386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]
.text    axvjomqf.SYS                                                                                                        F6B2D3AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]
.text    axvjomqf.SYS                                                                                                        F6B2D3C4 3 Bytes  [00, 70, 02] {ADD [EAX+0x2], DH}
.text    axvjomqf.SYS                                                                                                        F6B2D3C9 1 Byte  [2E]
.text    axvjomqf.SYS                                                                                                        F6B2D3C9 11 Bytes  [2E, 00, 00, 00, 5A, 02, 00, ...]
.text    ...                                                                                                                 
.text    C:\WINDOWS\system32\DRIVERS\atksgt.sys                                                                              section is writeable [0xA9ED5300, 0x3B6D8, 0xE8000020]
.text    C:\WINDOWS\system32\DRIVERS\lirsgt.sys                                                                              section is writeable [0xF78D0300, 0x1BEE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text    C:\WINDOWS\system32\SearchIndexer.exe[1480] kernel32.dll!WriteFile                                                  7C810E27 7 Bytes  JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT      atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                  [F7389040] spmv.sys
IAT      atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                          [F738913C] spmv.sys
IAT      atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                  [F73890BE] spmv.sys
IAT      atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                          [F73897FC] spmv.sys
IAT      atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                  [F73896D2] spmv.sys
IAT      \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                  [F7399048] spmv.sys
IAT      \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!KfAcquireSpinLock]                                                C0840CEC
IAT      \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!READ_PORT_UCHAR]                                                  053C0D74
IAT      \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!KeGetCurrentIrql]                                                  57B80974
IAT      \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!KfRaiseIrql]                                                      8B000000
IAT      \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!KfLowerIrql]                                                      56C35DE5
IAT      \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!HalGetInterruptVector]                                            8D08758B
IAT      \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!HalTranslateBusAddress]                                            8D51FC4D
IAT      \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!KeStallExecutionProcessor]                                        8D52FD55
IAT      \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!KfReleaseSpinLock]                                                8D51FE4D
IAT      \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                          8D52FF55
IAT      \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!READ_PORT_USHORT]                                                  8D51F84D
IAT      \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                          5052F455
IAT      \SystemRoot\System32\Drivers\axvjomqf.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                  EACAE856
IAT      \SystemRoot\System32\Drivers\axvjomqf.SYS[WMILIB.SYS!WmiSystemControl]                                              0FC08520
IAT      \SystemRoot\System32\Drivers\axvjomqf.SYS[WMILIB.SYS!WmiCompleteRequest]                                            0001B185

---- Devices - GMER 1.0.15 ----

Device    \FileSystem\Ntfs \Ntfs                                                                                              865681F8
Device    \Driver\usbehci \Device\USBPDO-0                                                                                    865311F8
Device    \Driver\NetBT \Device\NetBT_Tcpip_{F17C00ED-C6BC-49D5-A2F0-861DDAB418DF}                                            86004500
Device    \Driver\usbuhci \Device\USBPDO-1                                                                                    864F51F8
Device    \Driver\usbuhci \Device\USBPDO-2                                                                                    864F51F8
Device    \Driver\PCI_PNP9360 \Device\00000046                                                                                spmv.sys
Device    \Driver\usbuhci \Device\USBPDO-3                                                                                    864F51F8
Device    \Driver\usbuhci \Device\USBPDO-4                                                                                    864F51F8
Device    \Driver\Ftdisk \Device\HarddiskVolume1                                                                              865DA1F8
Device    \Driver\Cdrom \Device\CdRom0                                                                                        863E41F8
Device    \Driver\Cdrom \Device\CdRom1                                                                                        863E41F8
Device    \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                          [F7301B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort0                                                                                  [F7301B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort1                                                                                  [F7301B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\Cdrom \Device\CdRom2                                                                                        863E41F8
Device    \Driver\Cdrom \Device\CdRom3                                                                                        863E41F8
Device    \Driver\NetBT \Device\NetBt_Wins_Export                                                                              86004500
Device    \Driver\NetBT \Device\NetbiosSmb                                                                                    86004500
Device    \Driver\NetBT \Device\NetBT_Tcpip_{07E6D699-3D91-4155-AC03-B124EE196EF2}                                            86004500
Device    \Driver\usbuhci \Device\USBFDO-0                                                                                    864F51F8
Device    \Driver\usbuhci \Device\USBFDO-1                                                                                    864F51F8
Device    \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                    85E53500
Device    \Driver\usbuhci \Device\USBFDO-2                                                                                    864F51F8
Device    \FileSystem\MRxSmb \Device\LanmanRedirector                                                                          85E53500
Device    \Driver\usbuhci \Device\USBFDO-3                                                                                    864F51F8
Device    \Driver\usbehci \Device\USBFDO-4                                                                                    865311F8
Device    \Driver\Ftdisk \Device\FtControl                                                                                    865DA1F8
Device    \Driver\sptd \Device\427218110                                                                                      spmv.sys
Device    \Driver\axvjomqf \Device\Scsi\axvjomqf1Port2Path0Target0Lun0                                                        86422500
Device    \Driver\axvjomqf \Device\Scsi\axvjomqf1                                                                              86422500
Device    \Driver\axvjomqf \Device\Scsi\axvjomqf1Port2Path0Target2Lun0                                                        86422500
Device    \Driver\axvjomqf \Device\Scsi\axvjomqf1Port2Path0Target3Lun0                                                        86422500
Device    \Driver\axvjomqf \Device\Scsi\axvjomqf1Port2Path0Target1Lun0                                                        86422500
Device    \FileSystem\Cdfs \Cdfs                                                                                              85E3C500

---- Registry - GMER 1.0.15 ----

Reg      HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)               
Reg      HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg      HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                  0xCF 0x91 0x43 0x7F ...
Reg      HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)       
Reg      HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xA4 0x3E 0x42 0x54 ...
Reg      HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) 
Reg      HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0xA2 0x68 0x37 0x43 ...
Reg      HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) 
Reg      HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0xF8 0xCE 0xB2 0xD1 ...
Reg      HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet) 
Reg      HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh                    0x42 0x99 0x13 0xCC ...
Reg      HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet) 
Reg      HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh                    0x37 0x77 0xC2 0x6E ...
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)               
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                  0xCF 0x91 0x43 0x7F ...
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)       
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xA4 0x3E 0x42 0x54 ...
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) 
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0xA2 0x68 0x37 0x43 ...
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) 
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0xF8 0xCE 0xB2 0xD1 ...
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet) 
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh                    0x42 0x99 0x13 0xCC ...
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet) 
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh                    0x37 0x77 0xC2 0x6E ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                   
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  C:\Programme\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                              0xCF 0x91 0x43 0x7F ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                           
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0xA4 0x3E 0x42 0x54 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                     
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0xA2 0x68 0x37 0x43 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41                     
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                0xF8 0xCE 0xB2 0xD1 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42                     
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh                0x42 0x99 0x13 0xCC ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43                     
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh                0x37 0x77 0xC2 0x6E ...

---- EOF - GMER 1.0.15 ----
-----------------------------------
UND last but not least von Rootrepeal, alle Häkchen aktiviert:

Code:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:                2010/10/04 18:04
Program Version:                Version 1.3.5.0
Windows Version:                Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA355000        Size: 98304        File Visible: No        Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7AB8000        Size: 8192        File Visible: No        Signed: -
Status: -

Name: PCI_PNP6070
Image Path: \Driver\PCI_PNP6070
Address: 0x00000000        Size: 0        File Visible: No        Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA957F000        Size: 49152        File Visible: No        Signed: -
Status: -

Name: spjc.sys
Image Path: spjc.sys
Address: 0xF7387000        Size: 1048576        File Visible: No        Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000        Size: 0        File Visible: No        Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\Dokumente und Einstellungen\Dome\Anwendungsdaten\Mozilla\Firefox\Profiles\165y198c.default\sessionstore.js
Status: Could not get file information (Error 0xc0000008)

SSDT
-------------------
#: 041        Function Name: NtCreateKey
Status: Hooked by "spjc.sys" at address 0xf73880e0

#: 071        Function Name: NtEnumerateKey
Status: Hooked by "spjc.sys" at address 0xf73a6ca2

#: 073        Function Name: NtEnumerateValueKey
Status: Hooked by "spjc.sys" at address 0xf73a7030

#: 119        Function Name: NtOpenKey
Status: Hooked by "spjc.sys" at address 0xf73880c0

#: 160        Function Name: NtQueryKey
Status: Hooked by "spjc.sys" at address 0xf73a7108

#: 177        Function Name: NtQueryValueKey
Status: Hooked by "spjc.sys" at address 0xf73a6f88

#: 247        Function Name: NtSetValueKey
Status: Hooked by "spjc.sys" at address 0xf73a719a

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System        Address: 0x865681f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System        Address: 0x865681f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System        Address: 0x865681f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System        Address: 0x865681f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System        Address: 0x865681f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System        Address: 0x865681f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System        Address: 0x865681f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System        Address: 0x865681f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System        Address: 0x865681f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System        Address: 0x865681f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System        Address: 0x865681f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System        Address: 0x865681f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System        Address: 0x865681f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x865681f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System        Address: 0x865681f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System        Address: 0x865681f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System        Address: 0x865681f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System        Address: 0x865681f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System        Address: 0x865681f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System        Address: 0x865681f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System        Address: 0x865681f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System        Address: 0x865681f8        Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System        Address: 0x8645a1f8        Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System        Address: 0x8645a1f8        Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8645a1f8        Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x8645a1f8        Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System        Address: 0x8645a1f8        Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x8645a1f8        Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System        Address: 0x8645a1f8        Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System        Address: 0x865da1f8        Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System        Address: 0x865da1f8        Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System        Address: 0x865da1f8        Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System        Address: 0x865da1f8        Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x865da1f8        Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x865da1f8        Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System        Address: 0x865da1f8        Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System        Address: 0x865da1f8        Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System        Address: 0x865da1f8        Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x865da1f8        Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System        Address: 0x865da1f8        Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System        Address: 0x85e9a1f8        Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System        Address: 0x85e9a1f8        Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x85e9a1f8        Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x85e9a1f8        Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System        Address: 0x85e9a1f8        Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System        Address: 0x85e9a1f8        Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System        Address: 0x863cf1f8        Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System        Address: 0x863cf1f8        Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System        Address: 0x863cf1f8        Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System        Address: 0x863cf1f8        Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System        Address: 0x863cf1f8        Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x863cf1f8        Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x863cf1f8        Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System        Address: 0x863cf1f8        Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System        Address: 0x863cf1f8        Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x863cf1f8        Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System        Address: 0x863cf1f8        Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System        Address: 0x8652b3e8        Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System        Address: 0x8652b3e8        Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8652b3e8        Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x8652b3e8        Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System        Address: 0x8652b3e8        Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x8652b3e8        Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System        Address: 0x8652b3e8        Size: 121

Object: Hidden Code [Driver: ae4z893t؅䵃慄؁ఉ瑎捦܉@考, IRP_MJ_CREATE]
Process: System        Address: 0x864241f8        Size: 121

Object: Hidden Code [Driver: ae4z893t؅䵃慄؁ఉ瑎捦܉@考, IRP_MJ_CLOSE]
Process: System        Address: 0x864241f8        Size: 121

Object: Hidden Code [Driver: ae4z893t؅䵃慄؁ఉ瑎捦܉@考, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x864241f8        Size: 121

Object: Hidden Code [Driver: ae4z893t؅䵃慄؁ఉ瑎捦܉@考, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x864241f8        Size: 121

Object: Hidden Code [Driver: ae4z893t؅䵃慄؁ఉ瑎捦܉@考, IRP_MJ_POWER]
Process: System        Address: 0x864241f8        Size: 121

Object: Hidden Code [Driver: ae4z893t؅䵃慄؁ఉ瑎捦܉@考, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x864241f8        Size: 121

Object: Hidden Code [Driver: ae4z893t؅䵃慄؁ఉ瑎捦܉@考, IRP_MJ_PNP]
Process: System        Address: 0x864241f8        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System        Address: 0x85e581f8        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System        Address: 0x85e581f8        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System        Address: 0x85e581f8        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System        Address: 0x85e581f8        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System        Address: 0x85e581f8        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System        Address: 0x85e581f8        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System        Address: 0x85e581f8        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System        Address: 0x85e581f8        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System        Address: 0x85e581f8        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System        Address: 0x85e581f8        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System        Address: 0x85e581f8        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System        Address: 0x85e581f8        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System        Address: 0x85e581f8        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System        Address: 0x85e581f8        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x85e581f8        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x85e581f8        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System        Address: 0x85e581f8        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System        Address: 0x85e581f8        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System        Address: 0x85e581f8        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System        Address: 0x85e581f8        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System        Address: 0x85e581f8        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System        Address: 0x85e581f8        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System        Address: 0x85e581f8        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x85e581f8        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System        Address: 0x85e581f8        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System        Address: 0x85e581f8        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System        Address: 0x85e581f8        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System        Address: 0x85e581f8        Size: 121

Object: Hidden Code [Driver: Cdfs؅敓捁尀ﰀ؂ఆ䵃킘ﺠ, IRP_MJ_CREATE]
Process: System        Address: 0x85e2a1f8        Size: 121

Object: Hidden Code [Driver: Cdfs؅敓捁尀ﰀ؂ఆ䵃킘ﺠ, IRP_MJ_CLOSE]
Process: System        Address: 0x85e2a1f8        Size: 121

Object: Hidden Code [Driver: Cdfs؅敓捁尀ﰀ؂ఆ䵃킘ﺠ, IRP_MJ_READ]
Process: System        Address: 0x85e2a1f8        Size: 121

Object: Hidden Code [Driver: Cdfs؅敓捁尀ﰀ؂ఆ䵃킘ﺠ, IRP_MJ_QUERY_INFORMATION]
Process: System        Address: 0x85e2a1f8        Size: 121

Object: Hidden Code [Driver: Cdfs؅敓捁尀ﰀ؂ఆ䵃킘ﺠ, IRP_MJ_SET_INFORMATION]
Process: System        Address: 0x85e2a1f8        Size: 121

Object: Hidden Code [Driver: Cdfs؅敓捁尀ﰀ؂ఆ䵃킘ﺠ, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System        Address: 0x85e2a1f8        Size: 121

Object: Hidden Code [Driver: Cdfs؅敓捁尀ﰀ؂ఆ䵃킘ﺠ, IRP_MJ_DIRECTORY_CONTROL]
Process: System        Address: 0x85e2a1f8        Size: 121

Object: Hidden Code [Driver: Cdfs؅敓捁尀ﰀ؂ఆ䵃킘ﺠ, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System        Address: 0x85e2a1f8        Size: 121

Object: Hidden Code [Driver: Cdfs؅敓捁尀ﰀ؂ఆ䵃킘ﺠ, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x85e2a1f8        Size: 121

Object: Hidden Code [Driver: Cdfs؅敓捁尀ﰀ؂ఆ䵃킘ﺠ, IRP_MJ_SHUTDOWN]
Process: System        Address: 0x85e2a1f8        Size: 121

Object: Hidden Code [Driver: Cdfs؅敓捁尀ﰀ؂ఆ䵃킘ﺠ, IRP_MJ_LOCK_CONTROL]
Process: System        Address: 0x85e2a1f8        Size: 121

Object: Hidden Code [Driver: Cdfs؅敓捁尀ﰀ؂ఆ䵃킘ﺠ, IRP_MJ_CLEANUP]
Process: System        Address: 0x85e2a1f8        Size: 121

Object: Hidden Code [Driver: Cdfs؅敓捁尀ﰀ؂ఆ䵃킘ﺠ, IRP_MJ_PNP]
Process: System        Address: 0x85e2a1f8        Size: 121

==EOF==
--------------------

Ok ich gebe zu, das ist nicht wenig :rolleyes: aber dann dürften fürs erste keine Fragen offen bleiben ;). Ich hoffe wirklich, dass mir hier jemand helfen kann und möchte und dass ich nicht wieder vergessen werde :D
Nun gut Spaß beiseite, ich fänds also echt klasse, wenn mir jemand helfen köönnte und lasst euch nicht von der Masse von Infos erschlagen!

Grüße
Demonico

cosinus 04.10.2010 19:52
Wenn Du schon ein Crossposting machst dann musst Du auch netterweise den Link zu dem Strang im anderen Board posten.

Demonico 04.10.2010 19:57
Oh tut mir leid :stirn:hab ich doch glatt das wichtigste vergessen ...
Mit dem Crossposting hab ich mir auch wirklich viel Zeit gelassen, wie man ja an dem Datum der letzten Posts in dem anderen Board sehen kann. Ich wollte das ja auch vermeiden und deshalb eben sichergehen, dass dieser Fall, dass mehrere Foren sich damit beschäftigen nicht eintritt... deswegen hab ich ja auch so lange gewartet :(

Link:
hxxp://forum.giga.de/showthread.php?p=1058535628#post1058535628

cosinus 04.10.2010 20:13
Ist schon ein bisschen her....
Mach als erstes nochmal nen Vollscan mit aktuellem Malwarebytes.

Demonico 04.10.2010 21:27
Ok erledigt hier das Logfile:

Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4742

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

04.10.2010 22:12:23
mbam-log-2010-10-04 (22-12-23).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 188228
Laufzeit: 24 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\Dome\Desktop\RSD 0.61\Reconnector\nc.exe (PUP.KeyLogger) -> No action taken.
Der hat doch tatsächlich noch was gefunden! Bislang hab ich das noch nicht unter Quarantäne gestellt... sollte ich aber doch lieber machen nehme ich an oder? Ich bin mir da bloß so unsicher, weil das eben in meinem Reconnector Ordner hockt, aber das hat bestimmt wieder nichts zu sagen. Soll ich das vllt vorher bei Virustotal oder so hochladen?

Gruß,
Demonico

cosinus 05.10.2010 19:19
Das Programm musst Du doch kennen! Wieso liegt es sonst auf dem Desktop?
Diese nc.exe wird aber oft von Malwarebytes bemängelt...

Mach mal neue OTL-Logs:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Demonico 05.10.2010 19:46
Das Programm kenn ich schon deshalb, war ich ja so vorsichtig und habs erstmal nicht gelöscht ;) aber hier der OTL Scan:
So das Otl.txt:
OTL Logfile:
Code:
OTL logfile created on: 05.10.2010 20:35:51 - Run 8
OTL by OldTimer - Version 3.2.5.0    Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.015,00 Mb Total Physical Memory | 530,00 Mb Available Physical Memory | 52,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,05 Gb Total Space | 107,51 Gb Free Space | 72,13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NETBOOK
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Programme\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (VIAHdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (rtl8187Se) -- C:\WINDOWS\system32\drivers\rtl8187Se.sys (Realtek Semiconductor Corporation                          )
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.19 14:29:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.19 14:29:43 | 000,000,000 | ---D | M]
 
[2009.12.02 18:48:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2010.10.04 17:12:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\165y198c.default\extensions
[2009.12.03 00:23:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\165y198c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.29 09:38:13 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.08.19 14:29:35 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.19 14:29:35 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.19 14:29:35 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.19 14:29:35 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.19 14:29:35 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.04 23:16:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [RegistryBooster] C:\Dokumente und Einstellungen\***\Desktop\RegistryBooster\launcher.exe File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows Search.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.09.18 21:19:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.04 21:03:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Uniblue
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.05 14:47:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.10.05 14:47:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.05 14:47:34 | 1064,685,568 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.04 22:38:50 | 003,932,160 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT
[2010.10.04 22:38:50 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini
[2010.10.04 18:03:58 | 000,000,015 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\settings.dat
[2010.10.04 16:57:40 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
 
========== Files Created - No Company Name ==========
 
[2010.10.04 18:02:18 | 000,000,015 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\settings.dat
[2009.12.12 18:24:05 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009.12.06 18:12:52 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.11.28 22:55:46 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009.11.28 22:55:39 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009.09.22 14:31:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009.09.21 10:45:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Belinea.ini
[2009.09.18 14:13:29 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2009.06.26 16:51:30 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.05.26 22:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 22:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 22:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008.02.15 13:21:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
 
========== LOP Check ==========
 
[2010.08.05 08:32:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\96B0EE00D6ADE293A7082DD46387B32C
[2009.12.06 18:12:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools
[2009.11.29 13:57:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org
[2009.11.29 13:11:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ScummVM
[2009.12.21 14:14:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Teeworlds
[2010.10.04 21:03:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Uniblue
[2009.09.21 15:13:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Desktop Search
[2009.11.30 18:29:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Search
 
========== Purity Check ==========
 
< End of report >
--- --- ---

[/code]

und die extras.txt:

OTL Logfile:
Code:
OTL Extras logfile created on: 05.10.2010 20:35:51 - Run 8
OTL by OldTimer - Version 3.2.5.0    Folder = C:\Dokumente und Einstellungen\Dome\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.015,00 Mb Total Physical Memory | 530,00 Mb Available Physical Memory | 52,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,05 Gb Total Space | 107,51 Gb Free Space | 72,13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NETBOOK
Current User Name: Dome
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Warcraft III\Warcraft III.exe" = C:\Programme\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37155929-A51F-4BAB-B141-50B341F3299C}" = Desperados 2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{BFBB91DB-9F0F-4A9C-9669-A97DA3512CF2}" = RealSpeak Solo fur Deutsch - Steffi
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4EEC21C-04F0-4CF4-8078-82C11E38EF11}" = REALTEK RTL8187SE Wireless LAN Driver
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Belinea_is1" = Belinea
"Desperados 2 Update v1.01" = Desperados 2 Update v1.01
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Homeworld2" = Homeworld2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ScummVM_is1" = ScummVM SVN
"VLC media player" = VLC media player 1.0.1
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.08.2010 03:29:01 | Computer Name = NETBOOK | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
 
Error - 02.08.2010 08:34:13 | Computer Name = NETBOOK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung 0.exe, Version 6.1.0.0, fehlgeschlagenes
 Modul 0.exe, Version 6.1.0.0, Fehleradresse 0x00004327.
 
Error - 02.08.2010 08:34:37 | Computer Name = NETBOOK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul
 unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
 
Error - 02.08.2010 13:25:10 | Computer Name = NETBOOK | Source = Application Error | ID = 1004
Description = Fehlgeschlagene Anwendung svchost.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
 
Error - 07.08.2010 14:44:50 | Computer Name = NETBOOK | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 07.08.2010 14:44:50 | Computer Name = NETBOOK | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 09.08.2010 13:39:57 | Computer Name = NETBOOK | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung s11580co.exe, Version 1.0.15.15281, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 14.08.2010 12:32:01 | Computer Name = NETBOOK | Source = Windows Search Service | ID = 3024
Description = Die Aktualisierung kann nicht gestartet werden, da kein Zugriff auf
 die Inhaltsquellen bestand. Beheben Sie die Fehler, und starten Sie die Aktualisierung
 erneut.  Kontext:  Anwendung, SystemIndex Katalog
 
Error - 19.08.2010 08:49:38 | Computer Name = NETBOOK | Source = Windows Search Service | ID = 3024
Description = Die Aktualisierung kann nicht gestartet werden, da kein Zugriff auf
 die Inhaltsquellen bestand. Beheben Sie die Fehler, und starten Sie die Aktualisierung
 erneut.  Kontext:  Anwendung, SystemIndex Katalog
 
Error - 04.09.2010 19:03:34 | Computer Name = NETBOOK | Source = Windows Search Service | ID = 3024
Description = Die Aktualisierung kann nicht gestartet werden, da kein Zugriff auf
 die Inhaltsquellen bestand. Beheben Sie die Fehler, und starten Sie die Aktualisierung
 erneut.  Kontext:  Anwendung, SystemIndex Katalog
 
[ System Events ]
Error - 02.09.2010 11:10:03 | Computer Name = NETBOOK | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
 beendet:  %%2
 
Error - 04.09.2010 08:45:01 | Computer Name = NETBOOK | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 04.09.2010 08:45:06 | Computer Name = NETBOOK | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
 beendet:  %%2
 
Error - 04.09.2010 19:00:19 | Computer Name = NETBOOK | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 04.09.2010 19:00:24 | Computer Name = NETBOOK | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
 beendet:  %%2
 
Error - 04.10.2010 10:57:46 | Computer Name = NETBOOK | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 04.10.2010 10:57:56 | Computer Name = NETBOOK | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
 beendet:  %%2
 
Error - 05.10.2010 08:47:49 | Computer Name = NETBOOK | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
 
Error - 05.10.2010 08:47:53 | Computer Name = NETBOOK | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
 beendet:  %%2
 
Error - 05.10.2010 09:01:14 | Computer Name = NETBOOK | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "wuauserv"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
 
< End of report >
--- --- ---

[/code]

Gruß und Danke
Demonico

cosinus 05.10.2010 20:06
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
[2010.08.05 08:32:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\96B0EE00D6ADE293A7082DD46387B32C
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Demonico 05.10.2010 20:17
ok Erledigt ! :

Code:
All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
C:\Dokumente und Einstellungen\Dome\Anwendungsdaten\96B0EE00D6ADE293A7082DD46387B32C folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Dome
->Temp folder emptied: 340645842 bytes
->Temporary Internet Files folder emptied: 6230920 bytes
->Java cache emptied: 134541 bytes
->FireFox cache emptied: 86830795 bytes
->Flash cache emptied: 2259 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2853182 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 417,00 mb
 
 
OTL by OldTimer - Version 3.2.5.0 log created on 10052010_211319

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Gruß
Demonico

Demonico 05.10.2010 21:08
Offensichtlich scheint jetzt alles wieder in Ordnung zu sein :daumenhoc
Jetzt kann ich endlich wieder beruhigt schlafen :D
Also danke vielmals!
Ich geb einen aus :D :party:

cosinus 05.10.2010 21:18
Führ nochmal CF aus, mit ner neuen combofix.exe zu cofi.exe umbenannt:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Demonico 05.10.2010 21:53
Gesagt getan! Mit dem CCleaner hab ich alles gelöscht und es sind keine unlöschbaren Registries übrig geblieben.
Zu Combofix:
Erstmal allgemein: Warum musste man die .exe eigentllich umbenennen?
Dann als ich Combofix gestartet habe, kam erstmal ne leere Textbox, mit dem Titel Fehler, da hab ich dann auf "ok" gedrückt und das System hat sich neugestartet, dann ging alles ohne Probleme, kp was das jetzt war. Aber hier das Abschlusslog:

[Code]
Combofix Logfile:
Code:
ComboFix 10-10-05.01 - Dome 05.10.2010  22:39:56.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1015.653 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Dome\Desktop\Cofi.exe
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\Administrator\Anwendungsdaten\0200000053a258f3922C.manifest
c:\dokumente und einstellungen\Administrator\Anwendungsdaten\0200000053a258f3922O.manifest
c:\dokumente und einstellungen\Administrator\Anwendungsdaten\0200000053a258f3922P.manifest
c:\dokumente und einstellungen\Administrator\Anwendungsdaten\0200000053a258f3922S.manifest
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr0.dat
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr1.dat
c:\dokumente und einstellungen\Dome\Anwendungsdaten\0200000053a258f3922C.manifest
c:\dokumente und einstellungen\Dome\Anwendungsdaten\0200000053a258f3922O.manifest
c:\dokumente und einstellungen\Dome\Anwendungsdaten\0200000053a258f3922P.manifest
c:\dokumente und einstellungen\Dome\Anwendungsdaten\0200000053a258f3922S.manifest

----- BITS: Eventuell infizierte Webseiten -----

hxxp://au.downlj+|Cv+@J:NGD_DQ{zGD_DQ{zGD_DQ{zGD_DQ{z+@J:Nj+|Cv
.
(((((((((((((((((((((((  Dateien erstellt von 2010-09-05 bis 2010-10-05  ))))))))))))))))))))))))))))))
.

2010-10-05 20:28 . 2010-10-05 20:28        --------        d-----w-        c:\programme\CCleaner
2010-10-04 19:03 . 2010-10-04 19:03        --------        d-----w-        c:\dokumente und einstellungen\Dome\Anwendungsdaten\Uniblue

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-11 20:15 . 2009-11-29 11:58        1        ----a-w-        c:\dokumente und einstellungen\Dome\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-07 13:12 . 2009-06-26 14:36        477784        ----a-w-        c:\windows\system32\perfh007.dat
2010-08-07 13:12 . 2009-06-26 14:36        92164        ----a-w-        c:\windows\system32\perfc007.dat
.

(((((((((((((((((((((((((((((  SnapShot@2010-08-04_21.16.58  )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-05 20:37 . 2010-10-05 20:37        16384              c:\windows\Temp\Perflib_Perfdata_544.dat
+ 2009-06-26 14:33 . 2010-04-21 13:28        46080              c:\windows\system32\tzchange.exe
- 2009-06-26 14:33 . 2009-10-28 15:07        46080              c:\windows\system32\tzchange.exe
+ 2010-03-30 22:16 . 2010-03-30 22:16        99176              c:\windows\system32\PresentationHostProxy.dll
- 2009-06-26 14:30 . 2009-10-29 07:41        44544              c:\windows\system32\pngfilt.dll
+ 2009-06-26 14:30 . 2010-05-04 17:14        44544              c:\windows\system32\pngfilt.dll
- 2009-06-26 14:23 . 2010-05-21 11:48        69278              c:\windows\system32\perfc009.dat
+ 2009-06-26 14:23 . 2010-08-07 13:12        69278              c:\windows\system32\perfc009.dat
+ 2009-11-06 23:07 . 2009-11-06 23:07        49488              c:\windows\system32\netfxperf.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07        11600              c:\windows\system32\mui\0409\mscorees.dll
+ 2008-04-14 07:52 . 2009-11-27 17:11        17920              c:\windows\system32\msyuv.dll
+ 2009-06-26 14:29 . 2009-11-27 16:08        28672              c:\windows\system32\msvidc32.dll
- 2009-06-26 14:29 . 2008-04-14 12:00        11264              c:\windows\system32\msrle32.dll
+ 2009-06-26 14:29 . 2009-11-27 16:08        11264              c:\windows\system32\msrle32.dll
- 2007-08-13 16:54 . 2009-10-29 07:40        52224              c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 16:54 . 2010-05-04 17:14        52224              c:\windows\system32\msfeedsbs.dll
- 2009-06-26 14:27 . 2009-10-29 07:40        27648              c:\windows\system32\jsproxy.dll
+ 2009-06-26 14:27 . 2010-05-04 17:14        27648              c:\windows\system32\jsproxy.dll
+ 2008-04-14 07:52 . 2009-11-27 16:08        48128              c:\windows\system32\iyuv_32.dll
+ 2007-08-13 16:39 . 2010-05-04 12:39        13824              c:\windows\system32\ieudinit.exe
- 2007-08-13 16:39 . 2009-10-28 14:35        13824              c:\windows\system32\ieudinit.exe
+ 2009-06-26 14:27 . 2010-05-04 17:14        44544              c:\windows\system32\iernonce.dll
- 2009-06-26 14:27 . 2009-10-29 07:40        44544              c:\windows\system32\iernonce.dll
- 2009-06-26 14:27 . 2009-10-29 07:40        78336              c:\windows\system32\ieencode.dll
+ 2009-06-26 14:27 . 2010-05-04 17:14        78336              c:\windows\system32\ieencode.dll
+ 2009-06-26 14:22 . 2010-05-04 12:39        70656              c:\windows\system32\ie4uinit.exe
- 2009-06-26 14:22 . 2009-10-28 14:35        70656              c:\windows\system32\ie4uinit.exe
- 2007-08-13 16:36 . 2009-10-29 07:40        63488              c:\windows\system32\icardie.dll
+ 2007-08-13 16:36 . 2010-05-04 17:14        63488              c:\windows\system32\icardie.dll
- 2009-06-26 14:26 . 2009-07-29 04:34        81920              c:\windows\system32\fontsub.dll
+ 2009-06-26 14:26 . 2009-10-15 16:28        81920              c:\windows\system32\fontsub.dll
+ 2010-08-04 21:22 . 2010-04-29 13:39        38224              c:\windows\system32\drivers\mbamswissarmy.sys
+ 2010-08-04 21:22 . 2010-04-29 13:39        20952              c:\windows\system32\drivers\mbam.sys
- 2009-06-26 14:30 . 2009-10-29 07:41        44544              c:\windows\system32\dllcache\pngfilt.dll
+ 2009-06-26 14:30 . 2010-05-04 17:14        44544              c:\windows\system32\dllcache\pngfilt.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11        17920              c:\windows\system32\dllcache\msyuv.dll
+ 2009-06-26 14:29 . 2009-11-27 16:08        28672              c:\windows\system32\dllcache\msvidc32.dll
+ 2009-06-26 14:29 . 2009-11-27 16:08        11264              c:\windows\system32\dllcache\msrle32.dll
- 2009-06-26 14:29 . 2008-04-14 12:00        11264              c:\windows\system32\dllcache\msrle32.dll
- 2009-09-18 15:03 . 2009-10-29 07:40        52224              c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-09-18 15:03 . 2010-05-04 17:14        52224              c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-06-26 14:27 . 2009-10-29 07:40        27648              c:\windows\system32\dllcache\jsproxy.dll
+ 2009-06-26 14:27 . 2010-05-04 17:14        27648              c:\windows\system32\dllcache\jsproxy.dll
+ 2009-11-27 16:08 . 2009-11-27 16:08        48128              c:\windows\system32\dllcache\iyuv_32.dll
+ 2009-09-18 15:03 . 2010-05-04 12:39        13824              c:\windows\system32\dllcache\ieudinit.exe
- 2009-09-18 15:03 . 2009-10-28 14:35        13824              c:\windows\system32\dllcache\ieudinit.exe
+ 2009-06-26 14:27 . 2010-05-04 17:14        44544              c:\windows\system32\dllcache\iernonce.dll
- 2009-06-26 14:27 . 2009-10-29 07:40        44544              c:\windows\system32\dllcache\iernonce.dll
+ 2009-06-26 14:27 . 2010-05-04 17:14        78336              c:\windows\system32\dllcache\ieencode.dll
- 2009-06-26 14:27 . 2009-10-29 07:40        78336              c:\windows\system32\dllcache\ieencode.dll
- 2009-06-26 14:22 . 2009-10-28 14:35        70656              c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-06-26 14:22 . 2010-05-04 12:39        70656              c:\windows\system32\dllcache\ie4uinit.exe
- 2009-09-18 15:03 . 2009-10-29 07:40        63488              c:\windows\system32\dllcache\icardie.dll
+ 2009-09-18 15:03 . 2010-05-04 17:14        63488              c:\windows\system32\dllcache\icardie.dll
+ 2009-06-26 14:26 . 2009-10-15 16:28        81920              c:\windows\system32\dllcache\fontsub.dll
- 2009-06-26 14:26 . 2009-07-29 04:34        81920              c:\windows\system32\dllcache\fontsub.dll
+ 2009-06-26 14:22 . 2009-12-14 07:08        33280              c:\windows\system32\dllcache\csrsrv.dll
+ 2009-06-26 14:24 . 2010-05-04 17:14        17408              c:\windows\system32\dllcache\corpol.dll
- 2009-06-26 14:24 . 2009-10-29 07:40        17408              c:\windows\system32\dllcache\corpol.dll
+ 2009-06-26 14:24 . 2010-01-13 14:00        86528              c:\windows\system32\dllcache\cabview.dll
+ 2009-06-26 14:22 . 2009-11-27 16:08        85504              c:\windows\system32\dllcache\avifil32.dll
- 2009-06-26 14:22 . 2009-06-10 14:13        85504              c:\windows\system32\dllcache\avifil32.dll
+ 2009-06-26 14:23 . 2010-03-05 14:37        65536              c:\windows\system32\dllcache\asycfilt.dll
+ 2009-06-26 14:22 . 2009-12-14 07:08        33280              c:\windows\system32\csrsrv.dll
+ 2009-06-26 14:24 . 2010-05-04 17:14        17408              c:\windows\system32\corpol.dll
- 2009-06-26 14:24 . 2009-10-29 07:40        17408              c:\windows\system32\corpol.dll
+ 2009-06-26 14:24 . 2010-01-13 14:00        86528              c:\windows\system32\cabview.dll
+ 2009-06-26 14:22 . 2009-11-27 16:08        85504              c:\windows\system32\avifil32.dll
- 2009-06-26 14:22 . 2009-06-10 14:13        85504              c:\windows\system32\avifil32.dll
+ 2009-06-26 14:23 . 2010-03-05 14:37        65536              c:\windows\system32\asycfilt.dll
+ 2010-04-07 21:48 . 2010-04-07 21:48        32768              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
- 2008-07-29 17:16 . 2008-07-29 17:16        32768              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07        13648              c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2010-03-23 03:31 . 2010-03-23 03:31        30544              c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-04-01 09:42 . 2010-04-01 09:42        81920              c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2008-05-27 23:49 . 2008-05-27 23:49        77824              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2010-03-31 12:51 . 2010-03-31 12:51        77824              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2008-05-27 23:49 . 2008-05-27 23:49        86016              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-03-31 12:51 . 2010-03-31 12:51        86016              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-03-31 12:51 . 2010-03-31 12:51        81920              c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2008-05-27 23:49 . 2008-05-27 23:49        81920              c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2008-05-28 00:30 . 2008-05-28 00:30        32768              c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-03-31 13:32 . 2010-03-31 13:32        32768              c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-03-31 13:32 . 2010-03-31 13:32        24576              c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2003-02-20 17:19 . 2003-02-20 17:19        24576              c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07        13648              c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07        13648              c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07        13648              c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07        13648              c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07        13664              c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07        13688              c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07        13664              c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07        13696              c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07        13656              c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07        13656              c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07        13656              c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07        13672              c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07        13664              c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07        86864              c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2010-08-05 15:07 . 2009-10-29 07:41        44544              c:\windows\ie7updates\KB982381-IE7\pngfilt.dll
+ 2010-08-05 15:07 . 2009-10-29 07:40        52224              c:\windows\ie7updates\KB982381-IE7\msfeedsbs.dll
+ 2010-08-05 15:07 . 2009-10-29 07:40        27648              c:\windows\ie7updates\KB982381-IE7\jsproxy.dll
+ 2010-08-05 15:07 . 2009-10-28 14:35        13824              c:\windows\ie7updates\KB982381-IE7\ieudinit.exe
+ 2010-08-05 15:07 . 2009-10-29 07:40        44544              c:\windows\ie7updates\KB982381-IE7\iernonce.dll
+ 2010-08-05 15:07 . 2009-10-29 07:40        78336              c:\windows\ie7updates\KB982381-IE7\ieencode.dll
+ 2010-08-05 15:07 . 2009-10-28 14:35        70656              c:\windows\ie7updates\KB982381-IE7\ie4uinit.exe
+ 2010-08-05 15:07 . 2009-10-29 07:40        63488              c:\windows\ie7updates\KB982381-IE7\icardie.dll
+ 2010-08-05 15:07 . 2009-10-29 07:40        17408              c:\windows\ie7updates\KB982381-IE7\corpol.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11        17920              c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:08 . 2009-11-27 16:08        48128              c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2010-08-07 13:18 . 2010-08-07 13:18        90112              c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_62fb6c9c\System.Drawing.Design.dll
+ 2010-08-07 13:18 . 2010-08-07 13:18        61440              c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_8a851484\CustomMarshalers.dll
+ 2010-08-07 13:17 . 2010-08-07 13:17        60928              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ea1b4fbde0e772748c6ac42d627cf684\UIAutomationProvider.ni.dll
+ 2010-08-07 13:26 . 2010-08-07 13:26        37888              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\f46915dfc57bc7e49c5402e9b8f7ec18\System.Windows.Presentation.ni.dll
+ 2010-08-06 13:19 . 2010-08-06 13:19        36864              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\1464c662c302ea6372a885161b983732\System.Web.DynamicData.Design.ni.dll
+ 2010-08-06 13:15 . 2010-08-06 13:15        94208              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\5d535ecadf77ac2d9278a1661beb2855\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-08-07 13:15 . 2010-08-07 13:15        47104              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\18729514178d458aa1225dd068718d4e\PresentationFontCache.ni.exe
+ 2010-08-07 13:13 . 2010-08-07 13:13        39424              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\0375dfa28e2f6ef7e89df9edede4b83d\PresentationCFFRasterizer.ni.dll
+ 2010-08-06 13:18 . 2010-08-06 13:18        55296              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\4a52287444c36c89310856b38ff52fe0\Microsoft.Vsa.ni.dll
- 2009-12-02 15:32 . 2009-12-02 15:32        77824              c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        77824              c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-09-21 12:01 . 2009-09-21 12:01        32768              c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-08-05 15:14 . 2010-08-05 15:14        32768              c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2009-12-02 15:32 . 2009-12-02 15:32        81920              c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-08-07 13:11 . 2010-08-07 13:11        81920              c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-12-02 15:33 . 2009-12-02 15:33        81920              c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        81920              c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-12-02 15:32 . 2009-12-02 15:32        32768              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        32768              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-12-02 15:32 . 2009-12-02 15:32        12800              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        12800              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-12-02 15:32 . 2009-12-02 15:32        28672              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        28672              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        77824              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-12-02 15:33 . 2009-12-02 15:33        77824              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        36864              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-12-02 15:33 . 2009-12-02 15:33        36864              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-12-02 15:32 . 2009-12-02 15:32        77824              c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        77824              c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-12-02 15:32 . 2009-12-02 15:32        13312              c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        13312              c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-12-02 15:32 . 2009-12-02 15:32        10752              c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        10752              c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        72192              c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-12-02 15:32 . 2009-12-02 15:32        72192              c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        69120              c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-12-02 15:32 . 2009-12-02 15:32        69120              c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-08-07 13:18 . 2010-08-07 13:18        81920              c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-08-07 13:07 . 2009-10-28 15:07        46080              c:\windows\$NtUninstallKB981793$\tzchange.exe
+ 2010-08-07 13:07 . 2010-04-22 22:21        16896              c:\windows\$NtUninstallKB981793$\spuninst\tzchange.dll
+ 2010-08-07 13:06 . 2008-04-14 12:00        65024              c:\windows\$NtUninstallKB979482$\asycfilt.dll
+ 2010-08-07 13:06 . 2008-04-14 12:00        84992              c:\windows\$NtUninstallKB979309$\cabview.dll
+ 2010-08-07 13:16 . 2008-04-14 12:00        32256              c:\windows\$NtUninstallKB978037$\csrsrv.dll
+ 2010-08-07 13:07 . 2008-04-14 12:00        25600              c:\windows\$NtUninstallKB977914$\msvidc32.dll
+ 2010-08-07 13:07 . 2008-04-14 12:00        11264              c:\windows\$NtUninstallKB977914$\msrle32.dll
+ 2010-08-07 13:07 . 2008-04-14 12:00        47616              c:\windows\$NtUninstallKB977914$\iyuv_32.dll
+ 2010-08-07 13:07 . 2009-06-10 14:13        85504              c:\windows\$NtUninstallKB977914$\avifil32.dll
+ 2010-08-07 13:07 . 2008-04-14 12:00        16896              c:\windows\$NtUninstallKB975560$\msyuv.dll
+ 2010-08-07 13:16 . 2009-07-29 04:34        81920              c:\windows\$NtUninstallKB972270$\fontsub.dll
+ 2010-08-05 15:07 . 2008-07-08 13:00        26488              c:\windows\$hf_mig$\KB982381-IE7\update\spcustom.dll
+ 2010-08-05 15:07 . 2008-07-08 13:00        18808              c:\windows\$hf_mig$\KB982381-IE7\spmsg.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48        44544              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\pngfilt.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48        52224              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\msfeedsbs.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48        27648              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\jsproxy.dll
+ 2010-05-04 13:19 . 2010-05-04 13:19        13824              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieudinit.exe
+ 2010-05-04 16:48 . 2010-05-04 16:48        44544              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iernonce.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48        78336              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieencode.dll
+ 2010-05-04 13:19 . 2010-05-04 13:19        70656              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ie4uinit.exe
+ 2010-05-04 16:48 . 2010-05-04 16:48        63488              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\icardie.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48        17408              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\corpol.dll
+ 2010-08-07 13:17 . 2009-05-26 11:40        26488              c:\windows\$hf_mig$\KB981349\update\spcustom.dll
+ 2010-08-07 13:17 . 2009-05-26 11:40        18808              c:\windows\$hf_mig$\KB981349\spmsg.dll
+ 2010-08-07 13:18 . 2009-05-26 09:01        26488              c:\windows\$hf_mig$\KB980232\update\spcustom.dll
+ 2010-08-07 13:18 . 2009-05-26 09:01        18808              c:\windows\$hf_mig$\KB980232\spmsg.dll
+ 2010-08-07 13:19 . 2009-05-26 11:40        26488              c:\windows\$hf_mig$\KB980218\update\spcustom.dll
+ 2010-08-07 13:19 . 2009-05-26 11:40        18808              c:\windows\$hf_mig$\KB980218\spmsg.dll
+ 2010-08-07 13:18 . 2008-07-08 13:00        26488              c:\windows\$hf_mig$\KB980195\update\spcustom.dll
+ 2010-08-07 13:18 . 2008-07-08 13:00        18808              c:\windows\$hf_mig$\KB980195\spmsg.dll
+ 2010-08-07 13:18 . 2009-05-26 11:40        26488              c:\windows\$hf_mig$\KB979683\update\spcustom.dll
+ 2010-08-05 14:01 . 2010-03-05 14:53        16896              c:\windows\$hf_mig$\KB979683\update\mpsyschk.dll
+ 2010-08-07 13:18 . 2009-05-26 11:40        18808              c:\windows\$hf_mig$\KB979683\spmsg.dll
+ 2010-08-07 13:07 . 2009-05-26 09:01        26488              c:\windows\$hf_mig$\KB979559\update\spcustom.dll
+ 2010-08-07 13:07 . 2009-05-26 09:01        18808              c:\windows\$hf_mig$\KB979559\spmsg.dll
+ 2010-08-07 13:06 . 2009-05-26 11:40        26488              c:\windows\$hf_mig$\KB979482\update\spcustom.dll
+ 2010-08-07 13:06 . 2009-05-26 11:40        18808              c:\windows\$hf_mig$\KB979482\spmsg.dll
+ 2010-03-05 14:50 . 2010-03-05 14:50        65536              c:\windows\$hf_mig$\KB979482\SP3QFE\asycfilt.dll
+ 2010-08-07 13:06 . 2008-07-08 13:00        26488              c:\windows\$hf_mig$\KB979309\update\spcustom.dll
+ 2010-08-07 13:06 . 2008-07-08 13:00        18808              c:\windows\$hf_mig$\KB979309\spmsg.dll
+ 2010-01-13 13:48 . 2010-01-13 13:48        86528              c:\windows\$hf_mig$\KB979309\SP3QFE\cabview.dll
+ 2010-08-07 13:06 . 2009-05-26 11:40        26488              c:\windows\$hf_mig$\KB978706\update\spcustom.dll
+ 2010-08-07 13:06 . 2009-05-26 11:40        18808              c:\windows\$hf_mig$\KB978706\spmsg.dll
+ 2010-08-07 13:07 . 2008-07-08 13:00        26488              c:\windows\$hf_mig$\KB978601\update\spcustom.dll
+ 2010-08-07 13:07 . 2008-07-08 13:00        18808              c:\windows\$hf_mig$\KB978601\spmsg.dll
+ 2010-08-07 13:06 . 2009-05-26 11:40        26488              c:\windows\$hf_mig$\KB978542\update\spcustom.dll
+ 2010-08-07 13:06 . 2009-05-26 11:40        18808              c:\windows\$hf_mig$\KB978542\spmsg.dll
+ 2010-08-07 13:16 . 2009-05-26 11:40        26488              c:\windows\$hf_mig$\KB978338\update\spcustom.dll
+ 2010-08-07 13:16 . 2009-05-26 11:40        18808              c:\windows\$hf_mig$\KB978338\spmsg.dll
+ 2010-08-07 13:16 . 2009-05-26 11:40        26488              c:\windows\$hf_mig$\KB978037\update\spcustom.dll
+ 2010-08-07 13:16 . 2009-05-26 11:40        18808              c:\windows\$hf_mig$\KB978037\spmsg.dll
+ 2009-12-14 07:10 . 2009-12-14 07:10        33280              c:\windows\$hf_mig$\KB978037\SP3QFE\csrsrv.dll
+ 2010-08-07 13:07 . 2009-05-26 11:40        26488              c:\windows\$hf_mig$\KB977914\update\spcustom.dll
+ 2010-08-07 13:07 . 2009-05-26 11:40        18808              c:\windows\$hf_mig$\KB977914\spmsg.dll
+ 2009-11-27 16:28 . 2009-11-27 16:28        28672              c:\windows\$hf_mig$\KB977914\SP3QFE\msvidc32.dll
+ 2009-11-27 16:28 . 2009-11-27 16:28        11264              c:\windows\$hf_mig$\KB977914\SP3QFE\msrle32.dll
+ 2009-11-27 16:28 . 2009-11-27 16:28        48128              c:\windows\$hf_mig$\KB977914\SP3QFE\iyuv_32.dll
+ 2009-11-27 16:28 . 2009-11-27 16:28        85504              c:\windows\$hf_mig$\KB977914\SP3QFE\avifil32.dll
+ 2010-08-07 13:07 . 2009-05-26 11:40        26488              c:\windows\$hf_mig$\KB977816\update\spcustom.dll
+ 2010-08-07 13:07 . 2009-05-26 11:40        18808              c:\windows\$hf_mig$\KB977816\spmsg.dll
+ 2010-08-07 13:16 . 2009-05-26 11:40        26488              c:\windows\$hf_mig$\KB975713\update\spcustom.dll
+ 2010-08-07 13:16 . 2009-05-26 11:40        18808              c:\windows\$hf_mig$\KB975713\spmsg.dll
+ 2010-08-07 13:06 . 2008-07-08 13:00        26488              c:\windows\$hf_mig$\KB975562\update\spcustom.dll
+ 2010-08-07 13:06 . 2008-07-08 13:00        18808              c:\windows\$hf_mig$\KB975562\spmsg.dll
+ 2010-08-07 13:08 . 2008-07-08 13:00        26488              c:\windows\$hf_mig$\KB975561\update\spcustom.dll
+ 2010-08-07 13:08 . 2008-07-08 13:00        18808              c:\windows\$hf_mig$\KB975561\spmsg.dll
+ 2010-08-07 13:07 . 2009-05-26 11:40        26488              c:\windows\$hf_mig$\KB975560\update\spcustom.dll
+ 2010-08-07 13:07 . 2009-05-26 11:40        18808              c:\windows\$hf_mig$\KB975560\spmsg.dll
+ 2009-11-27 17:23 . 2009-11-27 17:23        17920              c:\windows\$hf_mig$\KB975560\SP3QFE\msyuv.dll
+ 2010-08-07 13:16 . 2008-07-08 13:00        26488              c:\windows\$hf_mig$\KB972270\update\spcustom.dll
+ 2010-08-07 13:16 . 2008-07-08 13:00        18808              c:\windows\$hf_mig$\KB972270\spmsg.dll
+ 2010-08-05 14:01 . 2009-10-15 16:38        81920              c:\windows\$hf_mig$\KB972270\SP3QFE\fontsub.dll
+ 2010-08-07 13:17 . 2009-05-26 11:40        26488              c:\windows\$hf_mig$\KB955759\update\spcustom.dll
+ 2010-08-07 13:17 . 2009-05-26 11:40        18808              c:\windows\$hf_mig$\KB955759\spmsg.dll
+ 2010-08-07 13:06 . 2010-02-22 14:22        26488              c:\windows\$hf_mig$\KB2286198\update\spcustom.dll
+ 2010-08-07 13:06 . 2010-02-22 14:22        18808              c:\windows\$hf_mig$\KB2286198\spmsg.dll
+ 2010-08-07 13:16 . 2009-05-26 11:40        26488              c:\windows\$hf_mig$\KB2229593\update\spcustom.dll
+ 2010-08-07 13:16 . 2009-05-26 11:40        18808              c:\windows\$hf_mig$\KB2229593\spmsg.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        8192              c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-12-02 15:32 . 2009-12-02 15:32        8192              c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2001-08-18 04:54 . 2009-11-27 16:08        8704              c:\windows\system32\tsbyuv.dll
+ 2009-11-27 16:08 . 2009-11-27 16:08        8704              c:\windows\system32\dllcache\tsbyuv.dll
+ 2009-11-27 16:08 . 2009-11-27 16:08        8704              c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        7168              c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-12-02 15:32 . 2009-12-02 15:32        7168              c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        5632              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-12-02 15:33 . 2009-12-02 15:33        5632              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-12-02 15:32 . 2009-12-02 15:32        6656              c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        6656              c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-12-02 15:32 . 2009-12-02 15:32        8192              c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        8192              c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-08-07 13:07 . 2008-04-14 12:00        8192              c:\windows\$NtUninstallKB977914$\tsbyuv.dll
+ 2009-11-27 16:28 . 2009-11-27 16:28        8704              c:\windows\$hf_mig$\KB977914\SP3QFE\tsbyuv.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        113664              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-12-02 15:33 . 2009-12-02 15:33        113664              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-12-02 15:33 . 2009-12-02 15:33        258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-06-26 14:22 . 2009-12-24 06:59        177664              c:\windows\system32\wintrust.dll
- 2009-06-26 14:22 . 2009-10-29 07:41        832512              c:\windows\system32\wininet.dll
+ 2009-06-26 14:22 . 2010-05-04 17:14        832512              c:\windows\system32\wininet.dll
- 2009-06-26 14:22 . 2009-10-29 07:41        233472              c:\windows\system32\webcheck.dll
+ 2009-06-26 14:22 . 2010-05-04 17:14        233472              c:\windows\system32\webcheck.dll
- 2009-06-26 14:33 . 2008-05-09 10:54        430080              c:\windows\system32\vbscript.dll
+ 2009-06-26 14:33 . 2010-03-09 11:09        430080              c:\windows\system32\vbscript.dll
- 2009-06-26 14:22 . 2009-10-29 07:41        105984              c:\windows\system32\url.dll
+ 2009-06-26 14:22 . 2010-05-04 17:14        105984              c:\windows\system32\url.dll
- 2009-06-26 14:32 . 2009-07-29 04:34        119808              c:\windows\system32\t2embed.dll
+ 2009-06-26 14:32 . 2009-10-15 16:28        119808              c:\windows\system32\t2embed.dll
- 2009-06-26 14:22 . 2008-04-14 12:00        474624              c:\windows\system32\shlwapi.dll
+ 2009-06-26 14:22 . 2009-12-08 09:23        474624              c:\windows\system32\shlwapi.dll
+ 2010-03-30 22:10 . 2010-03-30 22:10        295264              c:\windows\system32\PresentationHost.exe
- 2009-06-26 14:23 . 2010-05-21 11:48        435480              c:\windows\system32\perfh009.dat
+ 2009-06-26 14:23 . 2010-08-07 13:12        435480              c:\windows\system32\perfh009.dat
- 2009-06-26 14:30 . 2009-10-29 07:41        102912              c:\windows\system32\occache.dll
+ 2009-06-26 14:30 . 2010-05-04 17:14        102912              c:\windows\system32\occache.dll
+ 2009-06-26 14:29 . 2010-05-04 17:14        671232              c:\windows\system32\mstime.dll
- 2009-06-26 14:29 . 2009-10-29 07:41        671232              c:\windows\system32\mstime.dll
- 2009-06-26 14:29 . 2009-10-29 07:41        193024              c:\windows\system32\msrating.dll
+ 2009-06-26 14:29 . 2010-05-04 17:14        193024              c:\windows\system32\msrating.dll
+ 2009-09-18 19:14 . 2009-12-17 07:40        346624              c:\windows\system32\mspaint.exe
- 2009-09-18 19:14 . 2008-04-14 12:00        346624              c:\windows\system32\mspaint.exe
+ 2009-06-26 14:29 . 2010-05-04 17:14        477696              c:\windows\system32\mshtmled.dll
- 2009-06-26 14:29 . 2009-10-29 07:41        477696              c:\windows\system32\mshtmled.dll
- 2007-08-13 16:54 . 2009-10-29 07:40        459264              c:\windows\system32\msfeeds.dll
+ 2007-08-13 16:54 . 2010-05-04 17:14        459264              c:\windows\system32\msfeeds.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07        297808              c:\windows\system32\mscoree.dll
+ 2009-09-18 19:16 . 2010-01-29 14:59        691712              c:\windows\system32\inetcomm.dll
- 2009-09-18 19:16 . 2008-04-11 19:04        691712              c:\windows\system32\inetcomm.dll
- 2007-08-13 16:34 . 2009-10-29 07:40        268288              c:\windows\system32\iertutil.dll
+ 2007-08-13 16:34 . 2010-05-04 17:14        268288              c:\windows\system32\iertutil.dll
+ 2009-06-26 14:27 . 2010-05-04 17:14        192512              c:\windows\system32\iepeers.dll
+ 2009-06-26 14:22 . 2010-05-04 17:14        385024              c:\windows\system32\iedkcs32.dll
- 2009-06-26 14:22 . 2009-10-29 07:40        385024              c:\windows\system32\iedkcs32.dll
- 2007-07-11 10:27 . 2009-10-29 07:40        380928              c:\windows\system32\ieapfltr.dll
+ 2007-07-11 10:27 . 2010-05-04 17:14        380928              c:\windows\system32\ieapfltr.dll
- 2009-06-26 14:27 . 2009-10-28 06:52        161792              c:\windows\system32\ieakui.dll
+ 2009-06-26 14:27 . 2010-04-16 11:43        161792              c:\windows\system32\ieakui.dll
+ 2009-06-26 14:27 . 2010-05-04 17:14        230400              c:\windows\system32\ieaksie.dll
- 2009-06-26 14:27 . 2009-10-29 07:40        230400              c:\windows\system32\ieaksie.dll
+ 2009-06-26 14:27 . 2010-05-04 17:14        153088              c:\windows\system32\ieakeng.dll
- 2009-06-26 14:27 . 2009-10-29 07:40        153088              c:\windows\system32\ieakeng.dll
+ 2009-09-18 20:08 . 2010-08-07 20:32        114176              c:\windows\system32\FNTCACHE.DAT
- 2009-09-18 20:08 . 2009-12-02 16:01        114176              c:\windows\system32\FNTCACHE.DAT
+ 2009-06-26 14:26 . 2010-05-04 17:14        133120              c:\windows\system32\extmgr.dll
- 2009-06-26 14:26 . 2009-10-29 07:40        133120              c:\windows\system32\extmgr.dll
- 2009-06-26 14:25 . 2009-10-29 07:40        214528              c:\windows\system32\dxtrans.dll
+ 2009-06-26 14:25 . 2010-05-04 17:14        214528              c:\windows\system32\dxtrans.dll
+ 2009-06-26 14:25 . 2010-05-04 17:14        347136              c:\windows\system32\dxtmsft.dll
- 2009-06-26 14:25 . 2009-10-29 07:40        347136              c:\windows\system32\dxtmsft.dll
+ 2009-06-26 14:32 . 2010-02-11 12:02        226880              c:\windows\system32\drivers\tcpip6.sys
+ 2009-06-26 14:42 . 2010-02-24 13:11        455680              c:\windows\system32\drivers\mrxsmb.sys
+ 2009-06-26 14:22 . 2009-12-24 06:59        177664              c:\windows\system32\dllcache\wintrust.dll
+ 2009-06-26 14:22 . 2010-05-04 17:14        832512              c:\windows\system32\dllcache\wininet.dll
- 2009-06-26 14:22 . 2009-10-29 07:41        832512              c:\windows\system32\dllcache\wininet.dll
+ 2009-06-26 14:22 . 2010-05-04 17:14        233472              c:\windows\system32\dllcache\webcheck.dll
- 2009-06-26 14:22 . 2009-10-29 07:41        233472              c:\windows\system32\dllcache\webcheck.dll
+ 2009-06-26 14:33 . 2010-03-09 11:09        430080              c:\windows\system32\dllcache\vbscript.dll
- 2009-06-26 14:33 . 2008-05-09 10:54        430080              c:\windows\system32\dllcache\vbscript.dll
+ 2009-06-26 14:22 . 2010-05-04 17:14        105984              c:\windows\system32\dllcache\url.dll
- 2009-06-26 14:22 . 2009-10-29 07:41        105984              c:\windows\system32\dllcache\url.dll
+ 2009-06-26 14:32 . 2010-02-11 12:02        226880              c:\windows\system32\dllcache\tcpip6.sys
+ 2009-06-26 14:32 . 2009-10-15 16:28        119808              c:\windows\system32\dllcache\t2embed.dll
- 2009-06-26 14:32 . 2009-07-29 04:34        119808              c:\windows\system32\dllcache\t2embed.dll
- 2009-06-26 14:22 . 2008-04-14 12:00        474624              c:\windows\system32\dllcache\shlwapi.dll
+ 2009-06-26 14:22 . 2009-12-08 09:23        474624              c:\windows\system32\dllcache\shlwapi.dll
+ 2009-06-26 14:30 . 2010-05-04 17:14        102912              c:\windows\system32\dllcache\occache.dll
- 2009-06-26 14:30 . 2009-10-29 07:41        102912              c:\windows\system32\dllcache\occache.dll
+ 2009-06-26 14:29 . 2010-05-04 17:14        671232              c:\windows\system32\dllcache\mstime.dll
- 2009-06-26 14:29 . 2009-10-29 07:41        671232              c:\windows\system32\dllcache\mstime.dll
- 2009-06-26 14:29 . 2009-10-29 07:41        193024              c:\windows\system32\dllcache\msrating.dll
+ 2009-06-26 14:29 . 2010-05-04 17:14        193024              c:\windows\system32\dllcache\msrating.dll
- 2009-09-18 19:14 . 2008-04-14 12:00        346624              c:\windows\system32\dllcache\mspaint.exe
+ 2009-09-18 19:14 . 2009-12-17 07:40        346624              c:\windows\system32\dllcache\mspaint.exe
+ 2009-06-26 14:29 . 2010-05-04 17:14        477696              c:\windows\system32\dllcache\mshtmled.dll
- 2009-06-26 14:29 . 2009-10-29 07:41        477696              c:\windows\system32\dllcache\mshtmled.dll
+ 2009-09-18 15:03 . 2010-05-04 17:14        459264              c:\windows\system32\dllcache\msfeeds.dll
- 2009-09-18 15:03 . 2009-10-29 07:40        459264              c:\windows\system32\dllcache\msfeeds.dll
+ 2009-09-18 14:07 . 2010-02-24 13:11        455680              c:\windows\system32\dllcache\mrxsmb.sys
+ 2009-09-18 19:16 . 2010-01-29 14:59        691712              c:\windows\system32\dllcache\inetcomm.dll
- 2009-09-18 19:16 . 2008-04-11 19:04        691712              c:\windows\system32\dllcache\inetcomm.dll
+ 2009-09-18 19:16 . 2010-04-16 11:43        634656              c:\windows\system32\dllcache\iexplore.exe
- 2009-09-18 15:03 . 2009-10-29 07:40        268288              c:\windows\system32\dllcache\iertutil.dll
+ 2009-09-18 15:03 . 2010-05-04 17:14        268288              c:\windows\system32\dllcache\iertutil.dll
+ 2009-06-26 14:27 . 2010-05-04 17:14        192512              c:\windows\system32\dllcache\iepeers.dll
+ 2009-06-26 14:22 . 2010-05-04 17:14        385024              c:\windows\system32\dllcache\iedkcs32.dll
- 2009-06-26 14:22 . 2009-10-29 07:40        385024              c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-09-18 15:03 . 2010-05-04 17:14        380928              c:\windows\system32\dllcache\ieapfltr.dll
- 2009-09-18 15:03 . 2009-10-29 07:40        380928              c:\windows\system32\dllcache\ieapfltr.dll
- 2009-06-26 14:27 . 2009-10-28 06:52        161792              c:\windows\system32\dllcache\ieakui.dll
+ 2009-06-26 14:27 . 2010-04-16 11:43        161792              c:\windows\system32\dllcache\ieakui.dll
- 2009-06-26 14:27 . 2009-10-29 07:40        230400              c:\windows\system32\dllcache\ieaksie.dll
+ 2009-06-26 14:27 . 2010-05-04 17:14        230400              c:\windows\system32\dllcache\ieaksie.dll
- 2009-06-26 14:27 . 2009-10-29 07:40        153088              c:\windows\system32\dllcache\ieakeng.dll
+ 2009-06-26 14:27 . 2010-05-04 17:14        153088              c:\windows\system32\dllcache\ieakeng.dll
- 2009-09-18 19:16 . 2008-04-14 12:00        744448              c:\windows\system32\dllcache\helpsvc.exe
+ 2009-09-18 19:16 . 2010-06-14 14:31        744448              c:\windows\system32\dllcache\helpsvc.exe
+ 2009-06-26 14:26 . 2010-05-04 17:14        133120              c:\windows\system32\dllcache\extmgr.dll
- 2009-06-26 14:26 . 2009-10-29 07:40        133120              c:\windows\system32\dllcache\extmgr.dll
+ 2009-06-26 14:25 . 2010-05-04 17:14        214528              c:\windows\system32\dllcache\dxtrans.dll
- 2009-06-26 14:25 . 2009-10-29 07:40        214528              c:\windows\system32\dllcache\dxtrans.dll
- 2009-06-26 14:25 . 2009-10-29 07:40        347136              c:\windows\system32\dllcache\dxtmsft.dll
+ 2009-06-26 14:25 . 2010-05-04 17:14        347136              c:\windows\system32\dllcache\dxtmsft.dll
+ 2009-06-26 14:23 . 2010-04-20 05:29        285696              c:\windows\system32\dllcache\atmfd.dll
- 2009-06-26 14:23 . 2008-04-14 12:00        285696              c:\windows\system32\dllcache\atmfd.dll
- 2009-06-26 14:22 . 2009-10-29 07:40        124928              c:\windows\system32\dllcache\advpack.dll
+ 2009-06-26 14:22 . 2010-05-04 17:14        124928              c:\windows\system32\dllcache\advpack.dll
+ 2009-06-26 14:23 . 2009-11-21 15:54        471552              c:\windows\system32\dllcache\aclayers.dll
+ 2009-06-26 14:23 . 2010-02-12 04:33        100864              c:\windows\system32\dllcache\6to4svc.dll
+ 2010-08-05 13:58 . 2010-02-12 10:03        293376              c:\windows\system32\browserchoice.exe
+ 2009-06-26 14:23 . 2010-04-20 05:29        285696              c:\windows\system32\atmfd.dll
- 2009-06-26 14:23 . 2008-04-14 12:00        285696              c:\windows\system32\atmfd.dll
+ 2009-06-26 14:22 . 2010-05-04 17:14        124928              c:\windows\system32\advpack.dll
- 2009-06-26 14:22 . 2009-10-29 07:40        124928              c:\windows\system32\advpack.dll
+ 2009-06-26 14:23 . 2010-02-12 04:33        100864              c:\windows\system32\6to4svc.dll
+ 2009-09-18 19:16 . 2010-06-14 14:31        744448              c:\windows\pchealth\helpctr\binaries\helpsvc.exe
- 2009-09-18 19:16 . 2008-04-14 12:00        744448              c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
+ 2010-03-30 22:16 . 2010-03-30 22:16        130408              c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2010-04-07 21:48 . 2010-04-07 21:48        970752              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
- 2008-07-29 17:16 . 2008-07-29 17:16        110592              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-04-07 21:48 . 2010-04-07 21:48        110592              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-03-23 03:31 . 2010-03-23 03:31        435024              c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2008-07-25 09:17 . 2008-07-25 09:17        258048              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-02-09 10:22 . 2010-02-09 10:22        258048              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2008-05-27 23:49 . 2008-05-27 23:49        102400              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2010-03-31 12:51 . 2010-03-31 12:51        102400              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2010-03-31 12:49 . 2010-03-31 12:49        315392              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2008-05-27 23:48 . 2008-05-27 23:48        315392              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-03-31 13:32 . 2010-03-31 13:32        258048              c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2008-05-28 00:30 . 2008-05-28 00:30        258048              c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-02-24 22:14 . 2010-02-24 22:14        543232              c:\windows\Installer\e33686.msp
+ 2010-08-05 15:07 . 2009-10-29 07:41        832512              c:\windows\ie7updates\KB982381-IE7\wininet.dll
+ 2010-08-05 15:07 . 2009-10-29 07:41        233472              c:\windows\ie7updates\KB982381-IE7\webcheck.dll
+ 2010-08-05 15:07 . 2009-10-29 07:41        105984              c:\windows\ie7updates\KB982381-IE7\url.dll
+ 2010-08-05 15:07 . 2009-05-26 11:40        388984              c:\windows\ie7updates\KB982381-IE7\spuninst\updspapi.dll
+ 2010-08-05 15:07 . 2008-07-08 13:00        234872              c:\windows\ie7updates\KB982381-IE7\spuninst\spuninst.exe
+ 2010-08-05 15:07 . 2009-10-29 07:41        102912              c:\windows\ie7updates\KB982381-IE7\occache.dll
+ 2010-08-05 15:07 . 2009-10-29 07:41        671232              c:\windows\ie7updates\KB982381-IE7\mstime.dll
+ 2010-08-05 15:07 . 2009-10-29 07:41        193024              c:\windows\ie7updates\KB982381-IE7\msrating.dll
+ 2010-08-05 15:07 . 2009-10-29 07:41        477696              c:\windows\ie7updates\KB982381-IE7\mshtmled.dll
+ 2010-08-05 15:07 . 2009-10-29 07:40        459264              c:\windows\ie7updates\KB982381-IE7\msfeeds.dll
+ 2010-08-05 15:07 . 2009-10-28 06:54        634632              c:\windows\ie7updates\KB982381-IE7\iexplore.exe
+ 2010-08-05 15:07 . 2009-10-29 07:40        268288              c:\windows\ie7updates\KB982381-IE7\iertutil.dll
+ 2010-08-05 15:07 . 2007-08-13 16:54        191488              c:\windows\ie7updates\KB982381-IE7\iepeers.dll
+ 2010-08-05 15:07 . 2009-10-29 07:40        385024              c:\windows\ie7updates\KB982381-IE7\iedkcs32.dll
+ 2010-08-05 15:07 . 2009-10-29 07:40        380928              c:\windows\ie7updates\KB982381-IE7\ieapfltr.dll
+ 2010-08-05 15:07 . 2009-10-28 06:52        161792              c:\windows\ie7updates\KB982381-IE7\ieakui.dll
+ 2010-08-05 15:07 . 2009-10-29 07:40        230400              c:\windows\ie7updates\KB982381-IE7\ieaksie.dll
+ 2010-08-05 15:07 . 2009-10-29 07:40        153088              c:\windows\ie7updates\KB982381-IE7\ieakeng.dll
+ 2010-08-05 15:07 . 2009-10-29 07:40        133120              c:\windows\ie7updates\KB982381-IE7\extmgr.dll
+ 2010-08-05 15:07 . 2009-10-29 07:40        214528              c:\windows\ie7updates\KB982381-IE7\dxtrans.dll
+ 2010-08-05 15:07 . 2009-10-29 07:40        347136              c:\windows\ie7updates\KB982381-IE7\dxtmsft.dll
+ 2010-08-05 15:07 . 2009-10-29 07:40        124928              c:\windows\ie7updates\KB982381-IE7\advpack.dll
+ 2009-09-18 14:07 . 2010-02-24 13:11        455680              c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-08-07 13:19 . 2010-08-07 13:19        835584              c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_54e1816a\System.Drawing.dll
+ 2010-08-07 13:19 . 2010-08-07 13:19        192512              c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_037f1333\System.Drawing.Design.dll
+ 2010-08-07 13:19 . 2010-08-07 13:19        118784              c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_425eeaba\CustomMarshalers.dll
+ 2010-08-06 13:13 . 2010-08-06 13:13        321536              c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\4d07b1ccecca66f320c1a0971dd614d1\WsatConfig.ni.exe
+ 2010-08-07 13:18 . 2010-08-07 13:18        240128              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\b3a9fac9aea3ad913781fafbdcbb0cae\WindowsFormsIntegration.ni.dll
+ 2010-08-07 13:17 . 2010-08-07 13:17        447488              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\4131a3627fec69291dbaed236f30dc65\UIAutomationClient.ni.dll
+ 2010-08-06 13:20 . 2010-08-06 13:20        400896              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\747e84d81d1de2041661f0f71b04734a\System.Xml.Linq.ni.dll
+ 2010-08-06 13:19 . 2010-08-06 13:19        129536              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\d51dfbd8d5431eb89181baaa24863e15\System.Web.Routing.ni.dll
+ 2010-08-06 13:20 . 2010-08-06 13:20        202240              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\436dde9611932489da3dc8a1be170843\System.Web.RegularExpressions.ni.dll
+ 2010-08-06 13:19 . 2010-08-06 13:19        859648              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\e8ef769b3e899e62b26daadee50b97ed\System.Web.Extensions.Design.ni.dll
+ 2010-08-06 13:19 . 2010-08-06 13:19        328704              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\ce3b446b7bee5c47949c994ec89b1649\System.Web.Entity.ni.dll
+ 2010-08-06 13:19 . 2010-08-06 13:19        301056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ad04fe1182e55e7c01066b62a4bee6b5\System.Web.Entity.Design.ni.dll
+ 2010-08-06 13:19 . 2010-08-06 13:19        547328              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\20ba0d4d182a1a9c1f54c00d3bc29a68\System.Web.DynamicData.ni.dll
+ 2010-08-06 13:19 . 2010-08-06 13:19        141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\c97ecf9250c2f0794262534f27f98b72\System.Web.Abstractions.ni.dll
+ 2010-08-06 13:18 . 2010-08-06 13:18        627200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9c56656c88979cf18de6cbcb6587ba8f\System.Transactions.ni.dll
+ 2010-08-06 13:18 . 2010-08-06 13:18        212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll
+ 2010-08-06 13:14 . 2010-08-06 13:14        679936              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\42b2ffb594dbd5652a576a0dce28722c\System.Security.ni.dll
+ 2010-08-06 13:18 . 2010-08-06 13:18        311296              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3231473e2ec4451c8f218930fda80d19\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-08-06 13:18 . 2010-08-06 13:18        621056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\f90965b9d9a6a6604c9a66f57c37c026\System.Net.ni.dll
+ 2010-08-06 13:18 . 2010-08-06 13:18        998400              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\16670b6870746e5a8dc4a73a76a90bed\System.Management.ni.dll
+ 2010-08-06 13:18 . 2010-08-06 13:18        330752              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e6bd59fec415e273c173170c6508180a\System.Management.Instrumentation.ni.dll
+ 2010-08-06 13:11 . 2010-08-06 13:11        381440              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e3eb86170cba4c80e6e22ca33c63c218\System.IO.Log.ni.dll
+ 2010-08-06 13:14 . 2010-08-06 13:14        212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cfa48936affc9a5fb89f0bf66cc52a47\System.IdentityModel.Selectors.ni.dll
+ 2010-08-06 13:18 . 2010-08-06 13:18        280064              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.Wrapper.dll
+ 2010-08-06 13:18 . 2010-08-06 13:18        627712              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.ni.dll
+ 2010-08-06 12:47 . 2010-08-06 12:47        208384              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\aeba6820f20655dec7fe0fe05aaeb818\System.Drawing.Design.ni.dll
+ 2010-08-06 13:18 . 2010-08-06 13:18        455680              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\9ef70079beca3a9982a3aa76ebc0ddd8\System.DirectoryServices.Protocols.ni.dll
+ 2010-08-06 13:18 . 2010-08-06 13:18        881152              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\277619716d9136216065bea970365c65\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-08-06 13:18 . 2010-08-06 13:18        939008              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\90b67e13866b176ae6cbdb23144f724d\System.Data.Services.Client.ni.dll
+ 2010-08-06 13:18 . 2010-08-06 13:18        354816              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\131a477d41a8669b15696128b94c2636\System.Data.Services.Design.ni.dll
+ 2010-08-06 13:17 . 2010-08-06 13:17        756736              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\d4990681ce373d81a52b231ee4c4afea\System.Data.Entity.Design.ni.dll
+ 2010-08-06 13:15 . 2010-08-06 13:15        135680              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\9e9d66a3a0e16fceead505c25af569eb\System.Data.DataSetExtensions.ni.dll
+ 2010-08-06 13:14 . 2010-08-06 13:14        971264              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll
+ 2010-08-06 13:18 . 2010-08-06 13:18        141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\39e4f9a276fb12125d8a1444d8b65a84\System.Configuration.Install.ni.dll
+ 2010-08-06 13:15 . 2010-08-06 13:15        633856              c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\849916c5cb3ff7763d15a3976766c2f6\System.AddIn.ni.dll
+ 2010-08-06 13:13 . 2010-08-06 13:13        366080              c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\f38a426b90e6c526dcb2c435c7380450\SMSvcHost.ni.exe
+ 2010-08-06 13:13 . 2010-08-06 13:13        256000              c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6cabc7d1700c224e8b41ff2f96a3087c\SMDiagnostics.ni.dll
+ 2010-08-06 13:13 . 2010-08-06 13:13        320512              c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5c8f5ca36498f43980d64820d8186c8a\ServiceModelReg.ni.exe
+ 2010-08-07 13:17 . 2010-08-07 13:17        368128              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a10c2c7e38291c3ada631ad13e762818\PresentationFramework.Aero.ni.dll
+ 2010-08-07 13:17 . 2010-08-07 13:17        539648              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7579c76fa81eb309d3170b62467be58d\PresentationFramework.Luna.ni.dll
+ 2010-08-07 13:17 . 2010-08-07 13:17        224768              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bef0992fb684e71dbfab5c0a99316af\PresentationFramework.Classic.ni.dll
+ 2010-08-07 13:17 . 2010-08-07 13:17        258048              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2f6687d394813d760496f60acf046384\PresentationFramework.Royale.ni.dll
+ 2010-08-06 13:14 . 2010-08-06 13:14        133632              c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7700963610c1af364aa934c3c824b7b4\MSBuild.ni.exe
+ 2010-08-06 13:13 . 2010-08-06 13:13        386560              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\c74d4c69c49992dfb23ba512081dc3de\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-08-06 13:14 . 2010-08-06 13:14        144384              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\a6a9f24b1a8984eaafbabb1ee968e359\Microsoft.Build.Utilities.ni.dll
+ 2010-08-06 13:14 . 2010-08-06 13:14        175104              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\2fa81d363cb1496be2427d848a867409\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-08-06 13:14 . 2010-08-06 13:14        839680              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\c4c360df9c1024ebc3f0de77f5cf8b1c\Microsoft.Build.Engine.ni.dll
+ 2010-08-06 13:14 . 2010-08-06 13:14        222720              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c9386dcd89c2518a74115f3bfd861830\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-08-06 13:13 . 2010-08-06 13:13        410112              c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\abb62e3ed74c974f0282bc7ea5d3f1c1\ComSvcConfig.ni.exe
+ 2010-08-06 13:13 . 2010-08-06 13:13        842240              c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\6d34f00b6a782d15bec70d6cdb00b5e8\AspNetMMCExt.ni.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        839680              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-12-02 15:32 . 2009-12-02 15:32        839680              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-12-02 15:32 . 2009-12-02 15:32        835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-12-02 15:32 . 2009-12-02 15:32        114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-12-02 15:33 . 2009-12-02 15:33        258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-08-05 15:14 . 2010-08-05 15:14        970752              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2009-12-02 15:33 . 2009-12-02 15:33        131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        303104              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-12-02 15:33 . 2009-12-02 15:33        303104              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-12-02 15:33 . 2009-12-02 15:33        258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-12-02 15:33 . 2009-12-02 15:33        372736              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        372736              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-08-05 15:14 . 2010-08-05 15:14        438272              c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2009-12-02 15:33 . 2009-12-02 15:33        626688              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        626688              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-12-02 15:32 . 2009-12-02 15:32        401408              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        401408              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-12-02 15:32 . 2009-12-02 15:32        188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        970752              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-12-02 15:33 . 2009-12-02 15:33        970752              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-12-02 15:33 . 2009-12-02 15:33        745472              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        745472              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-12-02 15:33 . 2009-12-02 15:33        425984              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        425984              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-12-02 15:33 . 2009-12-02 15:33        110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-08-05 15:14 . 2010-08-05 15:14        110592              c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-09-21 12:01 . 2009-09-21 12:01        110592              c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        659456              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-12-02 15:32 . 2009-12-02 15:32        659456              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-12-02 15:32 . 2009-12-02 15:32        372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-12-02 15:32 . 2009-12-02 15:32        110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-12-02 15:32 . 2009-12-02 15:32        749568              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        749568              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-12-02 15:33 . 2009-12-02 15:33        655360              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        655360              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-12-02 15:33 . 2009-12-02 15:33        348160              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        348160              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-12-02 15:32 . 2009-12-02 15:32        507904              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-08-07 13:11 . 2010-08-07 13:11        507904              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-12-02 15:32 . 2009-12-02 15:32        261632              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        261632              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        113664              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-12-02 15:33 . 2009-12-02 15:33        113664              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-12-02 15:33 . 2009-12-02 15:33        258048              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        258048              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-12-02 15:33 . 2009-12-02 15:33        486400              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        486400              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-06-26 14:23 . 2009-11-21 15:54        471552              c:\windows\AppPatch\aclayers.dll
+ 2010-08-07 13:07 . 2009-05-26 09:01        388984              c:\windows\$NtUninstallKB981793$\spuninst\updspapi.dll
+ 2010-08-07 13:07 . 2009-05-26 09:01        234872              c:\windows\$NtUninstallKB981793$\spuninst\spuninst.exe
+ 2010-08-07 13:17 . 2008-05-09 10:54        430080              c:\windows\$NtUninstallKB981349$\vbscript.dll
+ 2010-08-07 13:17 . 2009-05-26 11:40        388984              c:\windows\$NtUninstallKB981349$\spuninst\updspapi.dll
+ 2010-08-07 13:17 . 2009-05-26 11:40        234872              c:\windows\$NtUninstallKB981349$\spuninst\spuninst.exe
+ 2010-08-07 13:18 . 2009-05-26 09:01        388984              c:\windows\$NtUninstallKB980232$\spuninst\updspapi.dll
+ 2010-08-07 13:18 . 2009-05-26 09:01        234872              c:\windows\$NtUninstallKB980232$\spuninst\spuninst.exe
+ 2010-08-07 13:18 . 2008-10-24 11:21        455296              c:\windows\$NtUninstallKB980232$\mrxsmb.sys
+ 2010-08-07 13:19 . 2009-05-26 11:40        388984              c:\windows\$NtUninstallKB980218$\spuninst\updspapi.dll
+ 2010-08-07 13:19 . 2009-05-26 11:40        234872              c:\windows\$NtUninstallKB980218$\spuninst\spuninst.exe
+ 2010-08-07 13:19 . 2008-04-14 12:00        285696              c:\windows\$NtUninstallKB980218$\atmfd.dll
+ 2010-08-07 13:18 . 2008-07-08 13:00        388984              c:\windows\$NtUninstallKB980195$\spuninst\updspapi.dll
+ 2010-08-07 13:18 . 2008-07-08 13:00        234872              c:\windows\$NtUninstallKB980195$\spuninst\spuninst.exe
+ 2010-08-07 13:18 . 2009-05-26 11:40        388984              c:\windows\$NtUninstallKB979683$\spuninst\updspapi.dll
+ 2010-08-07 13:18 . 2009-05-26 11:40        234872              c:\windows\$NtUninstallKB979683$\spuninst\spuninst.exe
+ 2010-08-07 13:07 . 2009-05-26 11:40        388984              c:\windows\$NtUninstallKB979559$\spuninst\updspapi.dll
+ 2010-08-07 13:07 . 2009-05-26 09:01        234872              c:\windows\$NtUninstallKB979559$\spuninst\spuninst.exe
+ 2010-08-07 13:06 . 2009-05-26 11:40        388984              c:\windows\$NtUninstallKB979482$\spuninst\updspapi.dll
+ 2010-08-07 13:06 . 2009-05-26 11:40        234872              c:\windows\$NtUninstallKB979482$\spuninst\spuninst.exe
+ 2010-08-07 13:06 . 2009-05-26 11:40        388984              c:\windows\$NtUninstallKB979309$\spuninst\updspapi.dll
+ 2010-08-07 13:06 . 2008-07-08 13:00        234872              c:\windows\$NtUninstallKB979309$\spuninst\spuninst.exe
+ 2010-08-07 13:06 . 2009-05-26 11:40        388984              c:\windows\$NtUninstallKB978706$\spuninst\updspapi.dll
+ 2010-08-07 13:06 . 2009-05-26 11:40        234872              c:\windows\$NtUninstallKB978706$\spuninst\spuninst.exe
+ 2010-08-07 13:06 . 2008-04-14 12:00        346624              c:\windows\$NtUninstallKB978706$\mspaint.exe
+ 2010-08-07 13:07 . 2007-07-27 21:11        382840              c:\windows\$NtUninstallKB978695_WM9$\spuninst\updspapi.dll
+ 2010-08-07 13:07 . 2007-07-27 18:46        234872              c:\windows\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe
+ 2010-08-07 13:07 . 2008-04-14 12:00        176640              c:\windows\$NtUninstallKB978601$\wintrust.dll
+ 2010-08-07 13:07 . 2009-05-26 11:40        388984              c:\windows\$NtUninstallKB978601$\spuninst\updspapi.dll
+ 2010-08-07 13:07 . 2008-07-08 13:00        234872              c:\windows\$NtUninstallKB978601$\spuninst\spuninst.exe
+ 2010-08-07 13:06 . 2009-05-26 11:40        388984              c:\windows\$NtUninstallKB978542$\spuninst\updspapi.dll
+ 2010-08-07 13:06 . 2009-05-26 11:40        234872              c:\windows\$NtUninstallKB978542$\spuninst\spuninst.exe
+ 2010-08-07 13:06 . 2008-04-11 19:04        691712              c:\windows\$NtUninstallKB978542$\inetcomm.dll
+ 2010-08-07 13:16 . 2008-06-20 11:08        225856              c:\windows\$NtUninstallKB978338$\tcpip6.sys
+ 2010-08-07 13:16 . 2009-05-26 11:40        388984              c:\windows\$NtUninstallKB978338$\spuninst\updspapi.dll
+ 2010-08-07 13:16 . 2009-05-26 11:40        234872              c:\windows\$NtUninstallKB978338$\spuninst\spuninst.exe
+ 2010-08-07 13:16 . 2008-04-14 12:00        100352              c:\windows\$NtUninstallKB978338$\6to4svc.dll
+ 2010-08-07 13:16 . 2009-05-26 11:40        388984              c:\windows\$NtUninstallKB978037$\spuninst\updspapi.dll
+ 2010-08-07 13:16 . 2009-05-26 11:40        234872              c:\windows\$NtUninstallKB978037$\spuninst\spuninst.exe
+ 2010-08-07 13:07 . 2009-05-26 11:40        388984              c:\windows\$NtUninstallKB977914$\spuninst\updspapi.dll
+ 2010-08-07 13:07 . 2009-05-26 11:40        234872              c:\windows\$NtUninstallKB977914$\spuninst\spuninst.exe
+ 2010-08-07 13:07 . 2009-05-26 11:40        388984              c:\windows\$NtUninstallKB977816$\spuninst\updspapi.dll
+ 2010-08-07 13:07 . 2009-05-26 11:40        234872              c:\windows\$NtUninstallKB977816$\spuninst\spuninst.exe
+ 2010-08-07 13:16 . 2009-05-26 11:40        388984              c:\windows\$NtUninstallKB975713$\spuninst\updspapi.dll
+ 2010-08-07 13:16 . 2009-05-26 11:40        234872              c:\windows\$NtUninstallKB975713$\spuninst\spuninst.exe
+ 2010-08-07 13:16 . 2008-04-14 12:00        474624              c:\windows\$NtUninstallKB975713$\shlwapi.dll
+ 2010-08-07 13:06 . 2009-05-26 11:40        388984              c:\windows\$NtUninstallKB975562$\spuninst\updspapi.dll
+ 2010-08-07 13:06 . 2008-07-08 13:00        234872              c:\windows\$NtUninstallKB975562$\spuninst\spuninst.exe
+ 2010-08-07 13:08 . 2009-05-26 15:10        388984              c:\windows\$NtUninstallKB975561$\spuninst\updspapi.dll
+ 2010-08-07 13:08 . 2008-07-08 13:00        234872              c:\windows\$NtUninstallKB975561$\spuninst\spuninst.exe
+ 2010-08-07 13:07 . 2009-05-26 11:40        388984              c:\windows\$NtUninstallKB975560$\spuninst\updspapi.dll
+ 2010-08-07 13:07 . 2009-05-26 11:40        234872              c:\windows\$NtUninstallKB975560$\spuninst\spuninst.exe
+ 2010-08-07 13:16 . 2009-07-29 04:34        119808              c:\windows\$NtUninstallKB972270$\t2embed.dll
+ 2010-08-07 13:16 . 2008-07-08 13:00        388984              c:\windows\$NtUninstallKB972270$\spuninst\updspapi.dll
+ 2010-08-07 13:16 . 2008-07-08 13:00        234872              c:\windows\$NtUninstallKB972270$\spuninst\spuninst.exe
+ 2010-08-07 13:17 . 2009-05-26 15:10        388984              c:\windows\$NtUninstallKB955759$\spuninst\updspapi.dll
+ 2010-08-07 13:17 . 2009-05-26 11:40        234872              c:\windows\$NtUninstallKB955759$\spuninst\spuninst.exe
+ 2010-08-07 13:17 . 2008-04-14 12:00        451072              c:\windows\$NtUninstallKB955759$\aclayers.dll
+ 2010-08-07 13:06 . 2010-02-22 14:22        388984              c:\windows\$NtUninstallKB2286198$\spuninst\updspapi.dll
+ 2010-08-07 13:06 . 2010-02-22 14:22        234872              c:\windows\$NtUninstallKB2286198$\spuninst\spuninst.exe
+ 2010-08-07 13:16 . 2010-02-22 17:52        388984              c:\windows\$NtUninstallKB2229593$\spuninst\updspapi.dll
+ 2010-08-07 13:16 . 2009-05-26 11:40        234872              c:\windows\$NtUninstallKB2229593$\spuninst\spuninst.exe
+ 2010-08-07 13:16 . 2008-04-14 12:00        744448              c:\windows\$NtUninstallKB2229593$\helpsvc.exe
+ 2010-08-05 15:07 . 2009-05-26 11:40        388984              c:\windows\$hf_mig$\KB982381-IE7\update\updspapi.dll
+ 2010-08-05 15:07 . 2009-05-26 11:40        765304              c:\windows\$hf_mig$\KB982381-IE7\update\update.exe
+ 2010-08-05 15:07 . 2008-07-08 13:00        234872              c:\windows\$hf_mig$\KB982381-IE7\spuninst.exe
+ 2010-05-04 16:48 . 2010-05-04 16:48        841216              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\wininet.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48        233472              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\webcheck.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48        105984              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\url.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48        102912              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\occache.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48        671232              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\mstime.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48        193024              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\msrating.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48        477696              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\mshtmled.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48        459264              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\msfeeds.dll
+ 2010-04-16 11:08 . 2010-04-16 11:08        634648              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iexplore.exe
+ 2010-05-04 16:48 . 2010-05-04 16:48        268288              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iertutil.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48        193024              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iepeers.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48        388608              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iedkcs32.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48        380928              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieapfltr.dll
+ 2010-04-16 11:06 . 2010-04-16 11:06        161792              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieakui.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48        230400              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieaksie.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48        153088              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieakeng.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48        132608              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\extmgr.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48        214528              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\dxtrans.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48        347136              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\dxtmsft.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48        124928              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\advpack.dll
+ 2010-08-07 13:17 . 2009-05-26 11:40        388984              c:\windows\$hf_mig$\KB981349\update\updspapi.dll
+ 2010-08-07 13:17 . 2009-05-26 11:40        765304              c:\windows\$hf_mig$\KB981349\update\update.exe
+ 2010-08-07 13:17 . 2009-05-26 11:40        234872              c:\windows\$hf_mig$\KB981349\spuninst.exe
+ 2010-03-09 11:07 . 2010-03-09 11:07        430080              c:\windows\$hf_mig$\KB981349\SP3QFE\vbscript.dll
+ 2010-08-07 13:18 . 2009-05-26 09:01        388984              c:\windows\$hf_mig$\KB980232\update\updspapi.dll
+ 2010-08-07 13:18 . 2009-05-26 09:01        765304              c:\windows\$hf_mig$\KB980232\update\update.exe
+ 2010-08-07 13:18 . 2009-05-26 09:01        234872              c:\windows\$hf_mig$\KB980232\spuninst.exe
+ 2010-08-05 14:01 . 2010-02-24 11:57        457216              c:\windows\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys
+ 2010-08-07 13:19 . 2009-05-26 11:40        388984              c:\windows\$hf_mig$\KB980218\update\updspapi.dll
+ 2010-08-07 13:19 . 2009-05-26 11:40        765304              c:\windows\$hf_mig$\KB980218\update\update.exe
+ 2010-08-07 13:19 . 2009-05-26 11:40        234872              c:\windows\$hf_mig$\KB980218\spuninst.exe
+ 2010-04-20 05:37 . 2010-04-20 05:37        285824              c:\windows\$hf_mig$\KB980218\SP3QFE\atmfd.dll
+ 2010-08-07 13:18 . 2008-07-08 13:00        388984              c:\windows\$hf_mig$\KB980195\update\updspapi.dll
+ 2010-08-07 13:18 . 2008-07-08 13:00        765304              c:\windows\$hf_mig$\KB980195\update\update.exe
+ 2010-08-07 13:18 . 2008-07-08 13:00        234872              c:\windows\$hf_mig$\KB980195\spuninst.exe
+ 2010-08-07 13:18 . 2009-05-26 11:40        388984              c:\windows\$hf_mig$\KB979683\update\updspapi.dll
+ 2010-08-07 13:18 . 2009-05-26 11:40        765304              c:\windows\$hf_mig$\KB979683\update\update.exe
+ 2010-08-07 13:18 . 2009-05-26 11:40        234872              c:\windows\$hf_mig$\KB979683\spuninst.exe
+ 2010-08-07 13:07 . 2009-05-26 11:40        388984              c:\windows\$hf_mig$\KB979559\update\updspapi.dll
+ 2010-08-07 13:07 . 2009-05-26 11:40        765304              c:\windows\$hf_mig$\KB979559\update\update.exe
+ 2010-08-07 13:07 . 2009-05-26 09:01        234872              c:\windows\$hf_mig$\KB979559\spuninst.exe
+ 2010-08-07 13:06 . 2009-05-26 11:40        388984              c:\windows\$hf_mig$\KB979482\update\updspapi.dll
+ 2010-08-07 13:06 . 2009-05-26 11:40        765304              c:\windows\$hf_mig$\KB979482\update\update.exe
+ 2010-08-07 13:06 . 2009-05-26 11:40        234872              c:\windows\$hf_mig$\KB979482\spuninst.exe
+ 2010-08-07 13:06 . 2009-05-26 11:40        388984              c:\windows\$hf_mig$\KB979309\update\updspapi.dll
+ 2010-08-07 13:06 . 2009-05-26 11:40        765304              c:\windows\$hf_mig$\KB979309\update\update.exe
+ 2010-08-07 13:06 . 2008-07-08 13:00        234872              c:\windows\$hf_mig$\KB979309\spuninst.exe
+ 2010-08-07 13:06 . 2009-05-26 11:40        388984              c:\windows\$hf_mig$\KB978706\update\updspapi.dll
+ 2010-08-07 13:06 . 2009-05-26 11:40        765304              c:\windows\$hf_mig$\KB978706\update\update.exe
+ 2010-08-07 13:06 . 2009-05-26 11:40        234872              c:\windows\$hf_mig$\KB978706\spuninst.exe
+ 2009-12-17 07:37 . 2009-12-17 07:37        346624              c:\windows\$hf_mig$\KB978706\SP3QFE\mspaint.exe
+ 2010-08-07 13:07 . 2009-05-26 11:40        388984              c:\windows\$hf_mig$\KB978601\update\updspapi.dll
+ 2010-08-07 13:07 . 2009-05-26 11:40        765304              c:\windows\$hf_mig$\KB978601\update\update.exe
+ 2010-08-07 13:07 . 2008-07-08 13:00        234872              c:\windows\$hf_mig$\KB978601\spuninst.exe
+ 2009-12-24 06:42 . 2009-12-24 06:42        178176              c:\windows\$hf_mig$\KB978601\SP3QFE\wintrust.dll
+ 2010-08-07 13:06 . 2009-05-26 11:40        388984              c:\windows\$hf_mig$\KB978542\update\updspapi.dll
+ 2010-08-07 13:06 . 2009-05-26 11:40        765304              c:\windows\$hf_mig$\KB978542\update\update.exe
+ 2010-08-07 13:06 . 2009-05-26 11:40        234872              c:\windows\$hf_mig$\KB978542\spuninst.exe
+ 2010-01-29 14:53 . 2010-01-29 14:53        691712              c:\windows\$hf_mig$\KB978542\SP3QFE\inetcomm.dll
+ 2010-08-07 13:16 . 2009-05-26 11:40        388984              c:\windows\$hf_mig$\KB978338\update\updspapi.dll
+ 2010-08-07 13:16 . 2009-05-26 11:40        765304              c:\windows\$hf_mig$\KB978338\update\update.exe
+ 2010-08-07 13:16 . 2009-05-26 11:40        234872              c:\windows\$hf_mig$\KB978338\spuninst.exe
+ 2010-02-11 11:36 . 2010-02-11 11:36        226880              c:\windows\$hf_mig$\KB978338\SP3QFE\tcpip6.sys
+ 2010-02-12 04:28 . 2010-02-12 04:28        100864              c:\windows\$hf_mig$\KB978338\SP3QFE\6to4svc.dll
+ 2010-08-07 13:16 . 2009-05-26 11:40        388984              c:\windows\$hf_mig$\KB978037\update\updspapi.dll
+ 2010-08-07 13:16 . 2009-05-26 11:40        765304              c:\windows\$hf_mig$\KB978037\update\update.exe
+ 2010-08-07 13:16 . 2009-05-26 11:40        234872              c:\windows\$hf_mig$\KB978037\spuninst.exe
+ 2010-08-07 13:07 . 2009-05-26 11:40        388984              c:\windows\$hf_mig$\KB977914\update\updspapi.dll
+ 2010-08-07 13:07 . 2009-05-26 11:40        765304              c:\windows\$hf_mig$\KB977914\update\update.exe
+ 2010-08-07 13:07 . 2009-05-26 11:40        234872              c:\windows\$hf_mig$\KB977914\spuninst.exe
+ 2010-08-07 13:07 . 2009-05-26 11:40        388984              c:\windows\$hf_mig$\KB977816\update\updspapi.dll
+ 2010-08-07 13:07 . 2009-05-26 11:40        765304              c:\windows\$hf_mig$\KB977816\update\update.exe
+ 2010-08-07 13:07 . 2009-05-26 11:40        234872              c:\windows\$hf_mig$\KB977816\spuninst.exe
+ 2010-08-07 13:16 . 2009-05-26 11:40        388984              c:\windows\$hf_mig$\KB975713\update\updspapi.dll
+ 2010-08-07 13:16 . 2009-05-26 11:40        765304              c:\windows\$hf_mig$\KB975713\update\update.exe
+ 2010-08-07 13:16 . 2009-05-26 11:40        234872              c:\windows\$hf_mig$\KB975713\spuninst.exe
+ 2009-12-08 09:01 . 2009-12-08 09:01        474624              c:\windows\$hf_mig$\KB975713\SP3QFE\shlwapi.dll
+ 2010-08-07 13:06 . 2009-05-26 11:40        388984              c:\windows\$hf_mig$\KB975562\update\updspapi.dll
+ 2010-08-07 13:06 . 2009-05-26 11:40        765304              c:\windows\$hf_mig$\KB975562\update\update.exe
+ 2010-08-07 13:06 . 2008-07-08 13:00        234872              c:\windows\$hf_mig$\KB975562\spuninst.exe
+ 2010-08-07 13:08 . 2009-05-26 15:10        388984              c:\windows\$hf_mig$\KB975561\update\updspapi.dll
+ 2010-08-07 13:08 . 2009-05-26 11:40        765304              c:\windows\$hf_mig$\KB975561\update\update.exe
+ 2010-08-07 13:08 . 2008-07-08 13:00        234872              c:\windows\$hf_mig$\KB975561\spuninst.exe
+ 2010-08-07 13:07 . 2009-05-26 11:40        388984              c:\windows\$hf_mig$\KB975560\update\updspapi.dll
+ 2010-08-07 13:07 . 2009-05-26 11:40        765304              c:\windows\$hf_mig$\KB975560\update\update.exe
+ 2010-08-07 13:07 . 2009-05-26 11:40        234872              c:\windows\$hf_mig$\KB975560\spuninst.exe
+ 2010-08-07 13:16 . 2008-07-08 13:00        388984              c:\windows\$hf_mig$\KB972270\update\updspapi.dll
+ 2010-08-07 13:16 . 2008-07-08 13:00        765304              c:\windows\$hf_mig$\KB972270\update\update.exe
+ 2010-08-07 13:16 . 2008-07-08 13:00        234872              c:\windows\$hf_mig$\KB972270\spuninst.exe
+ 2010-08-05 14:01 . 2009-10-15 16:38        119808              c:\windows\$hf_mig$\KB972270\SP3QFE\t2embed.dll
+ 2010-08-07 13:17 . 2009-05-26 15:10        388984              c:\windows\$hf_mig$\KB955759\update\updspapi.dll
+ 2010-08-07 13:17 . 2009-05-26 11:40        765304              c:\windows\$hf_mig$\KB955759\update\update.exe
+ 2010-08-07 13:17 . 2009-05-26 11:40        234872              c:\windows\$hf_mig$\KB955759\spuninst.exe
+ 2010-08-05 14:01 . 2009-11-21 15:42        471552              c:\windows\$hf_mig$\KB955759\SP3QFE\aclayers.dll
+ 2010-08-07 13:06 . 2010-02-22 14:22        388984              c:\windows\$hf_mig$\KB2286198\update\updspapi.dll
+ 2010-08-07 13:06 . 2010-02-22 14:22        765304              c:\windows\$hf_mig$\KB2286198\update\update.exe
+ 2010-08-07 13:06 . 2010-02-22 14:22        234872              c:\windows\$hf_mig$\KB2286198\spuninst.exe
+ 2010-08-07 13:16 . 2010-02-22 17:52        388984              c:\windows\$hf_mig$\KB2229593\update\updspapi.dll
+ 2010-08-07 13:16 . 2010-02-22 14:21        765304              c:\windows\$hf_mig$\KB2229593\update\update.exe
+ 2010-08-07 13:16 . 2009-05-26 11:40        234872              c:\windows\$hf_mig$\KB2229593\spuninst.exe
+ 2010-08-05 14:01 . 2010-06-14 14:38        744448              c:\windows\$hf_mig$\KB2229593\SP3QFE\helpsvc.exe
+ 2009-06-26 14:36 . 2010-04-06 02:52        2462720              c:\windows\system32\WMVCore.dll
+ 2009-06-26 14:22 . 2010-05-02 08:05        1851392              c:\windows\system32\win32k.sys
- 2009-06-26 14:22 . 2009-10-29 07:41        1168384              c:\windows\system32\urlmon.dll
+ 2009-06-26 14:22 . 2010-05-04 17:14        1168384              c:\windows\system32\urlmon.dll
+ 2009-06-26 14:22 . 2010-07-27 06:29        8503296              c:\windows\system32\shell32.dll
+ 2009-06-26 14:22 . 2010-02-05 18:25        1297408              c:\windows\system32\quartz.dll
+ 2009-06-26 14:30 . 2010-02-16 19:04        2148864              c:\windows\system32\ntoskrnl.exe
+ 2008-04-14 07:30 . 2010-02-16 19:04        2027008              c:\windows\system32\ntkrnlpa.exe
+ 2009-06-26 14:23 . 2010-05-04 17:14        3600384              c:\windows\system32\mshtml.dll
+ 2007-08-13 16:54 . 2010-05-04 17:14        6067200              c:\windows\system32\ieframe.dll
- 2007-08-13 16:54 . 2009-10-29 07:40        6067200              c:\windows\system32\ieframe.dll
+ 2009-06-26 14:36 . 2010-04-06 02:52        2462720              c:\windows\system32\dllcache\WMVCore.dll
+ 2009-06-26 14:22 . 2010-05-02 08:05        1851392              c:\windows\system32\dllcache\win32k.sys
+ 2009-06-26 14:22 . 2010-05-04 17:14        1168384              c:\windows\system32\dllcache\urlmon.dll
- 2009-06-26 14:22 . 2009-10-29 07:41        1168384              c:\windows\system32\dllcache\urlmon.dll
+ 2009-06-26 14:22 . 2010-07-27 06:29        8503296              c:\windows\system32\dllcache\shell32.dll
+ 2009-06-26 14:22 . 2010-02-05 18:25        1297408              c:\windows\system32\dllcache\quartz.dll
+ 2009-09-18 14:08 . 2010-02-17 12:04        2192256              c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-09-18 14:08 . 2010-02-16 19:04        2027008              c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-10 17:03 . 2010-02-16 19:04        2069120              c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-09-18 14:08 . 2010-02-16 19:04        2148864              c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-09-18 19:16 . 2010-01-29 14:59        1315328              c:\windows\system32\dllcache\msoe.dll
- 2009-09-18 19:16 . 2009-07-10 13:26        1315328              c:\windows\system32\dllcache\msoe.dll
+ 2009-06-26 14:23 . 2010-05-04 17:14        3600384              c:\windows\system32\dllcache\mshtml.dll
- 2009-09-18 19:16 . 2008-04-14 12:00        3558912              c:\windows\system32\dllcache\moviemk.exe
+ 2009-09-18 19:16 . 2009-10-23 15:28        3558912              c:\windows\system32\dllcache\moviemk.exe
- 2009-09-18 15:03 . 2009-10-29 07:40        6067200              c:\windows\system32\dllcache\ieframe.dll
+ 2009-09-18 15:03 . 2010-05-04 17:14        6067200              c:\windows\system32\dllcache\ieframe.dll
+ 2009-11-06 23:06 . 2009-11-06 23:06        1130824              c:\windows\system32\dfshim.dll
+ 2010-04-07 21:48 . 2010-04-07 21:48        5967872              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
- 2008-11-25 02:59 . 2008-11-25 02:59        5242880              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 03:32 . 2010-03-23 03:32        5242880              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 03:32 . 2010-03-23 03:32        3182592              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2010-04-01 09:42 . 2010-04-01 09:42        1265664              c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2008-05-28 00:35 . 2008-05-28 00:35        1265664              c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2008-05-28 00:35 . 2008-05-28 00:35        1232896              c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2010-04-01 09:42 . 2010-04-01 09:42        1232896              c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2008-05-27 23:48 . 2008-05-27 23:48        2514944              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-03-31 12:50 . 2010-03-31 12:50        2514944              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-03-31 12:50 . 2010-03-31 12:50        2527232              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2010-04-01 09:42 . 2010-04-01 09:42        2142208              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2008-05-27 23:43 . 2008-05-27 23:43        2142208              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-04-11 20:17 . 2010-04-11 20:17        2607104              c:\windows\Installer\e33692.msp
+ 2010-04-11 20:17 . 2010-04-11 20:17        4210688              c:\windows\Installer\e33691.msp
+ 2009-11-08 22:25 . 2009-11-08 22:25        1935360              c:\windows\Installer\540b9ba.msp
+ 2010-08-05 15:07 . 2009-10-29 07:41        1168384              c:\windows\ie7updates\KB982381-IE7\urlmon.dll
+ 2010-08-05 15:07 . 2009-10-29 07:41        3598336              c:\windows\ie7updates\KB982381-IE7\mshtml.dll
+ 2010-08-05 15:07 . 2009-10-29 07:40        6067200              c:\windows\ie7updates\KB982381-IE7\ieframe.dll
+ 2009-09-18 14:08 . 2010-02-17 12:04        2192256              c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-09-18 14:08 . 2010-02-16 19:04        2027008              c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-10 17:03 . 2010-02-16 19:04        2069120              c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-09-18 14:08 . 2010-02-16 19:04        2148864              c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-08-07 13:18 . 2010-08-07 13:18        1966080              c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_a90c7409\System.dll
+ 2010-08-07 13:19 . 2010-08-07 13:19        4792320              c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_7d65d340\System.dll
+ 2010-08-07 13:20 . 2010-08-07 13:20        5513216              c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_acf52bc9\System.Xml.dll
+ 2010-08-07 13:19 . 2010-08-07 13:19        2088960              c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_74caf9ea\System.Xml.dll
+ 2010-08-07 13:18 . 2010-08-07 13:18        3018752              c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_b3f7ca5b\System.Windows.Forms.dll
+ 2010-08-07 13:19 . 2010-08-07 13:19        7884800              c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_1ee62eac\System.Windows.Forms.dll
+ 2010-08-07 13:20 . 2010-08-07 13:20        2244608              c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_8ceb0cb0\System.Drawing.dll
+ 2010-08-07 13:19 . 2010-08-07 13:19        1470464              c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_b36026ff\System.Design.dll
+ 2010-08-07 13:20 . 2010-08-07 13:20        3395584              c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_985a03f1\System.Design.dll
+ 2010-08-07 13:19 . 2010-08-07 13:19        3391488              c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_88f407bf\mscorlib.dll
+ 2010-08-07 13:20 . 2010-08-07 13:20        8908800              c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_40351960\mscorlib.dll
+ 2010-08-07 13:13 . 2010-08-07 13:13        3325440              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d63164ac4ed5adabc6a1b0fdf07eee05\WindowsBase.ni.dll
+ 2010-08-07 13:17 . 2010-08-07 13:17        1049600              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\d8549ce90b26cdc3071224ab6f020189\UIAutomationClientsideProviders.ni.dll
+ 2010-08-05 15:14 . 2010-08-05 15:14        7946240              c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2AB.tmp\System.dll
+ 2010-08-06 12:40 . 2010-08-06 12:40        7949824              c:\windows\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
+ 2010-08-06 12:48 . 2010-08-06 12:48        5450752              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
+ 2010-08-06 13:20 . 2010-08-06 13:20        1356288              c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\016b75f60a18535c8d6b3e5d861ab559\System.WorkflowServices.ni.dll
+ 2010-08-06 13:20 . 2010-08-06 13:20        1908224              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6dacae37d337004345518976fb57099e\System.Workflow.Runtime.ni.dll
+ 2010-08-06 13:20 . 2010-08-06 13:20        4514304              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c7b832bbc5bb11c6c7f128c801ce90d7\System.Workflow.ComponentModel.ni.dll
+ 2010-08-06 13:20 . 2010-08-06 13:20        2992640              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\b9ea6ea910293cd6f13f765775867ebd\System.Workflow.Activities.ni.dll
+ 2010-08-06 13:20 . 2010-08-06 13:20        1840640              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8ef8d556899a4a10b7f288a80925489f\System.Web.Services.ni.dll
+ 2010-08-06 13:20 . 2010-08-06 13:20        2209280              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\5dfda43f1991ee6ba345d62b2be4801c\System.Web.Mobile.ni.dll
+ 2010-08-06 13:19 . 2010-08-06 13:19        2403328              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f08b3b8cdf548e3dfe61f342536175eb\System.Web.Extensions.ni.dll
+ 2010-08-06 12:47 . 2010-08-06 12:47        1917952              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2d6a5dbee4506bf643b853e41668afa3\System.Speech.ni.dll
+ 2010-08-06 13:18 . 2010-08-06 13:18        1706496              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\169fe0ad9d59982a2a6b89779c09885b\System.ServiceModel.Web.ni.dll
+ 2010-08-06 13:11 . 2010-08-06 13:11        2345472              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8b2710a63ecd363315ef16b257588b95\System.Runtime.Serialization.ni.dll
+ 2010-08-07 13:17 . 2010-08-07 13:17        1035264              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\af217ef58e5558991f331d482c2bdba6\System.Printing.ni.dll
+ 2010-08-06 13:11 . 2010-08-06 13:11        1070080              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\ad4fb86064d7a1ebcb9ee997e7208ac1\System.IdentityModel.ni.dll
+ 2010-08-06 12:47 . 2010-08-06 12:47        1587200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll
+ 2010-08-06 13:18 . 2010-08-06 13:18        1116672              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7deab2494d53763cd83c567e71e0d8e0\System.DirectoryServices.ni.dll
+ 2010-08-06 13:18 . 2010-08-06 13:18        1801216              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\b81efadfee7702624b713c6d86f7e369\System.Deployment.ni.dll
+ 2010-08-06 12:46 . 2010-08-06 12:46        6616576              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\50130ef751b98a4a11bd4ab73af7cab5\System.Data.ni.dll
+ 2010-08-06 13:14 . 2010-08-06 13:14        2510336              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f71abf392c5ca05a4e46a5d1c4c72856\System.Data.SqlXml.ni.dll
+ 2010-08-06 13:17 . 2010-08-06 13:17        1328128              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\5e6311aff5ada83d0f854922fa62faf6\System.Data.Services.ni.dll
+ 2010-08-06 12:46 . 2010-08-06 12:46        2516480              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3ba3367d03779ad6e76c5d4cdfe572a\System.Data.Linq.ni.dll
+ 2010-08-06 13:17 . 2010-08-06 13:17        9924096              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6abf820d8ec57a0561c3367727d274df\System.Data.Entity.ni.dll
+ 2010-08-06 12:46 . 2010-08-06 12:46        2295296              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e98726349766935ec0e9b980f19a046a\System.Core.ni.dll
+ 2010-08-07 13:17 . 2010-08-07 13:17        2128896              c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\57abb757c1f38586390dcc63bf056322\ReachFramework.ni.dll
+ 2010-08-07 13:17 . 2010-08-07 13:17        1657856              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\0095ba60255d4addaf5b8ebee697a027\PresentationUI.ni.dll
+ 2010-08-06 12:41 . 2010-08-06 12:41        1451008              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\20ef773b20f6ce721ae60e5c2c2e8f80\PresentationBuildTasks.ni.dll
+ 2010-08-06 13:14 . 2010-08-06 13:14        1712128              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\935b855860088a86bb65d37a19f059cc\Microsoft.VisualBasic.ni.dll
+ 2010-08-06 13:13 . 2010-08-06 13:13        1093120              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7a266de493d30eed21cb60ebe300be53\Microsoft.Transactions.Bridge.ni.dll
+ 2010-08-06 13:18 . 2010-08-06 13:18        2332160              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\9db8f9f7fe63ca4451bb5316a3ebb009\Microsoft.JScript.ni.dll
+ 2010-08-06 13:14 . 2010-08-06 13:14        1966080              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\c96be82d6cb00367db4e3553272165ef\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-08-06 13:14 . 2010-08-06 13:14        1620992              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3815de5b052187b5d9375681a6784255\Microsoft.Build.Tasks.ni.dll
+ 2010-08-06 13:14 . 2010-08-06 13:14        1888768              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\43fc6723d08e9ce88701c29653efd224\Microsoft.Build.Engine.ni.dll
+ 2010-08-07 13:13 . 2010-08-07 13:13        1249280              c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        3182592              c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        2048000              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-12-02 15:33 . 2009-12-02 15:33        2048000              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-08-07 13:11 . 2010-08-07 13:11        5025792              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-12-02 15:32 . 2009-12-02 15:32        5025792              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-08-05 15:14 . 2010-08-05 15:14        5967872              c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2009-12-02 15:32 . 2009-12-02 15:32        5062656              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        5062656              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-08-07 13:13 . 2010-08-07 13:13        5279744              c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2010-08-07 13:11 . 2010-08-07 13:11        5242880              c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-12-02 15:32 . 2009-12-02 15:32        5242880              c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-12-02 15:33 . 2009-12-02 15:33        2933248              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        2933248              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-09-21 12:01 . 2009-09-21 12:01        4210688              c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-08-07 13:13 . 2010-08-07 13:13        4210688              c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2009-12-02 15:33 . 2009-12-02 15:33        4546560              c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-08-07 13:12 . 2010-08-07 13:12        4546560              c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-12-02 15:23 . 2009-12-02 15:23        1232896              c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-08-07 13:18 . 2010-08-07 13:18        1232896              c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-08-07 13:18 . 2010-08-07 13:18        1265664              c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-12-02 15:23 . 2009-12-02 15:23        1265664              c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-08-07 13:18 . 2009-08-04 17:26        2147840              c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
+ 2010-08-07 13:18 . 2009-08-04 17:25        2026496              c:\windows\$NtUninstallKB979683$\ntkrpamp.exe
+ 2010-08-07 13:18 . 2009-08-04 17:25        2026496              c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
+ 2010-08-07 13:18 . 2009-08-04 17:26        2147840              c:\windows\$NtUninstallKB979683$\ntkrnlmp.exe
+ 2010-08-07 13:07 . 2009-08-14 15:10        1850752              c:\windows\$NtUninstallKB979559$\win32k.sys
+ 2010-08-07 13:07 . 2009-05-20 02:56        2458112              c:\windows\$NtUninstallKB978695_WM9$\wmvcore.dll
+ 2010-08-07 13:06 . 2009-07-10 13:26        1315328              c:\windows\$NtUninstallKB978542$\msoe.dll
+ 2010-08-07 13:06 . 2009-06-03 19:09        1296896              c:\windows\$NtUninstallKB975562$\quartz.dll
+ 2010-08-07 13:08 . 2008-04-14 12:00        3558912              c:\windows\$NtUninstallKB975561$\moviemk.exe
+ 2010-08-07 13:06 . 2008-06-17 19:00        8502272              c:\windows\$NtUninstallKB2286198$\shell32.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48        1171968              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\urlmon.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48        3603456              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\mshtml.dll
+ 2010-05-04 16:48 . 2010-05-04 16:48        6071296              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieframe.dll
+ 2010-08-05 14:01 . 2009-06-29 08:33        2452872              c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\ieapfltr.dat
+ 2010-08-05 14:01 . 2010-02-16 18:58        2192384              c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
+ 2010-08-05 14:01 . 2010-02-16 18:58        2027008              c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrpamp.exe
+ 2010-08-05 14:01 . 2010-02-16 18:58        2069248              c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
+ 2010-08-05 14:01 . 2010-02-16 18:58        2148864              c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlmp.exe
+ 2010-05-02 08:00 . 2010-05-02 08:00        1860480              c:\windows\$hf_mig$\KB979559\SP3QFE\win32k.sys
+ 2010-01-29 14:53 . 2010-01-29 14:53        1315328              c:\windows\$hf_mig$\KB978542\SP3QFE\msoe.dll
+ 2010-02-05 18:28 . 2010-02-05 18:28        1297408              c:\windows\$hf_mig$\KB975562\SP3QFE\quartz.dll
+ 2010-08-05 14:01 . 2009-10-23 14:53        3558912              c:\windows\$hf_mig$\KB975561\SP3QFE\moviemk.exe
+ 2009-11-27 17:23 . 2009-11-27 17:23        1297408              c:\windows\$hf_mig$\KB975560\SP3QFE\quartz.dll
+ 2010-07-27 06:27 . 2010-07-27 06:27        8504320              c:\windows\$hf_mig$\KB2286198\SP3QFE\shell32.dll
+ 2009-09-18 14:47 . 2010-07-02 10:39        34045896              c:\windows\system32\MRT.exe
+ 2010-04-02 17:29 . 2010-04-02 17:29        11413504              c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp
+ 2010-04-11 20:17 . 2010-04-11 20:17        14599680              c:\windows\Installer\e336a0.msp
+ 2010-04-02 10:30 . 2010-04-02 10:30        17456640              c:\windows\Installer\540b9de.msp
+ 2010-03-30 23:23 . 2010-03-30 23:23        15638528              c:\windows\Installer\540b9c6.msp
+ 2010-08-06 12:48 . 2010-08-06 12:48        12430848              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll
+ 2010-08-06 13:19 . 2010-08-06 13:19        11797504              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da92e212a374232c2\System.Web.ni.dll
+ 2010-08-06 13:13 . 2010-08-06 13:13        17403904              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8b74f2fe3f3632f95ff4ddb8c4839a1e\System.ServiceModel.ni.dll
+ 2010-08-06 12:47 . 2010-08-06 12:47        10683392              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f352c5cb50bee105e4c873ca050f9f46\System.Design.ni.dll
+ 2010-08-07 13:16 . 2010-08-07 13:16        14328320              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\560662ada034afb6ec78a152bd9a47b5\PresentationFramework.ni.dll
+ 2010-08-07 13:15 . 2010-08-07 13:15        12215808              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9f5dff344ac6ac923b5ade8ba1ab9382\PresentationCore.ni.dll
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programme\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\programme\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-07-15 33636352]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-09-21 148888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\***\Startmen\Programme\Autostart\
OpenOffice.org 3.1.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Windows Search.lnk - c:\programme\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Warcraft III\\Warcraft III.exe"=

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [18.09.2009 16:26 1381632]
S3 gUSBSTOi;gUSBSTOi;\??\c:\dokume~1\***\LOKALE~1\Temp\gUSBSTOi.sys --> c:\dokume~1\***\LOKALE~1\Temp\gUSBSTOi.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06.12.2009 18:12 717296]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\165y198c.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
.
Zeit der Fertigstellung: 2010-10-05  22:45:37
ComboFix-quarantined-files.txt  2010-10-05 20:45
ComboFix2.txt  2010-08-04 21:20

Vor Suchlauf: 9 Verzeichnis(se), 115.811.844.096 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 115.825.897.472 Bytes frei

- - End Of File - - F076009243534A0D2A203EDF959E154C
--- --- ---

cosinus 06.10.2010 10:04
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=

Driver::
gUSBSTOi
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Demonico 06.10.2010 19:41
Sohooo here we go:

[code]
Combofix Logfile:
Code:
ComboFix 10-10-05.06 - Dome 06.10.2010  20:10:10.3.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1015.568 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Dome\Desktop\Cofi.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Dome\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GUSBSTOI
-------\Service_gUSBSTOi


(((((((((((((((((((((((  Dateien erstellt von 2010-09-06 bis 2010-10-06  ))))))))))))))))))))))))))))))
.

2010-10-05 20:28 . 2010-10-05 20:28        --------        d-----w-        c:\programme\CCleaner
2010-10-04 19:03 . 2010-10-04 19:03        --------        d-----w-        c:\dokumente und einstellungen\Dome\Anwendungsdaten\Uniblue

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-11 20:15 . 2009-11-29 11:58        1        ----a-w-        c:\dokumente und einstellungen\Dome\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-07 13:12 . 2009-06-26 14:36        477784        ----a-w-        c:\windows\system32\perfh007.dat
2010-08-07 13:12 . 2009-06-26 14:36        92164        ----a-w-        c:\windows\system32\perfc007.dat
.

(((((((((((((((((((((((((((((  SnapShot_2010-10-05_20.43.38  )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-06 18:14 . 2010-10-06 18:14        16384              c:\windows\Temp\Perflib_Perfdata_540.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programme\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\programme\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-07-15 33636352]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-09-21 148888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\Dome\Startmen\Programme\Autostart\
OpenOffice.org 3.1.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Windows Search.lnk - c:\programme\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Warcraft III\\Warcraft III.exe"=

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [18.09.2009 16:26 1381632]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06.12.2009 18:12 717296]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\dokumente und einstellungen\Dome\Anwendungsdaten\Mozilla\Firefox\Profiles\165y198c.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'explorer.exe'(2700)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Java\jre6\bin\jqs.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\programme\OpenOffice.org 3\program\soffice.exe
c:\programme\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-10-06  20:18:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-10-06 18:18
ComboFix2.txt  2010-10-05 20:45
ComboFix3.txt  2010-08-04 21:20

Vor Suchlauf: 10 Verzeichnis(se), 116.074.700.800 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 116.058.734.592 Bytes frei

- - End Of File - - A063CCDF8FBE27B3884C881AF7D7E912
--- --- ---


Gruß
Demonico

cosinus 06.10.2010 20:34
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. (das letzte GMER Log ist auch schon 2 Monate alt :rolleyes: )
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:30 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131