Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Ordner werden nur mehr als Verknüpfungen angezeigt (https://www.trojaner-board.de/99092-ordner-nur-mehr-verknuepfungen-angezeigt.html)

rere1588 14.05.2011 23:25
Ordner werden nur mehr als Verknüpfungen angezeigt
 
Grüss euch...

folgendes problem...ich hab anscheinend ein ähnliches problem wie bei:
http://www.trojaner-board.de/98579-n...angezeigt.html

Genau wie bei ihm werden bei mir die Ordner nur mehr als Verknüpfungen angezeigt(auf 1 externen festplatte). Die sache ist nur ich habe 3 festplatten angesteckt und bei denen ist nichts.
Wie ich gelesen habe konnten die Daten aber wiederhergestellt werden bei ihm bzw. sie sind ja eigentlich gar nicht weg sie werden nur nicht angezeigt oder täusche ich mich da?. Jetzt ist aber folgendes Problem bei mir funktioniert die gleiche methode nicht :(
hab flash disinfektor ausgeführt -> ohne probleme half nur eben nichts

dann habe ich combofix ausgeführt wobei bei combofix hab ich das problem das er mir kein log erstellt, denn bevor er das log macht denk ich halt so bei schritt 50 schaltet sich der pc einfach aus??? komisch naja vielleicht hätt ich das auch gar nicht machen sollen keine ahnung in der richtung kenn i mi zu wenig aus...jetzt aber schon egal habs e schon gemacht XD

was ausserdem komisch ist wenn ich die genannte festplatte anstecke und den pc einschalte wars vor 3 wochen glaub ich , da ist der pc gar nicht mehr hochgefahren sondern beim windowsladebildschirm hat er sich immer aufgehängt und neugestartet IMMER da half auch kein abgesicherter modus oder sonst was? Naja egal jedenfalls hab ich die festplatte dann abgesteckt und siehe da start von windows ohne problem ?! -> check ich auch nicht

Seitdem hab ich einige sachen gemacht von virencheck bis malewarebytes bis spybot...
naja jedenfalls machts ihm jetzt nichts mehr wenn die festplatte eingesteckt ist, naja wenigstens was :)

jetzt hab ich gegoogelt und folgendes gefunden:
hxxp://www.syscast.de/syscast/tag/virus
(keine ahnung bei dem link macht er mir immer aus tt xx)
das hab ich allerdings nicht gemacht weil ich nicht verstehe was unter schritt 2 gemacht wird bzw. was das für ein befehl sein soll XD

naja ich hoffe ihr könnt mir genauso helfen demjenigen im anderen thema :)
hört sich ja ziemlich gleich an das problem mit der festplatte...

mfg rene

cosinus 15.05.2011 12:41
Zitat:
komisch naja vielleicht hätt ich das auch gar nicht machen sollen keine ahnung
Deswegen sollte man mal vllt vorher hier lesen => http://www.trojaner-board.de/images/icons/icon4.gif Bitte beachten http://www.trojaner-board.de/images/icons/icon4.gif => http://www.trojaner-board.de/95173-b...es-posten.html und http://www.trojaner-board.de/69886-a...-beachten.html

http://www.trojaner-board.de/images/icons/icon4.gif Einen ganz klaren Hinweis gibt es auch zu http://www.trojaner-board.de/95175-combofix.html http://www.trojaner-board.de/images/icons/icon4.gif
Zitat:

Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

rere1588 20.05.2011 15:04
Hallo nochmal...jop sry das ich das gemacht hab hab anscheinend zu wenig durchgelesen.
Sodalle folgendes i hab mein Pc jetzt formatiert (hatte auch ein internet problem), jetzt geht aber wieder alles. Zu meiner Festplatte keine Ahnung is aber total witzig während dem Scan mit Otl werden ja anscheinend alle Datein angezeigt die möglich sind und siehe da alle meine Ordner sind da XD hab sogar alles was sehr wichtig ist schon rüber kopiert. Nach dem Scan ist halt alles wieder unsichtbar...
Ganz check ichs aber trotzdem nicht denn i hab versucht in Systemsteuerung alle Daten anzeigen angeklickt witzigerweise die auf der Festplatte zeigt er dann trotzdem nicht an ??? komisch...es ist jedenfalls alles da nur eben nicht angezeigt komisch ...

naja hier mal die OTL:OTL Logfile:
OTL EXTRAS Logfile:
Code:
OTL logfile created on: 20.05.2011 15:44:40 - Run 2
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Dokumente und Einstellungen\rere\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 34,18 Gb Total Space | 24,84 Gb Free Space | 72,68% Space Free | Partition Type: NTFS
Drive D: | 114,86 Gb Total Space | 104,31 Gb Free Space | 90,82% Space Free | Partition Type: NTFS
Drive E: | 1397,27 Gb Total Space | 82,47 Gb Free Space | 5,90% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 286,16 Gb Free Space | 61,44% Space Free | Partition Type: NTFS
Drive G: | 279,47 Gb Total Space | 77,70 Gb Free Space | 27,80% Space Free | Partition Type: NTFS
Drive H: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: RENEN | User Name: rere | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\rere\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Programme\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
PRC - D:\Programme\OO Software\Defrag\oodag.exe (O&O Software GmbH)
PRC - D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - D:\Spiele\Battlefield Bad Company 2\BFBC2Updater.exe (EA Digital Illusions CE AB)
PRC - D:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - D:\Programme\Musicmatch\mmtask.exe (Musicmatch Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\rere\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (OODefragAgent) -- D:\Programme\OO Software\Defrag\oodag.exe (O&O Software GmbH)
SRV - (AntiVirService) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (NBService) -- D:\Programme\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (EverestDriver) -- D:\Programme\Lavalys\EVEREST Ultimate Edition\kerneld.wnt ()
DRV - (avgio) -- D:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.27.2
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: d:\Programme\Mozilla Firefox\components [2011.05.20 14:14:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: d:\Programme\Mozilla Firefox\plugins [2011.05.20 15:29:00 | 000,000,000 | ---D | M]
 
[2011.05.15 17:24:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\rere\Anwendungsdaten\Mozilla\Extensions
[2011.05.20 15:29:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\rere\Anwendungsdaten\Mozilla\Firefox\Profiles\mhl73izv.default\extensions
[2011.05.20 14:14:43 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Dokumente und Einstellungen\rere\Anwendungsdaten\Mozilla\Firefox\Profiles\mhl73izv.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010.10.31 19:22:32 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2011.05.20 14:01:13 | 000,434,604 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com

----------------------------------------------------------------------
Hier die Extras Datei:

OTL Extras logfile created on: 20.05.2011 15:44:40 - Run 2
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Dokumente und Einstellungen\rere\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 34,18 Gb Total Space | 24,84 Gb Free Space | 72,68% Space Free | Partition Type: NTFS
Drive D: | 114,86 Gb Total Space | 104,31 Gb Free Space | 90,82% Space Free | Partition Type: NTFS
Drive E: | 1397,27 Gb Total Space | 82,47 Gb Free Space | 5,90% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 286,16 Gb Free Space | 61,44% Space Free | Partition Type: NTFS
Drive G: | 279,47 Gb Total Space | 77,70 Gb Free Space | 27,80% Space Free | Partition Type: NTFS
Drive H: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: RENEN | User Name: rere | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26654:TCP" = 26654:TCP:*:Enabled:BitComet 26654 TCP
"26654:UDP" = 26654:UDP:*:Enabled:BitComet 26654 UDP
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"J:\STHIW\stInstall.exe" = J:\STHIW\stInstall.exe:*:Enabled:SpeedTouch Home Install Wizard
"D:\Spiele\Portal 2\portal2.exe" = D:\Spiele\Portal 2\portal2.exe:*:Disabled:portal2
"D:\Spiele\Battlefield Bad Company 2\BFBC2Updater.exe" = D:\Spiele\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)
"D:\Programme\BitComet\BitComet.exe" = D:\Programme\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- (www.BitComet.com)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300" = Canon iP4300
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2DD388FF-6422-43C9-86A1-C7A99C83E946}" = ASUS nVidia Driver
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{40261D0A-A385-4C1A-A7DE-5F270D9B1031}" = Nero 7 Ultra Edition
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{E29CFB36-F070-4612-8DB5-7038161B6294}" = O&O Defrag Free Edition
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F972403C-BFE4-49EB-82B8-10D0FDBD1BB1}" = VirtualDJ Home FREE
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitComet" = BitComet 1.27
"Canon iP4300 Benutzerregistrierung" = Canon iP4300 Benutzerregistrierung
"Canon Setup Utility 2.3" = Canon Setup Utility 2.3
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"NVIDIA Drivers" = NVIDIA Drivers
"PunkBusterSvc" = PunkBuster Services
"Windows XP Service Pack" = Windows XP Service Pack 3
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.05.2011 10:49:35 | Computer Name = RENEN | Source = MsiInstaller | ID = 1014
Description = Die Windows Installer-Proxyinformationen sind nicht korrekt registriert.
 
Error - 15.05.2011 11:16:12 | Computer Name = RENEN | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung msoobe.exe, Version 5.1.2600.5512, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 15.05.2011 13:26:06 | Computer Name = RENEN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
 Modul swflash.ocx, Version 5.0.42.0, Fehleradresse 0x000442d3.
 
Error - 15.05.2011 13:26:08 | Computer Name = RENEN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung drwtsn32.exe, Version 5.1.2600.0, fehlgeschlagenes
 Modul dbghelp.dll, Version 5.1.2600.5512, Fehleradresse 0x0001295d.
 
Error - 15.05.2011 13:26:24 | Computer Name = RENEN | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ System Events ]
Error - 15.05.2011 11:14:20 | Computer Name = RENEN | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly ist für Microsoft.VC90.CRT fehlgeschlagen.
Referenzfehlermeldung:
 Die referenzierte Assemblierung ist nicht auf dem Computer installiert.  .
 
Error - 15.05.2011 11:14:20 | Computer Name = RENEN | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für D:\Programme\Avira\AntiVir Desktop\avcenter.exe
 fehlgeschlagen.  Referenzfehlermeldung: Der Vorgang wurde erfolgreich beendet.  .
 
Error - 15.05.2011 11:22:59 | Computer Name = RENEN | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
 Peer  "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15
 Minuten  wiederholt.  Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.
 (0x80072751)
 
Error - 15.05.2011 11:22:59 | Computer Name = RENEN | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
 Zeitquellen  konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb  der
 nächsten 15 Minuten wird kein Versuch unternommen, eine Verbindung  mit der Quelle
 herzustellen.  Der NtpClient verfügt über keine Quelle mit genauer Zeit.
 
Error - 15.05.2011 11:27:04 | Computer Name = RENEN | Source = SideBySide | ID = 16842784
Description = Abhängige Assemblierung "Microsoft.VC90.CRT" konnte nicht gefunden
 werden. "Last Error": Die referenzierte Assemblierung ist nicht auf dem Computer
 installiert. 
 
Error - 15.05.2011 11:27:04 | Computer Name = RENEN | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly ist für Microsoft.VC90.CRT fehlgeschlagen.
Referenzfehlermeldung:
 Die referenzierte Assemblierung ist nicht auf dem Computer installiert.  .
 
Error - 15.05.2011 11:27:04 | Computer Name = RENEN | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für C:\DOKUME~1\rere\LOKALE~1\Temp\RarSFX0\redist.dll
 fehlgeschlagen.  Referenzfehlermeldung: Der Vorgang wurde erfolgreich beendet.  .
 
Error - 15.05.2011 12:31:20 | Computer Name = RENEN | Source = SideBySide | ID = 16842784
Description = Abhängige Assemblierung "Microsoft.VC80.CRT" konnte nicht gefunden
 werden. "Last Error": Die referenzierte Assemblierung ist nicht auf dem Computer
 installiert. 
 
Error - 15.05.2011 12:31:20 | Computer Name = RENEN | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly ist für Microsoft.VC80.CRT fehlgeschlagen.
Referenzfehlermeldung:
 Die referenzierte Assemblierung ist nicht auf dem Computer installiert.  .
 
Error - 15.05.2011 12:31:20 | Computer Name = RENEN | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für d:\Programme\Mozilla Firefox\plugins\nppdf32.dll
 fehlgeschlagen.  Referenzfehlermeldung: Der Vorgang wurde erfolgreich beendet.  .
 
 
< End of report >
--- --- ---

--- --- ---

-----------------------------------------------------------------------

Und hier die Mailwarebytes datei:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6625

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20.05.2011 15:02:17
mbam-log-2011-05-20 (15-02-17).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 132192
Laufzeit: 2 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 20.05.2011 15:06
Führe mal dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst - betrifft auch wohl die externe Platte - bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

rere1588 20.05.2011 15:28
Also hier hat er mal nix gefunden ...

2011/05/20 16:27:13.0515 3036 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/20 16:27:13.0796 3036 ================================================================================
2011/05/20 16:27:13.0796 3036 SystemInfo:
2011/05/20 16:27:13.0796 3036
2011/05/20 16:27:13.0796 3036 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/20 16:27:13.0796 3036 Product type: Workstation
2011/05/20 16:27:13.0796 3036 ComputerName: RENEN
2011/05/20 16:27:13.0796 3036 UserName: rere
2011/05/20 16:27:13.0796 3036 Windows directory: C:\WINDOWS
2011/05/20 16:27:13.0796 3036 System windows directory: C:\WINDOWS
2011/05/20 16:27:13.0796 3036 Processor architecture: Intel x86
2011/05/20 16:27:13.0796 3036 Number of processors: 2
2011/05/20 16:27:13.0796 3036 Page size: 0x1000
2011/05/20 16:27:13.0796 3036 Boot type: Normal boot
2011/05/20 16:27:13.0796 3036 ================================================================================
2011/05/20 16:27:14.0203 3036 Initialize success
2011/05/20 16:27:29.0125 3296 ================================================================================
2011/05/20 16:27:29.0125 3296 Scan started
2011/05/20 16:27:29.0125 3296 Mode: Manual;
2011/05/20 16:27:29.0125 3296 ================================================================================
2011/05/20 16:27:29.0812 3296 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/20 16:27:29.0843 3296 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/20 16:27:29.0875 3296 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/20 16:27:29.0906 3296 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
2011/05/20 16:27:30.0031 3296 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/05/20 16:27:30.0171 3296 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/20 16:27:30.0218 3296 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/20 16:27:30.0250 3296 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/20 16:27:30.0296 3296 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/20 16:27:30.0328 3296 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/20 16:27:30.0375 3296 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) D:\Programme\Avira\AntiVir Desktop\avgio.sys
2011/05/20 16:27:30.0406 3296 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/05/20 16:27:30.0437 3296 avipbb (524b9e78e396c00968c5629ed5bbfab0) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/05/20 16:27:30.0468 3296 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/20 16:27:30.0500 3296 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/20 16:27:30.0515 3296 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/20 16:27:30.0531 3296 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/20 16:27:30.0562 3296 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/20 16:27:30.0656 3296 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/20 16:27:30.0703 3296 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/20 16:27:30.0843 3296 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/20 16:27:30.0859 3296 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/20 16:27:30.0906 3296 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/20 16:27:30.0953 3296 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/20 16:27:31.0000 3296 EverestDriver (7e6fe8dc1d0616fc693a7efdc361d8d5) D:\Programme\Lavalys\EVEREST Ultimate Edition\kerneld.wnt
2011/05/20 16:27:31.0046 3296 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/20 16:27:31.0078 3296 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/20 16:27:31.0093 3296 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/20 16:27:31.0109 3296 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/20 16:27:31.0140 3296 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/20 16:27:31.0156 3296 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/20 16:27:31.0171 3296 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/20 16:27:31.0203 3296 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/20 16:27:31.0234 3296 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/20 16:27:31.0250 3296 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/20 16:27:31.0281 3296 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/20 16:27:31.0328 3296 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\drivers\i8042prt.sys
2011/05/20 16:27:31.0359 3296 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/20 16:27:31.0531 3296 IntcAzAudAddService (4716f7ee8fb7fd02596ece1ec70aff53) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/05/20 16:27:31.0578 3296 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/20 16:27:31.0609 3296 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/20 16:27:31.0640 3296 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/20 16:27:31.0656 3296 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/20 16:27:31.0687 3296 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/20 16:27:31.0703 3296 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/20 16:27:31.0718 3296 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/20 16:27:31.0734 3296 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/20 16:27:31.0750 3296 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/20 16:27:31.0796 3296 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/20 16:27:31.0828 3296 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/20 16:27:31.0875 3296 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/20 16:27:31.0906 3296 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/20 16:27:31.0953 3296 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/05/20 16:27:32.0031 3296 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/20 16:27:32.0062 3296 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/20 16:27:32.0078 3296 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/20 16:27:32.0109 3296 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/20 16:27:32.0140 3296 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/20 16:27:32.0171 3296 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/20 16:27:32.0218 3296 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/20 16:27:32.0234 3296 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/20 16:27:32.0250 3296 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/20 16:27:32.0265 3296 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/20 16:27:32.0281 3296 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/20 16:27:32.0328 3296 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys
2011/05/20 16:27:32.0359 3296 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/20 16:27:32.0375 3296 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/20 16:27:32.0390 3296 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/20 16:27:32.0406 3296 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/20 16:27:32.0421 3296 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/20 16:27:32.0437 3296 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/20 16:27:32.0468 3296 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/20 16:27:32.0500 3296 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/20 16:27:32.0515 3296 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/20 16:27:32.0546 3296 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/20 16:27:32.0562 3296 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/20 16:27:32.0812 3296 nv (b9b1bb146eb9a83dcf0f5635b09d3d43) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/20 16:27:33.0078 3296 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/20 16:27:33.0093 3296 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/20 16:27:33.0125 3296 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/20 16:27:33.0156 3296 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
2011/05/20 16:27:33.0171 3296 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/20 16:27:33.0203 3296 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/20 16:27:33.0218 3296 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/20 16:27:33.0250 3296 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/20 16:27:33.0281 3296 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/20 16:27:33.0406 3296 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/20 16:27:33.0421 3296 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/20 16:27:33.0437 3296 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/20 16:27:33.0453 3296 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/20 16:27:33.0546 3296 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/20 16:27:33.0578 3296 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/20 16:27:33.0593 3296 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/20 16:27:33.0609 3296 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/20 16:27:33.0625 3296 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/20 16:27:33.0640 3296 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/20 16:27:33.0671 3296 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/20 16:27:33.0703 3296 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/20 16:27:33.0734 3296 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/20 16:27:33.0796 3296 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/05/20 16:27:33.0828 3296 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/20 16:27:33.0859 3296 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/20 16:27:33.0875 3296 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/20 16:27:33.0906 3296 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/20 16:27:33.0968 3296 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/20 16:27:34.0000 3296 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/20 16:27:34.0031 3296 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/20 16:27:34.0062 3296 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/05/20 16:27:34.0078 3296 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/20 16:27:34.0109 3296 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/20 16:27:34.0171 3296 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/20 16:27:34.0218 3296 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/20 16:27:34.0234 3296 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/20 16:27:34.0265 3296 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/20 16:27:34.0281 3296 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/20 16:27:34.0328 3296 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/20 16:27:34.0359 3296 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/20 16:27:34.0437 3296 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/20 16:27:34.0484 3296 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/20 16:27:34.0484 3296 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/20 16:27:34.0515 3296 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/05/20 16:27:34.0531 3296 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/20 16:27:34.0578 3296 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/20 16:27:34.0593 3296 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/20 16:27:34.0625 3296 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/20 16:27:34.0640 3296 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/20 16:27:34.0687 3296 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/20 16:27:34.0812 3296 ================================================================================
2011/05/20 16:27:34.0812 3296 Scan finished
2011/05/20 16:27:34.0812 3296 ================================================================================

rere1588 20.05.2011 15:32
Soll ich jetzt trotzdem unhide ausführen?
Auf Eigene Datein und so kann ich ganz normal zugreifen ..
mfg

cosinus 20.05.2011 15:46
Ist der Desktophintergrund normal? Alle Dateien sind sichtbar - auch alle Verknüpfungen im Startmenü unter alle Programme?

rere1588 20.05.2011 15:48
Jap alles sonst ganz normal :)

cosinus 20.05.2011 15:53
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

rere1588 20.05.2011 16:03
Also das Programm UNHIDE brauch ich nicht auführen?
nur combofix?

rere1588 20.05.2011 16:19
Alles wird wieder normal angezeigt ;)
Danke Danke Danke :)
is jetzt alles fertig oder soll ich noch was machen ?

mfg
Combofix Logfile:
Code:
ComboFix 11-05-19.01 - rere 20.05.2011  17:13:36.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2046.1641 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\rere\Desktop\Cofi.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
E:\Autorun.inf
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-20 bis 2011-05-20  ))))))))))))))))))))))))))))))
.
.
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"Easy-PrintToolBox"="c:\programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"avgnt"="d:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"RTHDCPL"="RTHDCPL.EXE" [2011-04-14 20053608]
"mmtask"="d:\programme\musicmatch\mmtask.exe" [2004-08-29 53248]
"OODefragTray"="d:\programme\OO Software\Defrag\oodtray.exe" [2011-01-25 2729800]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Microsoft Office.lnk - d:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Spiele\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Programme\\BitComet\\BitComet.exe"=
"d:\\Programme\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26654:TCP"= 26654:TCP:BitComet 26654 TCP
"26654:UDP"= 26654:UDP:BitComet 26654 UDP
.
R2 AntiVirSchedulerService;Avira AntiVir Planer;d:\programme\Avira\AntiVir Desktop\sched.exe [15.05.2011 17:27 135336]
R2 OODefragAgent;O&O Defrag;d:\programme\OO Software\Defrag\oodag.exe [25.01.2011 11:41 2336072]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [15.05.2011 17:53 1691480]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;d:\programme\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [31.10.2010 18:58 27248]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
IE: &Alles mit BitComet herunterladen - d:\programme\BitComet\BitComet.exe/AddAllLink.htm
IE: Mit BitComet herunter&laden - d:\programme\BitComet\BitComet.exe/AddLink.htm
IE: Nach Microsoft &Excel exportieren - d:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
TCP: {26D04A4F-A491-4933-8A64-9718255B905A} = 195.3.96.67,195.3.96.68
FF - ProfilePath - c:\dokumente und einstellungen\rere\Anwendungsdaten\Mozilla\Firefox\Profiles\mhl73izv.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - d:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - d:\programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-20 17:16
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\d:\programme\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1482476501-854245398-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:ed,75,39,67,de,7b,15,d2,5a,8f,8c,2e,d7,6a,9b,d8,11,83,74,cc,b2,
  5c,be,8e,e3,05,9c,b0,7f,25,f1,73,58,80,5a,a5,6f,41,5e,6d,96,1c,46,d4,4d,fc,\
"rkeysecu"=hex:cd,6c,0a,ea,90,7c,09,a0,94,42,89,f1,6f,85,81,08
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Zeit der Fertigstellung: 2011-05-20  17:17:25
ComboFix-quarantined-files.txt  2011-05-20 15:17
.
Vor Suchlauf: 4 Verzeichnis(se), 27.139.043.328 Bytes frei
Nach Suchlauf: 6 Verzeichnis(se), 29.800.062.976 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 79EAAE5496D2E9C936C594B8191A2376
--- --- ---

cosinus 20.05.2011 21:00
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26654:TCP"=-
"26654:UDP"=-
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

rere1588 21.05.2011 11:09
Combofix Logfile:
Code:
ComboFix 11-05-19.01 - rere 21.05.2011  11:28:50.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2046.1632 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\rere\Desktop\Cofi.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\rere\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\rere\Desktop\Internet Explorer.lnk
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-21 bis 2011-05-21  ))))))))))))))))))))))))))))))
.
.
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((  SnapShot@2011-05-20_15.16.16  )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 00:19 . 2007-11-07 00:19        54272              c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05        62976              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05        46080              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05        46592              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05        64512              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05        66048              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05        65024              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05        65024              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05        56832              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05        66560              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05        39936              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05        38912              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 04:07 . 2008-07-29 04:07        59904              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 04:07 . 2008-07-29 04:07        59904              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2011-05-21 09:27 . 2011-05-21 09:27        16384              c:\windows\temp\Perflib_Perfdata_768.dat
- 2011-05-15 15:06 . 2009-01-07 16:20        26144              c:\windows\system32\spupdsvc.exe
+ 2011-05-15 15:06 . 2008-11-07 16:55        26144              c:\windows\system32\spupdsvc.exe
+ 2011-05-20 16:30 . 2008-11-07 16:55        16928              c:\windows\system32\spmsgXP_2k3.dll
+ 2011-05-20 20:03 . 2010-11-03 16:15        84584              c:\windows\system32\ReinstallBackups\0006\DriverFiles\SOUNDMAN.EXE
+ 2011-05-20 20:03 . 2011-04-15 13:48        56936              c:\windows\system32\ReinstallBackups\0006\DriverFiles\RtkCoInstXP.dll
+ 2011-05-20 20:03 . 2008-04-14 05:53        23552              c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\wdmaud.drv
+ 2011-05-20 20:03 . 2008-04-13 22:15        49408              c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\stream.sys
+ 2011-05-20 20:03 . 2008-04-13 22:15        60160              c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\drmk.sys
+ 2011-05-20 20:03 . 2010-11-03 16:13        64104              c:\windows\system32\ReinstallBackups\0006\DriverFiles\ALCMTR.EXE
+ 2011-05-20 16:31 . 2008-04-14 05:52        21504              c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\hidserv.dll
+ 2011-05-20 16:31 . 2008-04-14 05:28        14720              c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\kbdhid.sys
+ 2011-05-20 16:31 . 2008-04-14 05:28        25216              c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\kbdclass.sys
+ 2011-05-20 16:30 . 2006-02-28 12:00        12288              c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\mouhid.sys
+ 2011-05-20 16:30 . 2008-04-14 05:19        23552              c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\mouclass.sys
+ 2011-05-20 16:30 . 2008-04-13 22:15        10368              c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\hidusb.sys
+ 2011-05-20 16:30 . 2008-04-13 22:15        24960              c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\hidparse.sys
+ 2011-05-20 16:30 . 2008-04-13 22:15        36864              c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\hidclass.sys
+ 2011-05-20 16:30 . 2008-04-14 05:52        20992              c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\hid.dll
+ 2011-05-20 11:41 . 2011-05-20 19:36        75136              c:\windows\system32\PnkBstrA.exe
+ 2006-02-28 12:00 . 2011-05-20 15:53        58596              c:\windows\system32\perfc009.dat
+ 2006-02-28 12:00 . 2011-05-20 15:53        70580              c:\windows\system32\perfc007.dat
+ 2003-11-15 16:54 . 2003-11-15 16:54        36864              c:\windows\system32\ogg.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        32768              c:\windows\system32\netfxperf.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        74240              c:\windows\system32\mscories.dll
+ 2010-04-28 22:29 . 2010-04-28 22:29        53328              c:\windows\system32\LMouFiltCoInst.dll
+ 2009-07-14 08:35 . 2009-07-14 08:35        37608              c:\windows\system32\drivers\wdfldr.sys
+ 2011-05-20 15:51 . 2007-03-16 08:11        12256              c:\windows\system32\drivers\TBPanel.sys
+ 2001-08-18 04:22 . 2001-08-18 02:22        12288              c:\windows\system32\drivers\mouhid.sys
- 2001-08-18 04:22 . 2006-02-28 12:00        12288              c:\windows\system32\drivers\mouhid.sys
+ 2010-03-18 09:02 . 2010-03-18 09:02        28624              c:\windows\system32\drivers\LUsbFilt.sys
+ 2011-05-20 16:30 . 2011-05-20 16:30        16400              c:\windows\system32\drivers\LNonPnP.sys
+ 2010-03-18 09:02 . 2010-03-18 09:02        37328              c:\windows\system32\drivers\LMouFilt.Sys
+ 2010-03-18 09:01 . 2010-03-18 09:01        38864              c:\windows\system32\drivers\LHidFilt.Sys
+ 2011-05-20 16:30 . 2010-03-18 09:01        10448              c:\windows\system32\drivers\LBeepKE.sys
+ 2011-05-20 16:31 . 2008-04-14 05:52        21504              c:\windows\system32\drivers\hidserv.dll
+ 2001-08-18 04:22 . 2001-08-18 02:22        12288              c:\windows\system32\dllcache\mouhid.sys
+ 2004-08-04 00:37 . 2008-04-14 05:19        23552              c:\windows\system32\dllcache\mouclass.sys
+ 2006-02-28 12:00 . 2008-04-14 05:28        14720              c:\windows\system32\dllcache\kbdhid.sys
+ 2006-02-28 12:00 . 2008-04-14 05:28        25216              c:\windows\system32\dllcache\kbdclass.sys
+ 2006-02-28 12:00 . 2008-04-13 22:15        10368              c:\windows\system32\dllcache\hidusb.sys
+ 2006-02-28 12:00 . 2008-04-13 22:15        24960              c:\windows\system32\dllcache\hidparse.sys
+ 2006-02-28 12:00 . 2008-04-13 22:15        36864              c:\windows\system32\dllcache\hidclass.sys
+ 2005-09-23 05:28 . 2005-09-23 05:28        83456              c:\windows\system32\dfshim.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        28160              c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        71680              c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2005-09-23 05:28 . 2005-09-23 05:28        86016              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        47616              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        81920              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        81920              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29        85504              c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29        59072              c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28        32768              c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28        53248              c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28        78336              c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        14848              c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        96440              c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2005-09-23 05:29 . 2005-09-23 05:29        22528              c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        10240              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        66240              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28        67072              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        81408              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        36864              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        73216              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        69632              c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28        87552              c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        12800              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        32768              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        28672              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        73728              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        36864              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2005-09-23 04:36 . 2005-09-23 04:36        85504              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3082.dll
+ 2005-09-23 04:29 . 2005-09-23 04:29        80896              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3076.dll
+ 2005-09-23 04:47 . 2005-09-23 04:47        84480              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2070.dll
+ 2005-09-23 04:30 . 2005-09-23 04:30        80896              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2052.dll
+ 2005-09-23 04:47 . 2005-09-23 04:47        80896              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1055.dll
+ 2005-09-23 04:47 . 2005-09-23 04:47        81920              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1053.dll
+ 2005-09-23 04:47 . 2005-09-23 04:47        82432              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1049.dll
+ 2005-09-23 04:47 . 2005-09-23 04:47        82432              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1046.dll
+ 2005-09-23 04:46 . 2005-09-23 04:46        83456              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1045.dll
+ 2005-09-23 04:46 . 2005-09-23 04:46        81920              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1044.dll
+ 2005-09-23 04:46 . 2005-09-23 04:46        83456              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1043.dll
+ 2005-09-23 04:44 . 2005-09-23 04:44        80896              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1042.dll
+ 2005-09-23 04:42 . 2005-09-23 04:42        80896              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1041.dll
+ 2005-09-23 04:40 . 2005-09-23 04:40        84480              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1040.dll
+ 2005-09-23 04:40 . 2005-09-23 04:40        83968              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1038.dll
+ 2005-09-23 04:40 . 2005-09-23 04:40        80896              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1037.dll
+ 2005-09-23 04:38 . 2005-09-23 04:38        86016              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1036.dll
+ 2005-09-23 04:38 . 2005-09-23 04:38        81408              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1035.dll
+ 2005-09-23 01:46 . 2005-09-23 01:46        80896              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1033.dll
+ 2005-09-23 04:36 . 2005-09-23 04:36        87552              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1032.dll
+ 2005-09-23 04:34 . 2005-09-23 04:34        85504              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1031.dll
+ 2005-09-23 04:34 . 2005-09-23 04:34        81920              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1030.dll
+ 2005-09-23 04:34 . 2005-09-23 04:34        82944              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1029.dll
+ 2005-09-23 04:32 . 2005-09-23 04:32        80896              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1028.dll
+ 2005-09-23 04:29 . 2005-09-23 04:29        80896              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1025.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        40960              c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28        72192              c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        55296              c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        28672              c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28        36864              c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        52736              c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        31936              c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28        68608              c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        17920              c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        13312              c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        76984              c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28        88576              c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        29888              c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28        29896              c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28        26824              c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28        13824              c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28        70656              c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        23552              c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        10752              c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        36864              c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28        55488              c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28        87552              c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        10752              c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        18944              c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        86528              c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        72704              c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2011-05-20 16:27 . 2011-05-20 16:27        18944              c:\windows\Installer\44d957.msi
+ 2011-05-20 16:27 . 2011-05-20 16:27        92672              c:\windows\Installer\44d946.msi
+ 2011-05-20 16:23 . 2011-05-20 16:23        81920              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\ca33f2b5efe43040a9e3b634cb8e960b\Microsoft.Build.Framework.ni.dll
+ 2011-05-20 16:23 . 2011-05-20 16:23        15360              c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\88507197c8b188479141398a0be1b938\dfsvc.ni.exe
+ 2011-05-20 16:23 . 2011-05-20 16:23        26624              c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\881f06749df9364a8f17a215d0f4a0fc\Accessibility.ni.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        86016              c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        81920              c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        81920              c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        32768              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        12800              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        28672              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        73728              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        36864              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        36864              c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        13312              c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        10752              c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        72192              c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        68608              c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-05-20 20:03 . 2008-04-14 05:52        4096              c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\ksuser.dll
+ 2011-05-20 16:27 . 2011-05-20 16:27        5632              c:\windows\system32\pndx5032.dll
+ 2011-05-20 16:27 . 2011-05-20 16:27        6656              c:\windows\system32\pndx5016.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29        6144              c:\windows\system32\mui\0409\mscorees.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        7680              c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        9216              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        7168              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29        5632              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        5632              c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        8192              c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        9728              c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28        9216              c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        4608              c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28        8192              c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        4608              c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        7680              c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        7680              c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        7680              c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        7680              c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29        5120              c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29        5120              c:\windows\Microsoft.NET\Framework\sbs_VsaVb7rt.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29        5120              c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29        5120              c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29        5120              c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29        5120              c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29        5120              c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29        5120              c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29        5632              c:\windows\Microsoft.NET\Framework\sbs_microsoft.vsa.vb.codedomprocessor.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29        5120              c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29        5120              c:\windows\Microsoft.NET\Framework\sbs_iehost.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29        5120              c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        7168              c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        5632              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        5632              c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        8192              c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        114176              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05        655872              c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05        572928              c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 01:54 . 2008-07-29 01:54        225280              c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05        161784              c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29        626688              c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29        548864              c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29        479232              c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2003-11-16 09:48 . 2003-11-16 09:48        909312              c:\windows\system32\vorbisenc.dll
+ 2011-05-20 16:27 . 2011-05-20 16:27        198848              c:\windows\system32\rmoc3260.dll
+ 2011-05-20 20:03 . 2010-11-03 16:15        359016              c:\windows\system32\ReinstallBackups\0006\DriverFiles\vncutil.exe
+ 2011-05-20 20:03 . 2010-11-03 16:15        137832              c:\windows\system32\ReinstallBackups\0006\DriverFiles\RTLCPAPI.dll
+ 2011-05-20 20:03 . 2010-11-03 16:14        129640              c:\windows\system32\ReinstallBackups\0006\DriverFiles\RtkAudioService.exe
+ 2011-05-20 20:03 . 2010-11-23 16:45        297576              c:\windows\system32\ReinstallBackups\0006\DriverFiles\RTCOMDLL.dll
+ 2011-05-20 20:03 . 2008-04-13 22:49        146048              c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\portcls.sys
+ 2011-05-20 20:03 . 2008-04-13 22:46        141056              c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\ks.sys
+ 2011-05-20 11:41 . 2011-05-20 20:10        280768              c:\windows\system32\PnkBstrB.exe
+ 2006-02-28 12:00 . 2011-05-20 15:53        392296              c:\windows\system32\perfh009.dat
+ 2006-02-28 12:00 . 2011-05-20 15:53        405118              c:\windows\system32\perfh007.dat
+ 2002-10-06 22:42 . 2002-10-06 22:42        237568              c:\windows\system32\OggDS.dll
+ 2011-05-15 14:54 . 2011-05-20 16:27        348160              c:\windows\system32\msvcr71.dll
- 2011-05-15 14:54 . 2003-09-18 12:32        348160              c:\windows\system32\msvcr71.dll
+ 2011-05-15 14:54 . 2011-05-20 16:27        499712              c:\windows\system32\msvcp71.dll
- 2011-05-15 14:54 . 2003-09-18 12:32        499712              c:\windows\system32\msvcp71.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        150016              c:\windows\system32\mscorier.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        270848              c:\windows\system32\mscoree.dll
+ 2011-05-20 16:03 . 2011-05-20 16:03        157472              c:\windows\system32\javaws.exe
+ 2011-05-20 16:03 . 2011-05-20 16:03        145184              c:\windows\system32\javaw.exe
+ 2011-05-20 16:03 . 2011-05-20 16:03        145184              c:\windows\system32\java.exe
+ 2009-07-14 08:35 . 2009-07-14 08:35        444136              c:\windows\system32\drivers\wdf01000.sys
+ 2011-05-20 11:42 . 2011-05-20 20:10        140024              c:\windows\system32\drivers\PnkBstrK.sys
+ 2011-05-20 16:03 . 2011-05-20 16:03        472808              c:\windows\system32\deployJava1.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        298496              c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        823296              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        835584              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        260096              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        114688              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        258048              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        131072              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        299008              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        258048              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        368640              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        114176              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        258048              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        700416              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        188416              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        397312              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        884736              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        716800              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        482304              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        389120              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        110592              c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        377344              c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        107520              c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        136192              c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        226816              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29        330752              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        102400              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        326144              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        288768              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        800768              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29        667648              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29        372736              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29        110592              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        745472              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        647168              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        413696              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2005-09-23 05:57 . 2005-09-23 05:57        245408              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\unicows.dll
+ 2005-09-23 05:01 . 2005-09-23 05:01        609472              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28        224952              c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28        788992              c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29        547840              c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        106496              c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28        503808              c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        106496              c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28        138240              c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        208896              c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29        183808              c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        136192              c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2011-05-20 16:31 . 2011-05-20 16:31        240640              c:\windows\Installer\44d96b.msi
+ 2011-05-20 16:29 . 2011-05-20 16:29        228352              c:\windows\Installer\44d962.msi
+ 2011-05-20 16:03 . 2011-05-20 16:03        180224              c:\windows\Installer\2e7cc6.msi
+ 2011-05-20 16:03 . 2011-05-20 16:03        675840              c:\windows\Installer\2e7cbc.msi
+ 2011-05-20 16:23 . 2011-05-20 16:23        237568              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\89bfc91ef2ffef42b502312f53eba549\System.Web.RegularExpressions.ni.dll
+ 2011-05-20 16:23 . 2011-05-20 16:23        684032              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\ab18825c66e7d64e8ddf651ca42e97e7\System.Transactions.ni.dll
+ 2011-05-20 16:23 . 2011-05-20 16:23        729088              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\62e6b2b4c57549468b5f21457ea18df0\System.Security.ni.dll
+ 2011-05-20 16:23 . 2011-05-20 16:23        294912              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\92f9e4585b219f4faadd235ecc8c0bc5\System.EnterpriseServices.Wrapper.dll
+ 2011-05-20 16:23 . 2011-05-20 16:23        659456              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\92f9e4585b219f4faadd235ecc8c0bc5\System.EnterpriseServices.ni.dll
+ 2011-05-20 15:53 . 2011-05-20 15:53        229376              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\513373531ef7bf409712cafddb20ba63\System.Drawing.Design.ni.dll
+ 2011-05-20 16:23 . 2011-05-20 16:23        512000              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\739ab1306503c449bbe08fa822dfc3da\System.DirectoryServices.Protocols.ni.dll
+ 2011-05-20 16:23 . 2011-05-20 16:23        962560              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\baffab3c8fcce942814871a0fc0fa81d\System.Configuration.ni.dll
+ 2011-05-20 16:23 . 2011-05-20 16:23        163840              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\ead2856081ad6a498c0747653651ec5b\Microsoft.Build.Utilities.ni.dll
+ 2011-05-20 16:23 . 2011-05-20 16:23        880640              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\9c4c6c29245f9242a6c1c6f61266bbc0\Microsoft.Build.Engine.ni.dll
+ 2011-05-20 16:23 . 2011-05-20 16:23        237568              c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\b97110b81ebecb4a91355f72cd94bcc4\CustomMarshalers.ni.dll
+ 2011-05-20 16:23 . 2011-05-20 16:23        860160              c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\e94812136f22fb4c948735529aad3831\AspNetMMCExt.ni.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        823296              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        299008              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        368640              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        700416              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        397312              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        884736              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        716800              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        389120              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        667648              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        745472              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        647168              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        413696              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        503808              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        260096              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        114176              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        258048              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        482304              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05        3783672              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05        3768312              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2003-11-16 09:48 . 2003-11-16 09:48        1060864              c:\windows\system32\vorbis.dll
+ 2011-05-20 20:03 . 2010-11-03 16:15        1833576              c:\windows\system32\ReinstallBackups\0006\DriverFiles\SkyTel.exe
+ 2011-05-20 20:03 . 2010-11-03 16:15        1489512              c:\windows\system32\ReinstallBackups\0006\DriverFiles\RtlUpd.exe
+ 2011-05-20 20:03 . 2010-11-03 16:15        9721960              c:\windows\system32\ReinstallBackups\0006\DriverFiles\RTLCPL.EXE
+ 2011-05-20 20:03 . 2011-05-03 14:33        6404712              c:\windows\system32\ReinstallBackups\0006\DriverFiles\RtkHDAud.sys
+ 2011-05-20 20:03 . 2009-11-18 05:17        1395800              c:\windows\system32\ReinstallBackups\0006\DriverFiles\Monfilt.sys
+ 2011-05-20 20:03 . 2010-11-03 16:14        2180712              c:\windows\system32\ReinstallBackups\0006\DriverFiles\MicCal.exe
+ 2011-05-20 20:03 . 2009-11-18 05:16        1691480              c:\windows\system32\ReinstallBackups\0006\DriverFiles\Ambfilt.sys
+ 2011-05-20 20:03 . 2010-11-03 16:13        2815592              c:\windows\system32\ReinstallBackups\0006\DriverFiles\ALCWZRD.EXE
+ 2010-03-18 09:02 . 2010-03-18 09:02        1581136              c:\windows\system32\LkmdfCoInst.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        1306624              c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29        1140920              c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28        2035712              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        5316608              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        5025792              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        3018752              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        5050368              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        2878976              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        5615616              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        4308992              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28        1144832              c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        2109440              c:\windows\Installer\24777c.msi
+ 2011-05-20 15:53 . 2011-05-20 15:53        8093696              c:\windows\assembly\NativeImages_v2.0.50727_32\System\7145f0bd9ea0d74ca5bfe20fedb707c1\System.ni.dll
+ 2011-05-20 15:53 . 2011-05-20 15:53        5640192              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a9854c30de6aab4ea0721b912f4addfa\System.Xml.ni.dll
+ 2011-05-20 16:24 . 2011-05-20 16:24        1945600              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\5c3e7e3ee36ded4f9c48c4862c175486\System.Web.Services.ni.dll
+ 2011-05-20 16:23 . 2011-05-20 16:23        2310144              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\639dd18b2fa38146bb6f26a03e8998a1\System.Web.Mobile.ni.dll
+ 2011-05-20 15:53 . 2011-05-20 15:53        1626112              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7b142fe9b6fe7f418f745df2a6ac6720\System.Drawing.ni.dll
+ 2011-05-20 16:23 . 2011-05-20 16:23        1220608              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\9e281ce3cbcda545af96eeda6027f1f1\System.DirectoryServices.ni.dll
+ 2011-05-20 16:23 . 2011-05-20 16:23        1712128              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c3508abb4e6ca74eab30a5b348fcffdf\System.Deployment.ni.dll
+ 2011-05-20 15:53 . 2011-05-20 15:53        6688768              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\85e13747120707409d840fda768cecd3\System.Data.ni.dll
+ 2011-05-20 16:23 . 2011-05-20 16:23        1724416              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\5978f53f128333499aaefe203c3557be\Microsoft.VisualBasic.ni.dll
+ 2011-05-20 16:23 . 2011-05-20 16:23        1691648              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\8fa85101afc013418b9dbf835c699392\Microsoft.Build.Tasks.ni.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        3018752              c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        2035712              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        5316608              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        5050368              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        5025792              c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        2878976              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        4308992              c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-05-20 20:03 . 2011-04-14 11:36        20053608              c:\windows\system32\ReinstallBackups\0006\DriverFiles\RTHDCPL.EXE
+ 2005-09-23 05:48 . 2005-09-23 05:48        24863744              c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\netfx.msi
+ 2011-05-20 15:53 . 2011-05-20 15:53        13107200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\993eac6bb04d694aa575035ab567c3a3\System.Windows.Forms.ni.dll
+ 2011-05-20 16:23 . 2011-05-20 16:23        11808768              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\67394b010bdcca44ba9657868c2b790e\System.Web.ni.dll
+ 2011-05-20 15:53 . 2011-05-20 15:53        10723328              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\012f5e764b4cd94a9928c39ce2e0ef45\System.Design.ni.dll
+ 2011-05-20 15:52 . 2011-05-20 15:52        11415552              c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6c299e472ff5af4593b8dfb54ed341d5\mscorlib.ni.dll
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
"GAINWARD"="d:\programme\EXPERTool\TBPanel.exe" [2009-10-05 2174976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"Easy-PrintToolBox"="c:\programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"avgnt"="d:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"mmtask"="d:\programme\musicmatch\mmtask.exe" [2004-08-29 53248]
"OODefragTray"="d:\programme\OO Software\Defrag\oodtray.exe" [2011-01-25 2729800]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-01-07 253672]
"TkBellExe"="d:\programme\Real Player\update\realsched.exe" [2011-05-20 273544]
"EvtMgr6"="d:\programme\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]
"RTHDCPL"="RTHDCPL.EXE" [2011-04-14 20053608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\rere\Startmen\Programme\Autostart\
Logitech . Produktregistrierung.lnk - c:\programme\Gemeinsame Dateien\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Microsoft Office.lnk - d:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29        64592        ----a-w-        c:\programme\Gemeinsame Dateien\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Spiele\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Programme\\BitComet\\BitComet.exe"=
"d:\\Programme\\Skype\\Phone\\Skype.exe"=
"d:\\Spiele\\Battlefield Bad Company 2\\BFBC2Game.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Planer;d:\programme\Avira\AntiVir Desktop\sched.exe [15.05.2011 17:27 135336]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [20.05.2011 18:30 10448]
R2 OODefragAgent;O&O Defrag;d:\programme\OO Software\Defrag\oodag.exe [25.01.2011 11:41 2336072]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [15.05.2011 17:53 1691480]
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1482476501-854245398-725345543-1003.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2011-05-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1482476501-854245398-725345543-1003.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
IE: &Alles mit BitComet herunterladen - d:\programme\BitComet\BitComet.exe/AddAllLink.htm
IE: Mit BitComet herunter&laden - d:\programme\BitComet\BitComet.exe/AddLink.htm
IE: Nach Microsoft &Excel exportieren - d:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
TCP: {26D04A4F-A491-4933-8A64-9718255B905A} = 195.3.96.67,195.3.96.68
FF - ProfilePath - c:\dokumente und einstellungen\rere\Anwendungsdaten\Mozilla\Firefox\Profiles\mhl73izv.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - d:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - d:\programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - d:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - d:\programme\java\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-05-21 11:31
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1482476501-854245398-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:8f,a8,26,6c,82,92,3d,67,eb,07,32,fc,4c,55,8c,2c,ef,ff,23,18,cd,
  d7,51,4f,5c,fd,3a,1b,60,97,ae,a9,ab,ee,57,d2,0d,2e,83,cd,da,f8,b6,04,77,6a,\
"rkeysecu"=hex:db,55,c2,60,8a,ee,4a,13,ce,48,0a,a6,d9,1e,e4,46
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(616)
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll
.
Zeit der Fertigstellung: 2011-05-21  11:33:06
ComboFix-quarantined-files.txt  2011-05-21 09:33
ComboFix2.txt  2011-05-20 15:17
.
Vor Suchlauf: 5 Verzeichnis(se), 27.898.101.760 Bytes frei
Nach Suchlauf: 6 Verzeichnis(se), 29.020.880.896 Bytes frei
.
- - End Of File - - 62D4B8608BBDBD2C1405AAF6C0B208A9
--- --- ---

cosinus 21.05.2011 13:40
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

rere1588 21.05.2011 19:08
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:06:02 on 21.05.2011

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.12

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"RealUpgradeLogonTaskS-1-5-21-1482476501-854245398-725345543-1003.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe
"RealUpgradeScheduledTaskS-1-5-21-1482476501-854245398-725345543-1003.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal" - "Avira GmbH" - D:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Nero BurnRights" - "Nero AG" - D:\Programme\Nero 7\Nero Toolkit\NeroBurnRights.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"axtdrpow" (axtdrpow) - ? - C:\DOKUME~1\rere\LOKALE~1\Temp\axtdrpow.sys  (Hidden registry entry, rootkit activity | File not found)
"catchme" (catchme) - ? - C:\DOKUME~1\rere\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"DAEMON Tools Virtual Bus Driver" (dtsoftbus01) - "DT Soft Ltd" - C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"Logitech Beep Suppression Driver" (LBeepKE) - "Logitech, Inc." - C:\WINDOWS\System32\Drivers\LBeepKE.sys
"MxlW2k" (MxlW2k) - "MusicMatch, Inc." - C:\WINDOWS\system32\drivers\MxlW2k.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"TBPanel" (TBPanel) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\system32\drivers\TBPanel.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Programme\Haali\MatroskaSplitter\mmfinfo.dll  (File found, but it contains no detailed information)
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - D:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - d:\Programme\7-Zip\7-zip.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Programme\Haali\MatroskaSplitter\mmfinfo.dll  (File found, but it contains no detailed information)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - D:\Programme\Logitech\SetPointP\kbcplext.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Programme\Microsoft Office\Office10\msohev.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - D:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - D:\Programme\Real Player\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{516EC4D3-4AD9-11D5-AA6A-00E0189008B3} "The Core Media Player Shell Extension" - ? - d:\PROGRA~1\THECOR~1\System\CORESH~1.CLL  (File found, but it contains no detailed information)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
Logitech Setpoint Extension "{B9B9F083-2B04-452A-8691-83694AC1037B}" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
<binary data> "{32099AAC-C132-4136-9E9A-4E364A424E17}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_25" - "Sun Microsystems, Inc." - D:\Programme\java\bin\npjpi160_25.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} "Java Plug-in 1.6.0_25" - "Sun Microsystems, Inc." - D:\Programme\java\bin\npjpi160_25.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_25" - "Sun Microsystems, Inc." - D:\Programme\java\bin\npjpi160_25.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10q.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"BitComet" - ? - res://d:\Programme\BitComet\tools\BitCometBHO_1.5.4.11.dll/206  (File not found)
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - D:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} "Easy-WebPrint" - ? - d:\Programme\Canon\Easy-WebPrint\Toolband.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} "BitComet Helper" - "BitComet" - d:\Programme\BitComet\tools\BitCometBHO_1.5.4.11.dll
{68F9551E-0411-48E4-9AAF-4BC42A6A46BE} "EWPBrowseObject Class" - ? - d:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - D:\Programme\java\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - D:\Programme\java\lib\deploy\jqs\ie\jqs_plugin.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - D:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - d:\PROGRA~1\SPYBOT~1\SDHelper.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Microsoft Office.lnk" - "Microsoft Corporation" - D:\Programme\Microsoft Office\Office10\OSA.EXE  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\rere\Startmenü\Programme\Autostart\desktop.ini
"Logitech . Produktregistrierung.lnk" - "Leader Technologies/Logitech" - C:\Programme\Gemeinsame Dateien\LogiShrd\eReg\SetPoint\eReg.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
"DAEMON Tools Lite" - "DT Soft Ltd" - "D:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
"GAINWARD" - "Gainward Co." - d:\Programme\EXPERTool\TBPanel.exe /A
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"Easy-PrintToolBox" - "CANON INC." - C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
"EvtMgr6" - "Logitech, Inc." - D:\Programme\Logitech\SetPointP\SetPoint.exe /launchGaming
"mmtask" - "Musicmatch Inc." - D:\Programme\musicmatch\mmtask.exe
"NeroFilterCheck" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"OODefragTray" - "O&O Software GmbH" - D:\Programme\OO Software\Defrag\oodtray.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"TkBellExe" - "RealNetworks, Inc." - "D:\Programme\Real Player\update\realsched.exe"  -osboot

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\sched.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - D:\Programme\java\bin\jqs.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\lbtserv.exe
"NBService" (NBService) - "Nero AG" - D:\Programme\Nero 7\Nero BackItUp\NBService.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"O&O Defrag" (OODefragAgent) - "O&O Software GmbH" - D:\Programme\OO Software\Defrag\oodag.exe
"PnkBstrA" (PnkBstrA) - ? - C:\WINDOWS\system32\PnkBstrA.exe  (File found, but it contains no detailed information)

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"LBTWlgn" - "Logitech, Inc." - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

GMER Logfile:
Code:
GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-21 20:00:37
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600JS-55NCB1 rev.10.02E01
Running: yim7jlef.exe; Driver: C:\DOKUME~1\rere\LOKALE~1\Temp\axtdrpow.sys


---- System - GMER 1.0.15 ----

SSDT  B876C166                                                                                      ZwCreateKey
SSDT  B876C15C                                                                                      ZwCreateThread
SSDT  B876C16B                                                                                      ZwDeleteKey
SSDT  B876C175                                                                                      ZwDeleteValueKey
SSDT  B876C17A                                                                                      ZwLoadKey
SSDT  B876C148                                                                                      ZwOpenProcess
SSDT  B876C14D                                                                                      ZwOpenThread
SSDT  B876C184                                                                                      ZwReplaceKey
SSDT  B876C17F                                                                                      ZwRestoreKey
SSDT  B876C170                                                                                      ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

.text  C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                      section is writeable [0xB74773A0, 0x5CC259, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text  D:\Programme\OO Software\Defrag\oodag.exe[1080] kernel32.dll!SetUnhandledExceptionFilter      7C8449FD 5 Bytes  JMP 00401340 D:\Programme\OO Software\Defrag\oodag.exe (O&O Defrag Free Edition Agent (Win32)/O&O Software GmbH)
.text  D:\Programme\Real Player\update\realsched.exe[1380] kernel32.dll!SetUnhandledExceptionFilter  7C8449FD 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- EOF - GMER 1.0.15 ----
--- --- ---

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00001fbc

Kernel Drivers (total 124):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7F78000 ACPI.sys
0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB7F67000 pci.sys
0xB80A8000 isapnp.sys
0xB80B8000 ohci1394.sys
0xB80C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80D8000 MountMgr.sys
0xB7F48000 ftdisk.sys
0xB85AC000 dmload.sys
0xB7F22000 dmio.sys
0xB8330000 PartMgr.sys
0xB80E8000 VolSnap.sys
0xB7F0A000 atapi.sys
0xB80F8000 disk.sys
0xB8108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7EEA000 fltmgr.sys
0xB7ED8000 sr.sys
0xB7EC1000 KSecDD.sys
0xB7E34000 Ntfs.sys
0xB7E07000 NDIS.sys
0xB7DED000 Mup.sys
0xB81C8000 \SystemRoot\system32\DRIVERS\processr.sys
0xB7477000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB7463000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB83A0000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB743F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB83A8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB81D8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB83B0000 \SystemRoot\System32\Drivers\MxlW2k.SYS
0xB81E8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB81F8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB741C000 \SystemRoot\system32\DRIVERS\ks.sys
0xB73F4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB83B8000 \SystemRoot\system32\DRIVERS\RTL8139.SYS
0xB8208000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB8218000 \SystemRoot\system32\DRIVERS\serial.sys
0xB8558000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB878E000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB8228000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB855C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB73DD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB8238000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB8248000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB83C0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB73CC000 \SystemRoot\system32\DRIVERS\psched.sys
0xB8258000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB83C8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB83D0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB7374000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB8268000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB83D8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB83E0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB85B8000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB72FF000 \SystemRoot\system32\DRIVERS\update.sys
0xB857C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB7224000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
0xB8288000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB82A8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB85C6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB2963000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB293F000 \SystemRoot\system32\drivers\portcls.sys
0xB82C8000 \SystemRoot\system32\drivers\drmk.sys
0xB85D6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB875B000 \SystemRoot\System32\Drivers\Null.SYS
0xB85D8000 \SystemRoot\System32\Drivers\Beep.SYS
0xB8410000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB8418000 \SystemRoot\System32\drivers\vga.sys
0xB85DA000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB85DC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB8420000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB8428000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB73A4000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB28BC000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB2863000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB283B000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB2815000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB82E8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB27F3000 \SystemRoot\System32\drivers\afd.sys
0xB82F8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB8430000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB27C8000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB2758000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB8308000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB8318000 \SystemRoot\System32\Drivers\Fips.SYS
0xB270A000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xB85E0000 \??\D:\Programme\Avira\AntiVir Desktop\avgio.sys
0xB8158000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB8438000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB8468000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB292F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB8178000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB8478000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
0xB8188000 \SystemRoot\System32\Drivers\WDFLDR.SYS
0xB2699000 \SystemRoot\System32\Drivers\wdf01000.sys
0xB8488000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xB292B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB8490000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0xB2923000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB2681000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB8608000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB290B000 \SystemRoot\System32\drivers\Dxapi.sys
0xB8498000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB8705000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xB1936000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xB1A3B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB15D9000 \SystemRoot\system32\drivers\wdmaud.sys
0xB1896000 \SystemRoot\system32\drivers\sysaudio.sys
0xB13CC000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB85D2000 \SystemRoot\System32\Drivers\TBPanel.SYS
0xB87E4000 \SystemRoot\System32\Drivers\LBeepKE.sys
0xB1302000 \SystemRoot\system32\DRIVERS\srv.sys
0xB0D49000 \SystemRoot\System32\Drivers\HTTP.sys
0xB0A3C000 \??\C:\DOKUME~1\rere\LOKALE~1\Temp\axtdrpow.sys
0xB0A11000 \SystemRoot\system32\drivers\kmixer.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 37):
0 System Idle Process
4 System
552 C:\WINDOWS\system32\smss.exe
604 csrss.exe
628 C:\WINDOWS\system32\winlogon.exe
672 C:\WINDOWS\system32\services.exe
708 C:\WINDOWS\system32\lsass.exe
904 C:\WINDOWS\system32\nvsvc32.exe
932 C:\WINDOWS\system32\svchost.exe
1044 svchost.exe
1108 C:\WINDOWS\system32\svchost.exe
1180 svchost.exe
1252 svchost.exe
1444 C:\WINDOWS\system32\spoolsv.exe
1552 C:\WINDOWS\explorer.exe
1568 D:\Programme\Avira\AntiVir Desktop\sched.exe
480 D:\Programme\Avira\AntiVir Desktop\avguard.exe
600 D:\Programme\java\bin\jqs.exe
128 D:\Programme\Avira\AntiVir Desktop\avshadow.exe
1080 D:\Programme\OO Software\Defrag\oodag.exe
1140 C:\WINDOWS\system32\rundll32.exe
1148 D:\Programme\Avira\AntiVir Desktop\avgnt.exe
1212 D:\Programme\Musicmatch\mmtask.exe
1240 D:\Programme\OO Software\Defrag\oodtray.exe
1344 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
1380 D:\Programme\Real Player\Update\realsched.exe
1308 D:\Programme\Logitech\SetPointP\SetPoint.exe
1460 C:\WINDOWS\RTHDCPL.EXE
1528 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
1632 C:\WINDOWS\system32\PnkBstrA.exe
648 C:\WINDOWS\system32\ctfmon.exe
1776 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
2284 C:\Programme\Gemeinsame Dateien\LogiShrd\KHAL3\KHALMNPR.exe
2768 C:\WINDOWS\system32\wscntfy.exe
3192 alg.exe
1920 D:\Programme\Mozilla Firefox\firefox.exe
3020 C:\Dokumente und Einstellungen\rere\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000008`8b9f1e00 (NTFS)
\\.\F: --> \\.\PhysicalDrive6 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600JS-55NCB1, Rev: 10.02E01
PhysicalDrive6 Model Number: WD15EADS External, Rev: 1.75

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
1397 GB \\.\PhysicalDrive6 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:52 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19