Internet Verbindung trennt sich andauernd - System mit hoher Speicherauslastung im Task Manager

Itsab11 · 15.12.2010, 23:17

Hallo,

Seit ca. 2 Tagen habe ich das Problem, dass wenn ich im Internet rumsurfe oder Spiele spiele welche Verbindung zum Internet aufbauen, mein Internet sich regelmäßig alle 10-15 Minuten trennt und 2-3 Minuten später wieder neu einloggt. Virenscanner und Malwarebites haben nichts weiteres gefunden.

Was mir desweiteren auffällt ist die "Datei" System in meinem Task Manager, welche eine Speicherauslastung von 113.356 K hat (aber keine CPU Auslastung in Anspruch nimmt)

Hijack this log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:15:59, on 15.12.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programme\AVG\AVG10\avgwdsvc.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Programme\AVG\AVG10\avgnsx.exe
C:\Programme\AVG\AVG10\avgemcx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Programme\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\AVG\AVG10\avgtray.exe
C:\Programme\jeak.de\QIP 2005\qip.exe
C:\Programme\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Dokumente und Einstellungen\Basti\Desktop\HiJackThis204.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG10\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Programme\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [QIP2005] C:\Programme\jeak.de\QIP 2005\qip.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Basti\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Programme\AVG\AVG10\avgwdsvc.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5203 bytes

Malwarebytes logfile:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5065

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

15.12.2010 18:56:19
mbam-log-2010-12-15 (18-56-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|I:\|J:\|)
Durchsuchte Objekte: 247698
Laufzeit: 1 Stunde(n), 4 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Bitte um Hilfe

Gruß

cosinus · 16.12.2010, 21:16

Zitat:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 5065

Du hast Malwarebytes vorher nicht aktualisiert. Bitte updaten und einen Vollscan machen.

Itsab11 · 19.12.2010, 15:00

auch mit der neuesten Version keine Funde :/

Problem besteht aber immernoch

cosinus · 19.12.2010, 16:33

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Itsab11 · 19.12.2010, 17:26

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 19.12.2010 17:23:10 - Run 2
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Dokumente und Einstellungen\Basti\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 78,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 8184 16368 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 343,89 Gb Total Space | 70,82 Gb Free Space | 20,59% Space Free | Partition Type: NTFS
Drive D: | 121,87 Gb Total Space | 8,19 Gb Free Space | 6,72% Space Free | Partition Type: NTFS
Drive I: | 638,37 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PCBASTI | User Name: Basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Dokumente und Einstellungen\Basti\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Last.fm\LastFM.exe (Last.fm)
PRC - C:\Programme\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\jeak.de\QIP 2005\qip.exe (The Author of QIP)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\Basti\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (AVGIDSAgent) -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Programme\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (pgsql-8.3) -- C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WBio) -- C:\DOKUME~1\Basti\LOKALE~1\Temp\iniuriar0-winxp.sys File not found
DRV - (SymIMMP) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys File not found
DRV - (SymIM) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys File not found
DRV - (GGSAFERDriver) -- C:\Programme\Garena\safedrv.sys File not found
DRV - (catchme) -- C:\DOKUME~1\Basti\LOKALE~1\Temp\catchme.sys File not found
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (RivaTuner32) -- C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (EuMusDesignVirtualAudioCableWdm_s2x) Sound2x Audio Cable (WDM) -- C:\WINDOWS\system32\drivers\vacs2xkd.sys (Eugene V. Muzychenko)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (ASPI) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q="
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programme\AVG\AVG10\Firefox\ [2010.12.15 11:18:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.12.11 15:56:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.12.11 15:56:44 | 000,000,000 | ---D | M]
 
[2010.08.30 17:08:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Basti\Anwendungsdaten\Mozilla\Extensions
[2010.12.18 11:15:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Basti\Anwendungsdaten\Mozilla\Firefox\Profiles\q57fa5ta.default\extensions
[2010.09.13 08:37:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Basti\Anwendungsdaten\Mozilla\Firefox\Profiles\q57fa5ta.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.17 12:40:32 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Basti\Anwendungsdaten\Mozilla\Firefox\Profiles\q57fa5ta.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2010.10.13 10:20:19 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Basti\Anwendungsdaten\Mozilla\Firefox\Profiles\q57fa5ta.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.10.08 15:18:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Basti\Anwendungsdaten\Mozilla\Firefox\Profiles\q57fa5ta.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.12.16 12:45:24 | 000,001,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Basti\Anwendungsdaten\Mozilla\Firefox\Profiles\q57fa5ta.default\searchplugins\icqplugin.xml
[2010.12.18 11:15:58 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.09.22 13:58:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.22 13:58:24 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2010.07.23 01:48:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 01:48:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.23 01:48:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.23 01:48:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.23 01:48:56 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.11.07 12:57:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKCU..\Run: [QIP2005] C:\Programme\jeak.de\QIP 2005\qip.exe (The Author of QIP)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Basti\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.08.30 16:42:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003.05.19 14:23:50 | 000,049,152 | R--- | M] () - I:\autoplay.exe -- [ CDFS ]
O32 - AutoRun File - [2003.02.12 09:01:48 | 000,000,050 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Programme\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Programme\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.18 11:53:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2010.12.15 12:40:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Basti\Anwendungsdaten\AVG
[2010.12.15 11:49:06 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010.12.15 11:20:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Basti\Anwendungsdaten\AVG10
[2010.12.15 11:19:24 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2010.12.15 11:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2010.12.15 11:18:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG10
[2010.12.15 11:18:25 | 000,000,000 | ---D | C] -- C:\Programme\AVG
[2010.12.15 11:17:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2010.12.05 12:23:00 | 000,000,000 | ---D | C] -- C:\Programme\Ski Alpin Racing 2007
[2010.12.01 20:05:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Basti\Anwendungsdaten\Winter Sports 2011
[2010.12.01 19:58:33 | 000,000,000 | ---D | C] -- C:\Programme\Winter Sports 2011
[2010.11.26 18:31:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Basti\Desktop\erhbxf
[2010.11.26 15:18:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Anwendungsdaten\PunkBuster
[2010.11.26 14:59:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Basti\Anwendungsdaten\id Software
[2010.11.26 14:59:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010.11.26 14:59:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\id Software
[2010.11.24 16:05:40 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll
[2010.11.24 16:05:40 | 000,042,880 | ---- | C] (Eugene V. Muzychenko) -- C:\WINDOWS\System32\drivers\vacs2xkd.sys
[2010.11.24 16:05:40 | 000,022,528 | ---- | C] (Jukka Poikolainen Software) -- C:\WINDOWS\System32\WNASPI32.DLL
[2010.11.24 16:05:40 | 000,016,512 | ---- | C] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS
[2010.11.24 16:05:38 | 000,000,000 | ---D | C] -- C:\Programme\4Musics OGG to MP3 Converter
[2010.11.19 19:35:27 | 000,139,264 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\War3Unin.exe
[2010.11.19 19:35:08 | 000,000,000 | ---D | C] -- C:\Programme\Garena
[2010.11.19 19:32:26 | 000,000,000 | ---D | C] -- C:\Programme\Warcraft III
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.19 15:07:37 | 000,118,784 | ---- | M] () -- C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.19 08:02:33 | 102,092,412 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010.12.18 21:06:13 | 000,000,596 | ---- | M] () -- C:\Dokumente und Einstellungen\Basti\Desktop\pvpTool.lnk
[2010.12.18 13:37:09 | 000,000,749 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\World of Warcraft.lnk
[2010.12.18 12:00:04 | 000,449,452 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.12.18 12:00:04 | 000,433,338 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.12.18 12:00:04 | 000,081,086 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.12.18 12:00:04 | 000,068,294 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.12.18 11:55:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.12.18 11:45:16 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.12.16 03:29:54 | 000,093,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.12.16 03:13:13 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.12.15 11:19:18 | 000,000,686 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG 2011.lnk
[2010.12.15 10:58:46 | 000,000,331 | -HS- | M] () -- C:\boot.ini
[2010.12.05 12:24:02 | 000,000,790 | ---- | M] () -- C:\Dokumente und Einstellungen\Basti\Desktop\Ski Alpin Racing 2007.lnk
[2010.12.04 00:28:13 | 007,184,965 | ---- | M] () -- C:\Dokumente und Einstellungen\Basti\Eigene Dateien\Neu WinRAR-ZIP-Archiv.zip
[2010.12.04 00:28:00 | 015,110,444 | ---- | M] () -- C:\Dokumente und Einstellungen\Basti\Eigene Dateien\ts3_recording_10_12_04_0_24_2.wav
[2010.12.01 20:03:27 | 000,001,681 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Winter Sports 2011.lnk
[2010.12.01 16:18:49 | 000,137,960 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.12.01 16:18:39 | 000,235,248 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010.12.01 15:25:35 | 000,000,600 | ---- | M] () -- C:\Dokumente und Einstellungen\Basti\PUTTY.RND
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.11.26 15:32:01 | 000,000,707 | ---- | M] () -- C:\Dokumente und Einstellungen\Basti\Desktop\Verknüpfung mit Frozen Throne.lnk
[2010.11.26 14:59:38 | 002,373,712 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
[2010.11.25 08:51:25 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.11.24 16:59:56 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.11.19 19:54:10 | 000,076,421 | ---- | M] () -- C:\WINDOWS\War3Unin.dat
[2010.11.19 19:40:57 | 000,002,829 | ---- | M] () -- C:\WINDOWS\War3Unin.pif
[2010.11.19 19:40:56 | 000,139,264 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\War3Unin.exe
[2010.11.19 19:35:16 | 000,000,626 | ---- | M] () -- C:\Dokumente und Einstellungen\Basti\Desktop\Garena.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.12.19 08:02:33 | 102,092,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010.12.18 21:06:13 | 000,000,596 | ---- | C] () -- C:\Dokumente und Einstellungen\Basti\Desktop\pvpTool.lnk
[2010.12.15 11:19:18 | 000,000,686 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG 2011.lnk
[2010.12.14 03:00:38 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010.12.05 12:24:02 | 000,000,790 | ---- | C] () -- C:\Dokumente und Einstellungen\Basti\Desktop\Ski Alpin Racing 2007.lnk
[2010.12.04 00:28:09 | 007,184,965 | ---- | C] () -- C:\Dokumente und Einstellungen\Basti\Eigene Dateien\Neu WinRAR-ZIP-Archiv.zip
[2010.12.04 00:24:05 | 015,110,444 | ---- | C] () -- C:\Dokumente und Einstellungen\Basti\Eigene Dateien\ts3_recording_10_12_04_0_24_2.wav
[2010.12.01 20:03:27 | 000,001,681 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Winter Sports 2011.lnk
[2010.11.30 18:28:59 | 000,137,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.11.30 18:28:50 | 000,235,248 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010.11.26 15:32:01 | 000,000,707 | ---- | C] () -- C:\Dokumente und Einstellungen\Basti\Desktop\Verknüpfung mit Frozen Throne.lnk
[2010.11.26 14:59:40 | 000,235,248 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010.11.26 14:59:38 | 002,373,712 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010.11.26 14:59:38 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010.11.25 08:51:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.11.19 19:35:29 | 000,076,421 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2010.11.19 19:35:28 | 000,002,829 | ---- | C] () -- C:\WINDOWS\War3Unin.pif
[2010.11.19 19:35:16 | 000,000,626 | ---- | C] () -- C:\Dokumente und Einstellungen\Basti\Desktop\Garena.lnk
[2010.11.01 21:10:35 | 000,004,157 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bltofzsb.qlf
[2010.09.11 13:44:03 | 002,129,952 | ---- | C] () -- C:\Programme\Kova 2011 Roster.ROS
[2010.09.08 15:21:34 | 000,001,733 | ---- | C] () -- C:\WINDOWS\TSearch.INI
[2010.09.08 13:33:51 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.08.31 14:19:32 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.08.31 14:19:31 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010.08.31 14:19:29 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.08.31 14:19:29 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.08.31 14:19:28 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.08.31 14:16:31 | 000,118,784 | ---- | C] () -- C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.30 17:33:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.08.30 17:01:15 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2010.08.30 17:01:15 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2010.08.30 17:01:12 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2010.08.30 17:01:12 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2010.08.30 16:53:05 | 000,031,114 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2010.08.30 16:52:44 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010.08.30 16:52:26 | 000,030,767 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010.08.30 16:52:26 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009.11.06 09:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

< End of report >

--- --- ---
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 19.12.2010 17:23:10 - Run 2
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Dokumente und Einstellungen\Basti\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 78,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 8184 16368 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 343,89 Gb Total Space | 70,82 Gb Free Space | 20,59% Space Free | Partition Type: NTFS
Drive D: | 121,87 Gb Total Space | 8,19 Gb Free Space | 6,72% Space Free | Partition Type: NTFS
Drive I: | 638,37 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PCBASTI | User Name: Basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"6881:TCP" = 6881:TCP:*:Enabled:Blizzard Downloader: 6881
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\BitTorrent\BitTorrent.exe" = C:\Programme\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Programme\jeak.de\QIP 2005\qip.exe" = C:\Programme\jeak.de\QIP 2005\qip.exe:*:Enabled:Quiet Internet Pager -- (The Author of QIP)
"C:\Programme\World of Warcraft\WoW-3.2.0.10192-to-3.3.0.10958-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.2.0.10192-to-3.3.0.10958-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Programme\World of Warcraft\Launcher.exe" = C:\Programme\World of Warcraft\Launcher.exe:*:Enabled:Launcher.exe -- (Blizzard Entertainment)
"C:\Programme\Codemasters\F1 2010\F1_2010_game.exe" = C:\Programme\Codemasters\F1 2010\F1_2010_game.exe:*:Enabled:F1 2010 -- (Codemasters)
"C:\Programme\2K Sports\NBA 2K11\nba2k11.exe" = C:\Programme\2K Sports\NBA 2K11\nba2k11.exe:*:Enabled:NBA 2K11 -- (2K Sports)
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"D:\Steam\steamapps\itsab11\counter-strike source\hl2.exe" = D:\Steam\steamapps\itsab11\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"D:\Steam\steamapps\itsab11\counter-strike\hl.exe" = D:\Steam\steamapps\itsab11\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
"C:\Programme\AVG\AVG10\avgdiagex.exe" = C:\Programme\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnose 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG10\avgnsx.exe" = C:\Programme\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG10\avgmfapx.exe" = C:\Programme\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG-Installationsprogramm -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG10\avgemcx.exe" = C:\Programme\AVG\AVG10\avgemcx.exe:*:Enabled:Personal eMail-Scanner -- (AVG Technologies CZ, s.r.o.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21040472-F8DF-48A9-A093-2986C1495670}" = Lineage® II: The Chaotic Throne - Freya
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CD5832D-13D9-4751-8B22-3A7D3F4ACA42}" = Quake Live Mozilla Plugin
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{5AD96CF5-2627-4F29-9D2D-72FCD85F6355}" = AVG 2011
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{81DD0597-29EB-4FA0-8223-4F41362B2E72}" = NBA 2K11
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{ED005281-E361-4378-AFAB-829B1ACB073D}" = QIP 2010 4196 Jeak-Edition
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"4Musics OGG to MP3 Converter 4.4_is1" = 4Musics OGG to MP3 Converter 4.4
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG" = AVG 2011
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"EA Installer.828943773" = EA Installer
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"FUSSBALL MANAGER 11" = FUSSBALL MANAGER 11
"Garena" = Garena 2010
"GFWL_{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.3.0 (Full)
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PokerStars" = PokerStars
"PokerTracker3" = PokerTracker 3 (remove only)
"PunkBusterSvc" = PunkBuster Services
"QIP 2005 8095 Jeak-Edition" = QIP 2005 8095 Jeak-Edition
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"Ski Alpin Racing 2007_0001" = Ski Alpin Racing 2007
"StarCraft II" = StarCraft II
"Steam App 310" = Team Fortress 2 Dedicated Server
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TmNationsForever_is1" = TmNationsForever
"Veetle TV" = Veetle TV 0.9.18
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR
"Winter Sports 2011_is1" = Winter Sports 2011
"World of Warcraft" = World of Warcraft
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services
"Warcraft III" = Warcraft III: All Products
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.11.2010 13:27:02 | Computer Name = PCBASTI | Source = MsiInstaller | ID = 1013
Description = Produkt: Microsoft .NET Framework 2.0 Service Pack 2 -- Microsoft 
.NET Framework 2.0 Service Pack 2 cannot be uninstalled because it will affect other
 applications that are installed. For more information, see hxxp://go.microsoft.com/fwlink/?LinkId=91126.
 
[ System Events ]
Error - 15.12.2010 14:47:41 | Computer Name = PCBASTI | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 15.12.2010 14:47:41 | Computer Name = PCBASTI | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 15.12.2010 14:47:41 | Computer Name = PCBASTI | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "AFD" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 15.12.2010 14:47:41 | Computer Name = PCBASTI | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Apple Mobile Device" ist vom Dienst "TCP/IP-Protokolltreiber"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 15.12.2010 14:47:41 | Computer Name = PCBASTI | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 15.12.2010 14:47:41 | Computer Name = PCBASTI | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   AFD  AsIO  Avgldx86  Avgmfx86  Avgtdix  Fips  intelppm  IPSec  MRxSmb  NetBIOS  NetBT  RasAcd  Rdbss  sptd
Tcpip
 
Error - 15.12.2010 17:14:04 | Computer Name = PCBASTI | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 15.12.2010 18:42:50 | Computer Name = PCBASTI | Source = EventLog | ID = 6004
Description = Ein Treiberpaket, das vom E/A-Teilsystem empfangen wurde, war ungültig.
 Die Daten sind  das Paket.
 
Error - 15.12.2010 18:42:57 | Computer Name = PCBASTI | Source = EventLog | ID = 6004
Description = Ein Treiberpaket, das vom E/A-Teilsystem empfangen wurde, war ungültig.
 Die Daten sind  das Paket.
 
Error - 15.12.2010 18:43:07 | Computer Name = PCBASTI | Source = EventLog | ID = 6004
Description = Ein Treiberpaket, das vom E/A-Teilsystem empfangen wurde, war ungültig.
 Die Daten sind  das Paket.
 
 
< End of report >

--- --- ---

Itsab11 · 21.12.2010, 16:53

help pls

cosinus · 21.12.2010, 22:27

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
DRV - (WBio) -- C:\DOKUME~1\Basti\LOKALE~1\Temp\iniuriar0-winxp.sys File not found
DRV - (SymIMMP) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys File not found
DRV - (SymIM) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys File not found
DRV - (GGSAFERDriver) -- C:\Programme\Garena\safedrv.sys File not found
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Itsab11 · 23.12.2010, 19:44

All processes killed
========== OTL ==========
Service WBio stopped successfully!
Service WBio deleted successfully!
File C:\DOKUME~1\Basti\LOKALE~1\Temp\iniuriar0-winxp.sys File not found not found.
Service SymIMMP stopped successfully!
Service SymIMMP deleted successfully!
File C:\WINDOWS\System32\DRIVERS\SymIM.sys File not found not found.
Service SymIM stopped successfully!
Service SymIM deleted successfully!
File C:\WINDOWS\System32\DRIVERS\SymIM.sys File not found not found.
Service GGSAFERDriver stopped successfully!
Service GGSAFERDriver deleted successfully!
File C:\Programme\Garena\safedrv.sys File not found not found.
Prefs.js: "localhost" removed from network.proxy.http
Prefs.js: 9666 removed from network.proxy.http_port
Prefs.js: "localhost" removed from network.proxy.socks
Prefs.js: 9050 removed from network.proxy.socks_port
Prefs.js: true removed from network.proxy.socks_remote_dns
Prefs.js: "localhost" removed from network.proxy.ssl
Prefs.js: 9666 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Basti
->Temp folder emptied: 7676297 bytes
->Temporary Internet Files folder emptied: 26997105 bytes
->Java cache emptied: 45983 bytes
->FireFox cache emptied: 111795567 bytes
->Flash cache emptied: 5582 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2352202 bytes
%systemroot%\System32 .tmp files removed: 2431631 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 124044 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 145,00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 12232010_193840

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

aber irgendwie ist dieses "system" mit der hohen Auslastung immer noch im Task Manager :/

cosinus · 23.12.2010, 20:55

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Itsab11 · 23.12.2010, 23:59

Also um cofi überhaupt ausführen zu können war ich ja gezwungen AVG zu deinstallieren. Seitdem ist dieses "System" aus dem Taskmanager wieder mit normaler SPeicherauslastung drin. Wäre aber komisch wenn ein Virenprogramm den Fehler verursacht oder etwa nicht? Werde auf jeden Fall mal schauen ob es evtl. daran lag und die Disconnects nun aufhören.

Nichtsdestotrotz hier der combofix log

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-12-23.02 - Basti 23.12.2010  23:52:15.2.4 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.3327.2940 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Basti\Desktop\Cofi.exe
.

(((((((((((((((((((((((   Dateien erstellt von 2010-11-23 bis 2010-12-23  ))))))))))))))))))))))))))))))
.

2010-12-23 18:38 . 2010-12-23 18:38	--------	d-----w-	C:\_OTL
2010-12-18 10:53 . 2010-12-23 22:48	--------	d---a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2010-12-15 18:46 . 2010-12-18 10:53	--------	d-----w-	c:\dokumente und einstellungen\Administrator
2010-12-15 10:20 . 2010-12-15 10:20	--------	d-----w-	c:\dokumente und einstellungen\Basti\Anwendungsdaten\AVG10
2010-12-15 10:19 . 2010-12-15 10:19	--------	d--h--w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Common Files
2010-12-15 10:18 . 2010-12-23 22:31	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\AVG10
2010-12-15 10:18 . 2010-12-23 22:49	--------	d-----w-	c:\programme\AVG
2010-12-15 10:17 . 2010-12-15 10:18	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\MFAData
2010-12-05 11:23 . 2010-12-05 11:27	--------	d-----w-	c:\programme\Ski Alpin Racing 2007
2010-12-01 19:05 . 2010-12-01 19:45	--------	d-----w-	c:\dokumente und einstellungen\Basti\Anwendungsdaten\Winter Sports 2011
2010-12-01 18:58 . 2010-12-01 19:05	--------	d-----w-	c:\programme\Winter Sports 2011
2010-11-30 17:28 . 2010-12-01 15:18	137960	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2010-11-30 17:28 . 2010-12-01 15:18	235248	----a-w-	c:\windows\system32\PnkBstrB.xtr
2010-11-26 14:18 . 2010-11-26 14:18	--------	d-----w-	c:\dokumente und einstellungen\Basti\Lokale Einstellungen\Anwendungsdaten\PunkBuster
2010-11-26 13:59 . 2010-11-26 13:59	--------	d-----w-	c:\dokumente und einstellungen\Basti\Anwendungsdaten\id Software
2010-11-26 13:59 . 2010-12-01 15:18	235248	----a-w-	c:\windows\system32\PnkBstrB.exe
2010-11-26 13:59 . 2010-11-26 13:59	75064	----a-w-	c:\windows\system32\PnkBstrA.exe
2010-11-26 13:59 . 2010-11-26 13:59	2373712	----a-w-	c:\windows\system32\pbsvc.exe
2010-11-26 13:59 . 2010-11-26 13:59	--------	d-----w-	c:\windows\system32\LogFiles
2010-11-26 13:59 . 2010-11-26 13:59	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\id Software
2010-11-24 15:05 . 2007-11-01 17:53	42880	----a-w-	c:\windows\system32\drivers\vacs2xkd.sys
2010-11-24 15:05 . 2003-03-19 09:19	1060864	----a-w-	c:\windows\system32\MFC71.dll
2010-11-24 15:05 . 2003-03-19 06:14	499712	----a-w-	c:\windows\system32\msvcp71.dll
2010-11-24 15:05 . 2002-07-17 08:05	16512	----a-w-	c:\windows\system32\drivers\ASPI32.SYS
2010-11-24 15:05 . 2001-03-17 21:34	22528	----a-w-	c:\windows\system32\WNASPI32.DLL
2010-11-24 15:05 . 2010-11-24 15:06	--------	d-----w-	c:\programme\4Musics OGG to MP3 Converter

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 16:42 . 2010-11-06 18:56	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 16:42 . 2010-11-06 18:56	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-11-19 18:40 . 2010-11-19 18:35	2829	----a-w-	c:\windows\War3Unin.pif
2010-11-19 18:40 . 2010-11-19 18:35	139264	----a-w-	c:\windows\War3Unin.exe
2010-11-18 18:12 . 2010-08-30 15:40	86016	----a-w-	c:\windows\system32\isign32.dll
2010-11-17 12:41 . 2010-11-17 11:21	5840062622	----a-w-	C:\Lineage-II-Freya.zip
2010-11-05 05:04 . 2008-04-14 12:00	672768	----a-w-	c:\windows\system32\wininet.dll
2010-11-05 05:04 . 2008-04-14 12:00	61952	----a-w-	c:\windows\system32\tdc.ocx
2010-11-05 05:04 . 2008-04-14 12:00	81920	----a-w-	c:\windows\system32\ieencode.dll
2010-11-05 05:02 . 2008-04-14 12:00	371200	----a-w-	c:\windows\system32\html.iec
2010-11-02 15:17 . 2008-04-14 12:00	40960	----a-w-	c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:12 . 2008-04-14 12:00	290048	----a-w-	c:\windows\system32\atmfd.dll
2010-10-26 14:05 . 2008-04-14 12:00	1853440	----a-w-	c:\windows\system32\win32k.sys
2010-10-22 06:23 . 2010-08-30 16:11	61440	----a-w-	c:\windows\system32\OpenCL.dll
2010-10-22 06:23 . 2010-08-30 16:11	14532608	----a-w-	c:\windows\system32\nvoglnt.dll
2010-10-22 06:23 . 2010-11-06 18:27	888424	----a-w-	c:\windows\system32\nvdispco32.dll
2010-10-22 06:23 . 2010-11-06 18:27	813672	----a-w-	c:\windows\system32\nvgenco32.dll
2010-10-22 06:23 . 2010-08-30 16:11	2932840	----a-w-	c:\windows\system32\nvcuvid.dll
2010-10-22 06:23 . 2010-08-30 16:11	2666600	----a-w-	c:\windows\system32\nvcuvenc.dll
2010-10-22 06:23 . 2010-08-30 16:11	4882432	----a-w-	c:\windows\system32\nvcuda.dll
2010-10-22 06:23 . 2010-08-30 16:11	9623680	----a-w-	c:\windows\system32\drivers\nv4_mini.sys
2010-10-22 06:23 . 2010-08-30 16:11	1462272	----a-w-	c:\windows\system32\nvapi.dll
2010-10-22 06:23 . 2010-08-30 16:11	13012992	----a-w-	c:\windows\system32\nvcompiler.dll
2010-10-22 06:23 . 2010-08-30 16:11	6359552	----a-w-	c:\windows\system32\nv4_disp.dll
2010-10-16 11:05 . 2010-10-16 11:05	81920	----a-w-	c:\windows\system32\nvwddi.dll
2010-10-16 11:05 . 2010-10-16 11:05	335872	----a-w-	c:\windows\system32\nvrsar.dll
2010-10-16 11:05 . 2010-10-16 11:05	331776	----a-w-	c:\windows\system32\nvrshe.dll
2010-10-16 11:05 . 2010-10-16 11:05	286720	----a-w-	c:\windows\system32\nvrsfr.dll
2010-10-16 11:05 . 2010-10-16 11:05	282624	----a-w-	c:\windows\system32\nvrses.dll
2010-10-16 11:05 . 2010-10-16 11:05	282624	----a-w-	c:\windows\system32\nvrsel.dll
2010-10-16 11:05 . 2010-10-16 11:05	278528	----a-w-	c:\windows\system32\nvrsde.dll
2010-10-16 11:05 . 2010-10-16 11:05	274432	----a-w-	c:\windows\system32\nvrsnl.dll
2010-10-16 11:05 . 2010-10-16 11:05	274432	----a-w-	c:\windows\system32\nvrsesm.dll
2010-10-16 11:05 . 2010-10-16 11:05	270336	----a-w-	c:\windows\system32\nvrsru.dll
2010-10-16 11:05 . 2010-10-16 11:05	270336	----a-w-	c:\windows\system32\nvrsptb.dll
2010-10-16 11:05 . 2010-10-16 11:05	266240	----a-w-	c:\windows\system32\nvrsko.dll
2010-10-16 11:05 . 2010-10-16 11:05	262144	----a-w-	c:\windows\system32\nvrshu.dll
2010-10-16 11:05 . 2010-10-16 11:05	258048	----a-w-	c:\windows\system32\nvrstr.dll
2010-10-16 11:05 . 2010-10-16 11:05	258048	----a-w-	c:\windows\system32\nvrssl.dll
2010-10-16 11:05 . 2010-10-16 11:05	258048	----a-w-	c:\windows\system32\nvrssk.dll
2010-10-16 11:05 . 2010-10-16 11:05	253952	----a-w-	c:\windows\system32\nvrsth.dll
2010-10-16 11:05 . 2010-10-16 11:05	253952	----a-w-	c:\windows\system32\nvrssv.dll
2010-10-16 11:05 . 2010-10-16 11:05	253952	----a-w-	c:\windows\system32\nvrsda.dll
2010-10-16 11:05 . 2010-10-16 11:05	249856	----a-w-	c:\windows\system32\nvrsfi.dll
2010-10-16 11:05 . 2010-10-16 11:05	249856	----a-w-	c:\windows\system32\nvrseng.dll
2010-10-16 11:05 . 2010-10-16 11:05	249856	----a-w-	c:\windows\system32\nvrscs.dll
2010-10-16 11:05 . 2010-10-16 11:05	229376	----a-w-	c:\windows\system32\nvrszhc.dll
2010-10-16 11:05 . 2010-10-16 11:05	126976	----a-w-	c:\windows\system32\nvrszht.dll
2010-10-16 11:05 . 2010-10-16 11:05	282624	----a-w-	c:\windows\system32\nvrsit.dll
2010-10-16 11:05 . 2010-10-16 11:05	277608	----a-w-	c:\windows\system32\nvmccs.dll
2010-10-16 11:05 . 2010-10-16 11:05	274432	----a-w-	c:\windows\system32\nvrspt.dll
2010-10-16 11:05 . 2010-10-16 11:05	270336	----a-w-	c:\windows\system32\nvrsja.dll
2010-10-16 11:05 . 2010-10-16 11:05	258048	----a-w-	c:\windows\system32\nvrspl.dll
2010-10-16 11:05 . 2010-10-16 11:05	253952	----a-w-	c:\windows\system32\nvrsno.dll
2010-10-16 11:05 . 2010-10-16 11:05	156776	----a-w-	c:\windows\system32\nvsvc32.exe
2010-10-16 11:05 . 2010-10-16 11:05	145000	----a-w-	c:\windows\system32\nvcolor.exe
2010-10-16 11:05 . 2010-10-16 11:05	13851752	----a-w-	c:\windows\system32\nvcpl.dll
2010-10-16 11:05 . 2010-10-16 11:05	110696	----a-w-	c:\windows\system32\nvmctray.dll
.

(((((((((((((((((((((((((((((   SnapShot@2010-11-07_11.57.27   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-19 18:35 . 2010-11-19 18:54	76421              c:\windows\War3Unin.dat
+ 2010-12-23 22:33 . 2010-12-23 22:33	16384              c:\windows\Temp\Perflib_Perfdata_698.dat
+ 2010-03-18 08:15 . 2010-03-18 08:15	51024              c:\windows\system32\vcomp100.dll
+ 2008-04-14 12:00 . 2010-11-03 13:12	46080              c:\windows\system32\tzchange.exe
- 2008-04-14 12:00 . 2010-06-21 14:46	46080              c:\windows\system32\tzchange.exe
- 2010-08-31 10:47 . 2007-11-30 03:39	18808              c:\windows\system32\spmsg.dll
+ 2010-08-31 10:47 . 2009-05-26 11:40	18808              c:\windows\system32\spmsg.dll
+ 2008-04-14 12:00 . 2010-12-23 22:47	68294              c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2010-12-23 22:47	81086              c:\windows\system32\perfc007.dat
+ 2010-03-18 08:15 . 2010-03-18 08:15	80720              c:\windows\system32\mfcm100u.dll
+ 2010-03-18 08:15 . 2010-03-18 08:15	80208              c:\windows\system32\mfcm100.dll
+ 2010-03-18 08:15 . 2010-03-18 08:15	60752              c:\windows\system32\mfc100rus.dll
+ 2010-03-18 08:15 . 2010-03-18 08:15	43344              c:\windows\system32\mfc100kor.dll
+ 2010-03-18 08:15 . 2010-03-18 08:15	43856              c:\windows\system32\mfc100jpn.dll
+ 2010-03-18 08:15 . 2010-03-18 08:15	62288              c:\windows\system32\mfc100ita.dll
+ 2010-03-18 08:15 . 2010-03-18 08:15	64336              c:\windows\system32\mfc100fra.dll
+ 2010-03-18 08:15 . 2010-03-18 08:15	63824              c:\windows\system32\mfc100esn.dll
+ 2010-03-18 08:15 . 2010-03-18 08:15	55120              c:\windows\system32\mfc100enu.dll
+ 2010-03-18 08:15 . 2010-03-18 08:15	64336              c:\windows\system32\mfc100deu.dll
+ 2010-03-18 08:15 . 2010-03-18 08:15	36176              c:\windows\system32\mfc100cht.dll
+ 2010-03-18 08:15 . 2010-03-18 08:15	36176              c:\windows\system32\mfc100chs.dll
+ 2010-08-30 16:32 . 2010-12-16 02:29	93480              c:\windows\system32\FNTCACHE.DAT
- 2010-08-30 16:32 . 2010-11-06 18:33	93480              c:\windows\system32\FNTCACHE.DAT
+ 2008-04-14 00:15 . 2008-04-13 23:15	49408              c:\windows\system32\drivers\stream.sys
- 2008-04-14 00:15 . 2008-04-13 22:15	49408              c:\windows\system32\drivers\stream.sys
- 2010-08-30 16:01 . 2008-04-13 22:15	60160              c:\windows\system32\drivers\drmk.sys
+ 2010-08-30 16:01 . 2008-04-13 23:15	60160              c:\windows\system32\drivers\drmk.sys
+ 2010-08-30 15:40 . 2010-10-11 14:59	45568              c:\windows\system32\dllcache\wab.exe
- 2008-04-14 00:15 . 2008-04-13 22:15	49408              c:\windows\system32\dllcache\stream.sys
+ 2008-04-14 00:15 . 2008-04-13 23:15	49408              c:\windows\system32\dllcache\stream.sys
+ 2008-04-14 12:00 . 2010-11-02 15:17	40960              c:\windows\system32\dllcache\ndproxy.sys
+ 2010-08-30 15:40 . 2010-11-18 18:12	86016              c:\windows\system32\dllcache\isign32.dll
- 2010-08-30 15:40 . 2008-04-14 12:00	86016              c:\windows\system32\dllcache\isign32.dll
- 2008-04-14 12:00 . 2010-09-09 14:17	81920              c:\windows\system32\dllcache\ieencode.dll
+ 2008-04-14 12:00 . 2010-11-05 05:04	81920              c:\windows\system32\dllcache\ieencode.dll
- 2010-08-30 16:01 . 2008-04-13 22:15	60160              c:\windows\system32\dllcache\drmk.sys
+ 2010-08-30 16:01 . 2008-04-13 23:15	60160              c:\windows\system32\dllcache\drmk.sys
- 2010-08-30 15:44 . 2010-08-30 15:44	32768              c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat
+ 2010-08-30 15:44 . 2010-12-07 05:47	32768              c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat
+ 2010-08-30 15:44 . 2010-12-07 05:47	32768              c:\windows\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-30 15:44 . 2010-08-30 15:44	32768              c:\windows\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat
+ 2010-11-15 05:51 . 2010-12-07 05:47	16384              c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-08-30 15:44 . 2010-08-30 15:44	16384              c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-07-29 18:16 . 2008-07-29 18:16	32768              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2010-04-07 22:48 . 2010-04-07 22:48	32768              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2010-09-22 08:43 . 2010-09-22 08:43	30544              c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2008-07-29 20:07 . 2008-07-29 20:07	23040              c:\windows\Installer\696ac.msp
+ 2007-12-28 08:27 . 2007-12-28 08:27	25088              c:\windows\Installer\68b4d1.msp
+ 2007-12-28 06:43 . 2007-12-28 06:43	22016              c:\windows\Installer\68b4bf.msp
+ 2010-11-11 21:34 . 2010-11-11 21:34	88576              c:\windows\Installer\3d244.msi
+ 2010-12-16 02:14 . 2010-12-16 02:14	60928              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5ec9dec678303ebff0ef018edb5ec595\UIAutomationProvider.ni.dll
+ 2010-12-16 02:16 . 2010-12-16 02:16	37888              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll
+ 2010-12-16 02:16 . 2010-12-16 02:16	36864              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\70ee6267f7bad40e8707d402277770c3\System.Web.DynamicData.Design.ni.dll
+ 2010-12-16 02:15 . 2010-12-16 02:15	94208              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2b5ff2c6358c483eb1439b99badb54fd\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-12-16 02:15 . 2010-12-16 02:15	82944              c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\6125ff5a4fcd93d70a246cbff3005d42\System.AddIn.Contract.ni.dll
+ 2010-12-16 02:12 . 2010-12-16 02:12	47104              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\de26af01222270c121788161496fcfe7\PresentationFontCache.ni.exe
+ 2010-12-16 02:12 . 2010-12-16 02:12	39424              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3c5adeedb70e6e052a6556c6ab9b6918\PresentationCFFRasterizer.ni.dll
+ 2010-12-16 02:16 . 2010-12-16 02:16	55296              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll
+ 2010-12-16 02:15 . 2010-12-16 02:15	74752              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e1d4e0b1f112000ab33bbaf88bd9ed99\Microsoft.Build.Framework.ni.dll
+ 2010-12-16 02:15 . 2010-12-16 02:15	65024              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4200cf5b7f247ec1b997808c6d1ba7d1\Microsoft.Build.Framework.ni.dll
+ 2010-12-16 02:15 . 2010-12-16 02:15	14336              c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\50b7fc7f36c76313cbb434b10923e4e9\dfsvc.ni.exe
+ 2010-12-16 02:15 . 2010-12-16 02:15	25600              c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5ffa548547613dbc5a92f2c5b7cad196\Accessibility.ni.dll
+ 2010-11-11 21:35 . 2010-11-11 21:35	94208              c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2010-11-06 18:24 . 2010-11-06 18:24	94208              c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2010-11-06 18:24 . 2010-11-06 18:24	98304              c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2010-11-11 21:35 . 2010-11-11 21:35	98304              c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2010-11-06 18:24 . 2010-11-06 18:24	40960              c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2010-11-11 21:35 . 2010-11-11 21:35	40960              c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2010-11-11 21:37 . 2010-11-11 21:37	12288              c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2010-11-06 18:25 . 2010-11-06 18:25	12288              c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2010-11-10 11:19 . 2010-11-10 11:19	81920              c:\windows\assembly\GAC_MSIL\System.Web.Services.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Web.Services.Resources.dll
- 2010-11-06 17:48 . 2010-11-06 17:48	81920              c:\windows\assembly\GAC_MSIL\System.Web.Services.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Web.Services.Resources.dll
+ 2010-11-11 21:37 . 2010-11-11 21:37	61440              c:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
- 2010-11-06 18:25 . 2010-11-06 18:25	61440              c:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	77824              c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-12-16 02:11 . 2010-12-16 02:11	77824              c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-11-06 17:48 . 2010-11-06 17:48	81920              c:\windows\assembly\GAC_MSIL\System.Web.Mobile.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Web.Mobile.resources.dll
+ 2010-11-10 11:19 . 2010-11-10 11:19	81920              c:\windows\assembly\GAC_MSIL\System.Web.Mobile.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Web.Mobile.resources.dll
- 2010-11-06 18:25 . 2010-11-06 18:25	32768              c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2010-11-11 21:37 . 2010-11-11 21:37	32768              c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2010-11-11 21:37 . 2010-11-11 21:37	77824              c:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
- 2010-11-06 18:25 . 2010-11-06 18:25	77824              c:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
- 2010-11-06 17:48 . 2010-11-06 17:48	28672              c:\windows\assembly\GAC_MSIL\System.Transactions.resources\2.0.0.0_de_b77a5c561934e089\System.Transactions.resources.dll
+ 2010-11-10 11:19 . 2010-11-10 11:19	28672              c:\windows\assembly\GAC_MSIL\System.Transactions.resources\2.0.0.0_de_b77a5c561934e089\System.Transactions.resources.dll
+ 2010-11-10 11:19 . 2010-11-10 11:19	40960              c:\windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.Resources.dll
- 2010-11-06 17:48 . 2010-11-06 17:48	40960              c:\windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.Resources.dll
- 2010-11-06 18:24 . 2010-11-06 18:24	32768              c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-12-16 02:06 . 2010-12-16 02:06	32768              c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-11-11 21:35 . 2010-11-11 21:35	73728              c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
- 2010-11-06 18:24 . 2010-11-06 18:24	73728              c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
- 2010-11-06 17:48 . 2010-11-06 17:48	28672              c:\windows\assembly\GAC_MSIL\System.Security.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Security.Resources.dll
+ 2010-11-10 11:19 . 2010-11-10 11:19	28672              c:\windows\assembly\GAC_MSIL\System.Security.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Security.Resources.dll
- 2010-11-06 17:48 . 2010-11-06 17:48	11776              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.Resources.dll
+ 2010-11-10 11:19 . 2010-11-10 11:19	11776              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.Resources.dll
- 2010-11-06 17:48 . 2010-11-06 17:48	32768              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.Resources.dll
+ 2010-11-10 11:19 . 2010-11-10 11:19	32768              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.Resources.dll
- 2010-11-06 17:48 . 2010-11-06 17:48	61440              c:\windows\assembly\GAC_MSIL\System.Messaging.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Messaging.Resources.dll
+ 2010-11-10 11:19 . 2010-11-10 11:19	61440              c:\windows\assembly\GAC_MSIL\System.Messaging.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Messaging.Resources.dll
- 2010-11-06 17:48 . 2010-11-06 17:48	13824              c:\windows\assembly\GAC_MSIL\system.management.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Management.Resources.dll
+ 2010-11-10 11:19 . 2010-11-10 11:19	13824              c:\windows\assembly\GAC_MSIL\system.management.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Management.Resources.dll
+ 2010-11-10 11:19 . 2010-11-10 11:19	32768              c:\windows\assembly\GAC_MSIL\System.EnterpriseServices.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.EnterpriseServices.Resources.dll
- 2010-11-06 17:48 . 2010-11-06 17:48	32768              c:\windows\assembly\GAC_MSIL\System.EnterpriseServices.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.EnterpriseServices.Resources.dll
- 2010-11-06 17:48 . 2010-11-06 17:48	24576              c:\windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Drawing.Resources.dll
+ 2010-11-10 11:19 . 2010-11-10 11:19	24576              c:\windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Drawing.Resources.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	81920              c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-12-16 02:11 . 2010-12-16 02:11	81920              c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-11-06 17:48 . 2010-11-06 17:48	40960              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.DirectoryServices.Resources.dll
+ 2010-11-10 11:19 . 2010-11-10 11:19	40960              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.DirectoryServices.Resources.dll
+ 2010-11-10 11:19 . 2010-11-10 11:19	28672              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.DirectoryServices.Protocols.resources.dll
- 2010-11-06 17:48 . 2010-11-06 17:48	28672              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.DirectoryServices.Protocols.resources.dll
+ 2010-11-10 11:19 . 2010-11-10 11:19	36864              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml.resources\2.0.0.0_de_b77a5c561934e089\system.data.sqlxml.resources.dll
- 2010-11-06 17:48 . 2010-11-06 17:48	36864              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml.resources\2.0.0.0_de_b77a5c561934e089\system.data.sqlxml.resources.dll
+ 2010-11-11 21:36 . 2010-11-11 21:36	53248              c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2010-11-06 18:25 . 2010-11-06 18:25	53248              c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2010-11-10 11:19 . 2010-11-10 11:19	49152              c:\windows\assembly\GAC_MSIL\SYSTEM.CONFIGURATION.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Configuration.resources.dll
- 2010-11-06 17:48 . 2010-11-06 17:48	49152              c:\windows\assembly\GAC_MSIL\SYSTEM.CONFIGURATION.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Configuration.resources.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	81920              c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-12-16 02:12 . 2010-12-16 02:12	81920              c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-11-06 17:48 . 2010-11-06 17:48	28672              c:\windows\assembly\GAC_MSIL\System.Configuration.Install.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Configuration.Install.Resources.dll
+ 2010-11-10 11:19 . 2010-11-10 11:19	28672              c:\windows\assembly\GAC_MSIL\System.Configuration.Install.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Configuration.Install.Resources.dll
- 2010-11-06 18:25 . 2010-11-06 18:25	57344              c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2010-11-11 21:37 . 2010-11-11 21:37	57344              c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2010-11-11 21:36 . 2010-11-11 21:36	45056              c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2010-11-06 18:25 . 2010-11-06 18:25	45056              c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2010-11-06 17:48 . 2010-11-06 17:48	10752              c:\windows\assembly\GAC_MSIL\sysglobl.resources\2.0.0.0_de_b03f5f7f11d50a3a\sysglobl.resources.dll
+ 2010-11-10 11:19 . 2010-11-10 11:19	10752              c:\windows\assembly\GAC_MSIL\sysglobl.resources\2.0.0.0_de_b03f5f7f11d50a3a\sysglobl.resources.dll
- 2010-11-06 18:24 . 2010-11-06 18:24	46104              c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
+ 2010-11-11 21:35 . 2010-11-11 21:35	46104              c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
- 2010-11-06 18:24 . 2010-11-06 18:24	32768              c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2010-11-11 21:35 . 2010-11-11 21:35	32768              c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2010-12-16 02:11 . 2010-12-16 02:11	32768              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	32768              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	12800              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-12-16 02:12 . 2010-12-16 02:12	12800              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-11-06 18:25 . 2010-11-06 18:25	41984              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
+ 2010-11-11 21:36 . 2010-11-11 21:36	41984              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	28672              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-12-16 02:12 . 2010-12-16 02:12	28672              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-11-06 17:48 . 2010-11-06 17:48	61440              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
+ 2010-11-10 11:19 . 2010-11-10 11:19	61440              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
- 2010-11-06 17:48 . 2010-11-06 17:48	45056              c:\windows\assembly\GAC_MSIL\Microsoft.Jscript.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.JScript.Resources.dll
+ 2010-11-10 11:19 . 2010-11-10 11:19	45056              c:\windows\assembly\GAC_MSIL\Microsoft.Jscript.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.JScript.Resources.dll
+ 2010-12-16 02:12 . 2010-12-16 02:12	77824              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	77824              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-11-11 21:36 . 2010-11-11 21:36	94208              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
- 2010-11-06 18:25 . 2010-11-06 18:25	94208              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
+ 2010-11-10 11:19 . 2010-11-10 11:19	10752              c:\windows\assembly\GAC_MSIL\microsoft.build.utilities.resources\2.0.0.0_de_b03f5f7f11d50a3a\Microsoft.Build.Utilities.Resources.dll
- 2010-11-06 17:48 . 2010-11-06 17:48	10752              c:\windows\assembly\GAC_MSIL\microsoft.build.utilities.resources\2.0.0.0_de_b03f5f7f11d50a3a\Microsoft.Build.Utilities.Resources.dll
+ 2010-12-16 02:12 . 2010-12-16 02:12	36864              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	36864              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-11-10 11:19 . 2010-11-10 11:19	53248              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\2.0.0.0_de_b03f5f7f11d50a3a\Microsoft.Build.Engine.resources.dll
- 2010-11-06 17:48 . 2010-11-06 17:48	53248              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\2.0.0.0_de_b03f5f7f11d50a3a\Microsoft.Build.Engine.resources.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	77824              c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-12-16 02:12 . 2010-12-16 02:12	77824              c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-12-16 02:12 . 2010-12-16 02:12	13312              c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	13312              c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	10752              c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-12-16 02:12 . 2010-12-16 02:12	10752              c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	72192              c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-12-16 02:12 . 2010-12-16 02:12	72192              c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-12-16 02:12 . 2010-12-16 02:12	69120              c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	69120              c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	8192              c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-12-16 02:12 . 2010-12-16 02:12	8192              c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-11-17 13:05 . 2009-04-06 09:08	4682              c:\windows\system32\npptNT2.sys
- 2010-11-06 17:48 . 2010-11-06 17:48	6144              c:\windows\assembly\GAC_MSIL\System.Drawing.Design.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Drawing.Design.Resources.dll
+ 2010-11-10 11:19 . 2010-11-10 11:19	6144              c:\windows\assembly\GAC_MSIL\System.Drawing.Design.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Drawing.Design.Resources.dll
- 2010-11-06 18:25 . 2010-11-06 18:25	5632              c:\windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
+ 2010-11-11 21:36 . 2010-11-11 21:36	5632              c:\windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	7168              c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-12-16 02:12 . 2010-12-16 02:12	7168              c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-12-16 02:12 . 2010-12-16 02:12	5632              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-11-06 21:24 . 2010-11-06 21:24	5632              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-11-10 11:19 . 2010-11-10 11:19	9728              c:\windows\assembly\GAC_MSIL\MICROSOFT.VISUALBASIC.COMPATIBILITY.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.resources.dll
- 2010-11-06 17:48 . 2010-11-06 17:48	9728              c:\windows\assembly\GAC_MSIL\MICROSOFT.VISUALBASIC.COMPATIBILITY.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.resources.dll
+ 2010-11-10 11:19 . 2010-11-10 11:19	9216              c:\windows\assembly\GAC_MSIL\MICROSOFT.VISUALBASIC.COMPATIBILITY.DATA.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.resources.dll
- 2010-11-06 17:48 . 2010-11-06 17:48	9216              c:\windows\assembly\GAC_MSIL\MICROSOFT.VISUALBASIC.COMPATIBILITY.DATA.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.resources.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	6656              c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-12-16 02:12 . 2010-12-16 02:12	6656              c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-12-16 02:12 . 2010-12-16 02:12	113664              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	113664              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-12-16 02:12 . 2010-12-16 02:12	258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-04-14 12:00 . 2010-11-05 05:04	628736              c:\windows\system32\urlmon.dll
- 2008-04-14 12:00 . 2010-09-09 14:17	628736              c:\windows\system32\urlmon.dll
+ 2008-04-14 12:00 . 2010-12-23 22:47	433338              c:\windows\system32\perfh009.dat
+ 2008-04-14 12:00 . 2010-12-23 22:47	449452              c:\windows\system32\perfh007.dat
+ 2010-03-18 08:15 . 2010-03-18 08:15	770384              c:\windows\system32\msvcr100.dll
+ 2010-03-18 08:15 . 2010-03-18 08:15	421200              c:\windows\system32\msvcp100.dll
+ 2008-04-14 12:00 . 2010-11-05 05:04	532480              c:\windows\system32\mstime.dll
- 2008-04-14 12:00 . 2008-04-14 12:00	532480              c:\windows\system32\mstime.dll
+ 2008-04-14 12:00 . 2010-11-05 05:04	449024              c:\windows\system32\mshtmled.dll
- 2008-04-14 12:00 . 2010-09-09 14:17	449024              c:\windows\system32\mshtmled.dll
+ 2010-11-18 19:42 . 2010-11-18 19:42	233936              c:\windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe
- 2008-04-14 12:00 . 2010-09-09 14:17	251904              c:\windows\system32\iepeers.dll
+ 2008-04-14 12:00 . 2010-11-05 05:04	251904              c:\windows\system32\iepeers.dll
+ 2010-08-30 16:01 . 2008-04-13 23:49	146048              c:\windows\system32\drivers\portcls.sys
- 2010-08-30 16:01 . 2008-04-13 22:49	146048              c:\windows\system32\drivers\portcls.sys
+ 2008-04-14 00:46 . 2008-04-13 23:46	141056              c:\windows\system32\drivers\ks.sys
- 2008-04-14 00:46 . 2008-04-13 22:46	141056              c:\windows\system32\drivers\ks.sys
+ 2008-04-14 12:00 . 2010-11-05 05:04	672768              c:\windows\system32\dllcache\wininet.dll
- 2008-04-14 12:00 . 2010-09-09 14:17	672768              c:\windows\system32\dllcache\wininet.dll
- 2008-04-14 12:00 . 2010-09-09 14:17	628736              c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-14 12:00 . 2010-11-05 05:04	628736              c:\windows\system32\dllcache\urlmon.dll
- 2010-08-30 16:01 . 2008-04-13 22:49	146048              c:\windows\system32\dllcache\portcls.sys
+ 2010-08-30 16:01 . 2008-04-13 23:49	146048              c:\windows\system32\dllcache\portcls.sys
+ 2008-04-14 12:00 . 2010-11-05 05:04	532480              c:\windows\system32\dllcache\mstime.dll
- 2008-04-14 12:00 . 2008-04-14 12:00	532480              c:\windows\system32\dllcache\mstime.dll
- 2008-04-14 12:00 . 2010-09-09 14:17	449024              c:\windows\system32\dllcache\mshtmled.dll
+ 2008-04-14 12:00 . 2010-11-05 05:04	449024              c:\windows\system32\dllcache\mshtmled.dll
+ 2008-04-14 00:46 . 2008-04-13 23:46	141056              c:\windows\system32\dllcache\ks.sys
- 2008-04-14 00:46 . 2008-04-13 22:46	141056              c:\windows\system32\dllcache\ks.sys
- 2008-04-14 12:00 . 2010-09-09 14:17	251904              c:\windows\system32\dllcache\iepeers.dll
+ 2008-04-14 12:00 . 2010-11-05 05:04	251904              c:\windows\system32\dllcache\iepeers.dll
+ 2008-04-14 12:00 . 2010-10-28 13:12	290048              c:\windows\system32\dllcache\atmfd.dll
+ 2010-03-18 08:15 . 2010-03-18 08:15	138056              c:\windows\system32\atl100.dll
+ 2010-11-11 21:36 . 2010-11-11 21:36	652800              c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
- 2010-11-06 18:24 . 2010-11-06 18:24	652800              c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2010-04-07 22:48 . 2010-04-07 22:48	970752              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
- 2008-07-29 18:16 . 2008-07-29 18:16	110592              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-04-07 22:48 . 2010-04-07 22:48	110592              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-09-22 08:43 . 2010-09-22 08:43	435024              c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2010-05-11 05:40 . 2010-05-11 05:40	388936              c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2009-08-07 22:51 . 2009-08-07 22:51	989016              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-05-11 05:40 . 2010-05-11 05:40	989016              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2009-03-20 10:48 . 2009-03-20 10:48	183808              c:\windows\Installer\91cb446.msp
+ 2008-12-13 08:58 . 2008-12-13 08:58	754688              c:\windows\Installer\7b33b.msp
+ 2010-11-11 21:37 . 2010-11-11 21:37	648192              c:\windows\Installer\7b265.msi
+ 2008-07-29 20:23 . 2008-07-29 20:23	250880              c:\windows\Installer\696b5.msp
+ 2008-07-29 20:28 . 2008-07-29 20:28	278016              c:\windows\Installer\696b3.msp
+ 2008-07-29 18:40 . 2008-07-29 18:40	291840              c:\windows\Installer\696b1.msp
+ 2010-11-11 21:36 . 2010-11-11 21:36	137728              c:\windows\Installer\696ab.msi
+ 2007-12-28 08:19 . 2007-12-28 08:19	152064              c:\windows\Installer\68b4d3.msp
+ 2007-12-28 08:13 . 2007-12-28 08:13	117760              c:\windows\Installer\68b4d2.msp
+ 2007-12-28 08:15 . 2007-12-28 08:15	738304              c:\windows\Installer\68b4d0.msp
+ 2007-12-28 08:21 . 2007-12-28 08:21	314880              c:\windows\Installer\68b4cf.msp
+ 2007-12-28 08:17 . 2007-12-28 08:17	166912              c:\windows\Installer\68b4ce.msp
+ 2007-12-28 06:49 . 2007-12-28 06:49	709120              c:\windows\Installer\68b4be.msp
+ 2007-12-28 06:56 . 2007-12-28 06:56	491008              c:\windows\Installer\68b4bd.msp
+ 2007-12-28 06:41 . 2007-12-28 06:41	245248              c:\windows\Installer\68b4bc.msp
+ 2007-12-28 06:53 . 2007-12-28 06:53	706560              c:\windows\Installer\68b4bb.msp
+ 2010-11-10 11:19 . 2010-11-10 11:19	103424              c:\windows\Installer\68b4ba.msi
+ 2010-11-10 11:08 . 2010-11-10 11:08	151552              c:\windows\Installer\5f4b19.msi
+ 2008-07-29 16:35 . 2008-07-29 16:35	553472              c:\windows\Installer\3d249.msp
+ 2008-07-29 16:33 . 2008-07-29 16:33	506368              c:\windows\Installer\3d247.msp
+ 2008-07-29 16:37 . 2008-07-29 16:37	911360              c:\windows\Installer\3d246.msp
+ 2010-11-26 13:59 . 2010-11-26 13:59	178176              c:\windows\Installer\1c91d7f.msi
+ 2010-09-23 20:02 . 2010-09-23 20:02	798208              c:\windows\Installer\106ca81.msp
+ 2010-11-10 23:25 . 2010-11-10 23:25	380928              c:\windows\Installer\{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}\iTunesIco.exe
+ 2010-09-22 17:10 . 2010-09-22 17:10	103864              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B7449A0400000010\9.4.0\nppdf32.dll
+ 2010-12-16 02:15 . 2010-12-16 02:15	321536              c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\a16b8bcca59515281688ec856c034698\WsatConfig.ni.exe
+ 2010-12-16 02:14 . 2010-12-16 02:14	240128              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\672c4d8e3c33e309c1ed90fa4cb85aba\WindowsFormsIntegration.ni.dll
+ 2010-12-16 02:14 . 2010-12-16 02:14	187904              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\cd91a32f4e36ccb2981c72c0d333e928\UIAutomationTypes.ni.dll
+ 2010-12-16 02:13 . 2010-12-16 02:14	447488              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\9df760fdf8071c7b0de78f39de365e6a\UIAutomationClient.ni.dll
+ 2010-12-16 02:16 . 2010-12-16 02:16	129536              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\7f9a1ae146571025fd49914b5c71a39b\System.Web.Routing.ni.dll
+ 2010-12-16 02:16 . 2010-12-16 02:16	202240              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\d0ae809162b55e2fa958739177476af8\System.Web.RegularExpressions.ni.dll
+ 2010-12-16 02:16 . 2010-12-16 02:16	859648              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\b1646e54b708b9824f4193f87eb00c0e\System.Web.Extensions.Design.ni.dll
+ 2010-12-16 02:16 . 2010-12-16 02:16	328704              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\504a93e73da77c502ecf98bfdfc1485e\System.Web.Entity.ni.dll
+ 2010-12-16 02:16 . 2010-12-16 02:16	301056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f22334fbd9497d79448fffef515ae0cc\System.Web.Entity.Design.ni.dll
+ 2010-12-16 02:16 . 2010-12-16 02:16	547328              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\af5452305588da228a74e30324681d20\System.Web.DynamicData.ni.dll
+ 2010-12-16 02:16 . 2010-12-16 02:16	141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\9d9bca1a8993c427984aa1bc9c165a33\System.Web.Abstractions.ni.dll
+ 2010-12-16 02:16 . 2010-12-16 02:16	627200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\26d5bf1f7e700c2c19aa9b1da5519b24\System.Transactions.ni.dll
+ 2010-12-16 02:16 . 2010-12-16 02:16	212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll
+ 2010-12-16 02:15 . 2010-12-16 02:15	679936              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\75e331a5d731d8e207be07adc06dec23\System.Security.ni.dll
+ 2010-12-16 02:16 . 2010-12-16 02:16	311296              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dd7497aa089340600c8c5af8ab421ff7\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-12-16 02:16 . 2010-12-16 02:16	621056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll
+ 2010-12-16 02:16 . 2010-12-16 02:16	998400              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll
+ 2010-12-16 02:16 . 2010-12-16 02:16	330752              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll
+ 2010-12-16 02:15 . 2010-12-16 02:15	381440              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\4490976887e2e5a3b594041edbdf5064\System.IO.Log.ni.dll
+ 2010-12-16 02:15 . 2010-12-16 02:15	212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\77b9f6f6671aaaeb84c6907d467e792c\System.IdentityModel.Selectors.ni.dll
+ 2010-12-16 02:13 . 2010-12-16 02:13	208384              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\90199b4aa63b1b9c8ed0c3de16eec824\System.Drawing.Design.ni.dll
+ 2010-12-16 02:16 . 2010-12-16 02:16	881152              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-12-16 02:16 . 2010-12-16 02:16	455680              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7a823a4f61cf8c86aad02559f8fed07b\System.DirectoryServices.Protocols.ni.dll
+ 2010-12-16 02:16 . 2010-12-16 02:16	354816              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll
+ 2010-12-16 02:16 . 2010-12-16 02:16	939008              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll
+ 2010-12-16 02:16 . 2010-12-16 02:16	756736              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\165bd290e518b9397ca55192985fdee3\System.Data.Entity.Design.ni.dll
+ 2010-12-16 02:15 . 2010-12-16 02:15	135680              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\41345e34f26854fc1878eae3e4d5d4a5\System.Data.DataSetExtensions.ni.dll
+ 2010-12-16 02:15 . 2010-12-16 02:15	971264              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll
+ 2010-12-16 02:16 . 2010-12-16 02:16	141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\b48677ab9aa7a6830785f67b8478b4da\System.Configuration.Install.ni.dll
+ 2010-12-16 02:15 . 2010-12-16 02:15	633856              c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\93a0958d5557e2b380647af0171ad354\System.AddIn.ni.dll
+ 2010-12-16 02:15 . 2010-12-16 02:15	366080              c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d0758f84e927e3f0a15a6cde1b96d835\SMSvcHost.ni.exe
+ 2010-12-16 02:15 . 2010-12-16 02:15	256000              c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8043a108e3bb2d3dcc84b547b8085e99\SMDiagnostics.ni.dll
+ 2010-12-16 02:15 . 2010-12-16 02:15	320512              c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\72d3aacfca2e1ce835c210f5a1decb36\ServiceModelReg.ni.exe
+ 2010-12-16 02:13 . 2010-12-16 02:13	368128              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e7e7321956e6822b1bf3691c35c842f6\PresentationFramework.Aero.ni.dll
+ 2010-12-16 02:13 . 2010-12-16 02:13	258048              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a14488afff027f0f2985e659449097f5\PresentationFramework.Royale.ni.dll
+ 2010-12-16 02:13 . 2010-12-16 02:13	224768              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\787e60c5dd562cb45887080095d2a3b7\PresentationFramework.Classic.ni.dll
+ 2010-12-16 02:13 . 2010-12-16 02:13	539648              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2313ccc125dcb6a9800048ec1c51ec12\PresentationFramework.Luna.ni.dll
+ 2010-12-16 02:15 . 2010-12-16 02:15	133632              c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5db9c32d9f352162e6da220ca463db0d\MSBuild.ni.exe
+ 2010-12-16 02:15 . 2010-12-16 02:15	386560              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fcf975f74bd134d8e0fa8f37c5bc6a8c\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-12-16 02:15 . 2010-12-16 02:15	144384              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d6b9038136600fbfbbbd7460dc19da19\Microsoft.Build.Utilities.ni.dll
+ 2010-12-16 02:15 . 2010-12-16 02:15	175104              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\585cc7218599e7806521d0e737ba5ffb\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-12-16 02:15 . 2010-12-16 02:15	839680              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3057ec53731286e69e389d103c32fa41\Microsoft.Build.Engine.ni.dll
+ 2010-12-16 02:15 . 2010-12-16 02:15	222720              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\914e338ac6e92714f3e32ae5d89bf03b\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-12-16 02:15 . 2010-12-16 02:15	220672              c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\12ae6f3635448471fc9f7d8bfe39c67d\CustomMarshalers.ni.dll
+ 2010-12-16 02:15 . 2010-12-16 02:15	410112              c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\daca3c9ad6d867d3fec70d14b4f20cf3\ComSvcConfig.ni.exe
+ 2010-12-16 02:15 . 2010-12-16 02:15	842240              c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\af4a3ae6d5c1cafa57002beb487b8d7a\AspNetMMCExt.ni.dll
+ 2010-11-11 21:35 . 2010-11-11 21:35	385024              c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2010-11-06 18:24 . 2010-11-06 18:24	385024              c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2010-11-06 18:24 . 2010-11-06 18:24	167936              c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2010-11-11 21:35 . 2010-11-11 21:35	167936              c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2010-11-10 11:19 . 2010-11-10 11:19	163840              c:\windows\assembly\GAC_MSIL\System.XML.resources\2.0.0.0_de_b77a5c561934e089\System.xml.Resources.dll
- 2010-11-06 17:48 . 2010-11-06 17:48	163840              c:\windows\assembly\GAC_MSIL\System.XML.resources\2.0.0.0_de_b77a5c561934e089\System.xml.Resources.dll
- 2010-11-06 18:24 . 2010-11-06 18:24	507904              c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2010-11-11 21:36 . 2010-11-11 21:36	507904              c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2010-11-11 21:35 . 2010-11-11 21:35	540672              c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
- 2010-11-06 18:24 . 2010-11-06 18:24	540672              c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2010-11-10 11:19 . 2010-11-10 11:19	430080              c:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.Resources.dll
- 2010-11-06 17:48 . 2010-11-06 17:48	430080              c:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.Resources.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	839680              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-12-16 02:11 . 2010-12-16 02:11	839680              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-11-10 11:19 . 2010-11-10 11:19	622592              c:\windows\assembly\GAC_MSIL\System.Web.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Web.Resources.dll
- 2010-11-06 17:48 . 2010-11-06 17:48	622592              c:\windows\assembly\GAC_MSIL\System.Web.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Web.Resources.dll
+ 2010-12-16 02:11 . 2010-12-16 02:11	835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-11-11 21:37 . 2010-11-11 21:37	335872              c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
- 2010-11-06 18:25 . 2010-11-06 18:25	335872              c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2010-11-11 21:41 . 2010-11-11 21:41	139264              c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
- 2010-11-06 21:22 . 2010-11-06 21:22	139264              c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
- 2010-11-06 18:25 . 2010-11-06 18:25	131072              c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2010-11-11 21:37 . 2010-11-11 21:37	131072              c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2010-11-11 21:41 . 2010-11-11 21:41	229376              c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
- 2010-11-06 21:22 . 2010-11-06 21:22	229376              c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2010-11-10 11:17 . 2010-11-10 11:17	688128              c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2010-11-06 17:47 . 2010-11-06 17:47	688128              c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2010-12-16 02:12 . 2010-12-16 02:12	114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-11-06 18:24 . 2010-11-06 18:24	569344              c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2010-11-11 21:36 . 2010-11-11 21:36	569344              c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2010-12-16 02:12 . 2010-12-16 02:12	258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-12-16 02:06 . 2010-12-16 02:06	970752              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2010-12-16 02:11 . 2010-12-16 02:11	131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	303104              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-12-16 02:11 . 2010-12-16 02:11	303104              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-11-06 17:48 . 2010-11-06 17:48	212992              c:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\system.resources.dll
+ 2010-11-10 11:19 . 2010-11-10 11:19	212992              c:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\system.resources.dll
+ 2010-11-11 21:37 . 2010-11-11 21:37	233472              c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2010-11-06 18:25 . 2010-11-06 18:25	233472              c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-12-16 02:11 . 2010-12-16 02:11	258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-12-16 02:12 . 2010-12-16 02:12	372736              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	372736              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-11-11 21:37 . 2010-11-11 21:37	143360              c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2010-11-06 18:25 . 2010-11-06 18:25	143360              c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2010-11-11 21:35 . 2010-11-11 21:35	131072              c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2010-11-06 18:24 . 2010-11-06 18:24	131072              c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2010-12-16 02:06 . 2010-12-16 02:06	438272              c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2010-11-06 18:24 . 2010-11-06 18:24	126976              c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2010-11-11 21:35 . 2010-11-11 21:35	126976              c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	626688              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-12-16 02:12 . 2010-12-16 02:12	626688              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	401408              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-12-16 02:12 . 2010-12-16 02:12	401408              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-12-16 02:12 . 2010-12-16 02:12	188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-11-06 18:25 . 2010-11-06 18:25	286720              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2010-11-11 21:36 . 2010-11-11 21:36	286720              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2010-11-06 17:48 . 2010-11-06 17:48	544768              c:\windows\assembly\GAC_MSIL\System.Design.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Design.Resources.dll
+ 2010-11-10 11:19 . 2010-11-10 11:19	544768              c:\windows\assembly\GAC_MSIL\System.Design.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Design.Resources.dll
+ 2010-12-16 02:12 . 2010-12-16 02:12	970752              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	970752              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-11-10 11:19 . 2010-11-10 11:19	389120              c:\windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll
- 2010-11-06 17:48 . 2010-11-06 17:48	389120              c:\windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll
+ 2010-12-16 02:12 . 2010-12-16 02:12	745472              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	745472              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-11-11 21:41 . 2010-11-11 21:41	442368              c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
- 2010-11-06 21:22 . 2010-11-06 21:22	442368              c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2010-11-11 21:36 . 2010-11-11 21:36	114688              c:\windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
- 2010-11-06 18:24 . 2010-11-06 18:24	114688              c:\windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2010-11-11 21:41 . 2010-11-11 21:41	294912              c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2010-11-06 21:22 . 2010-11-06 21:22	294912              c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2010-11-10 11:19 . 2010-11-10 11:19	348160              c:\windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_de_b77a5c561934e089\System.Data.Resources.dll
- 2010-11-06 17:48 . 2010-11-06 17:48	348160              c:\windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_de_b77a5c561934e089\System.Data.Resources.dll
- 2010-11-06 17:48 . 2010-11-06 17:48	110592              c:\windows\assembly\GAC_MSIL\System.Data.OracleClient.resources\2.0.0.0_de_b77a5c561934e089\System.Data.OracleClient.resources.dll
+ 2010-11-10 11:19 . 2010-11-10 11:19	110592              c:\windows\assembly\GAC_MSIL\System.Data.OracleClient.resources\2.0.0.0_de_b77a5c561934e089\System.Data.OracleClient.resources.dll
+ 2010-11-11 21:36 . 2010-11-11 21:36	684032              c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2010-11-06 18:25 . 2010-11-06 18:25	684032              c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2010-11-06 18:25 . 2010-11-06 18:25	229376              c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2010-11-11 21:36 . 2010-11-11 21:36	229376              c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
- 2010-11-06 18:25 . 2010-11-06 18:25	667648              c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
+ 2010-11-11 21:36 . 2010-11-11 21:36	667648              c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
+ 2010-12-16 02:11 . 2010-12-16 02:11	425984              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	425984              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-11-06 18:25 . 2010-11-06 18:25	163840              c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2010-11-11 21:36 . 2010-11-11 21:36	163840              c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-12-16 02:12 . 2010-12-16 02:12	110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-12-16 02:06 . 2010-12-16 02:06	110592              c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2010-11-06 18:24 . 2010-11-06 18:24	110592              c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2010-11-11 21:35 . 2010-11-11 21:35	528384              c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2010-11-06 18:24 . 2010-11-06 18:24	528384              c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2010-11-11 21:35 . 2010-11-11 21:35	864256              c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2010-11-06 18:24 . 2010-11-06 18:24	864256              c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2010-11-11 21:35 . 2010-11-11 21:35	163840              c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2010-11-06 18:24 . 2010-11-06 18:24	163840              c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2010-11-06 18:24 . 2010-11-06 18:24	397312              c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2010-11-11 21:35 . 2010-11-11 21:35	397312              c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2010-11-06 18:24 . 2010-11-06 18:24	139264              c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2010-11-11 21:35 . 2010-11-11 21:35	139264              c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2010-11-11 21:35 . 2010-11-11 21:35	196608              c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2010-11-06 18:24 . 2010-11-06 18:24	196608              c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2010-11-06 18:24 . 2010-11-06 18:24	598016              c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2010-11-11 21:35 . 2010-11-11 21:35	598016              c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
- 2010-11-06 17:48 . 2010-11-06 17:48	315392              c:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
+ 2010-11-10 11:19 . 2010-11-10 11:19	315392              c:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
+ 2010-12-16 02:11 . 2010-12-16 02:11	659456              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	659456              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-12-16 02:11 . 2010-12-16 02:11	372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-12-16 02:12 . 2010-12-16 02:12	110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-11-06 18:24 . 2010-11-06 18:24	397312              c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2010-11-11 21:35 . 2010-11-11 21:35	397312              c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2010-12-16 02:11 . 2010-12-16 02:11	749568              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	749568              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-12-16 02:12 . 2010-12-16 02:12	655360              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	655360              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-11-06 18:25 . 2010-11-06 18:25	802816              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
+ 2010-11-11 21:36 . 2010-11-11 21:36	802816              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
+ 2010-11-10 11:19 . 2010-11-10 11:19	139264              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources\2.0.0.0_de_b03f5f7f11d50a3a\Microsoft.Build.Tasks.resources.dll
- 2010-11-06 17:48 . 2010-11-06 17:48	139264              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources\2.0.0.0_de_b03f5f7f11d50a3a\Microsoft.Build.Tasks.resources.dll
+ 2010-11-11 21:36 . 2010-11-11 21:36	733184              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-11-06 18:25 . 2010-11-06 18:25	733184              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-12-16 02:12 . 2010-12-16 02:12	348160              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	348160              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-11-06 18:25 . 2010-11-06 18:25	106496              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
+ 2010-11-11 21:36 . 2010-11-11 21:36	106496              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
+ 2010-12-16 02:11 . 2010-12-16 02:11	507904              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	507904              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-11-06 17:48 . 2010-11-06 17:48	315392              c:\windows\assembly\GAC_MSIL\AspNetMMCExt.resources\2.0.0.0_de_b03f5f7f11d50a3a\aspnetmmcext.resources.dll
+ 2010-11-10 11:18 . 2010-11-10 11:18	315392              c:\windows\assembly\GAC_MSIL\AspNetMMCExt.resources\2.0.0.0_de_b03f5f7f11d50a3a\aspnetmmcext.resources.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	261632              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-12-16 02:11 . 2010-12-16 02:11	261632              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-11-06 18:24 . 2010-11-06 18:24	368640              c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2010-11-11 21:35 . 2010-11-11 21:35	368640              c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	486400              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-12-16 02:11 . 2010-12-16 02:11	486400              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2010-11-06 18:24 . 2010-11-06 18:24	163840              c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2010-11-11 21:35 . 2010-11-11 21:35	163840              c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2008-04-14 12:00 . 2010-09-09 14:17	1510400              c:\windows\system32\shdocvw.dll
+ 2008-04-14 12:00 . 2010-11-05 05:04	1510400              c:\windows\system32\shdocvw.dll
+ 2010-12-18 10:38 . 2010-12-18 10:54	6090120              c:\windows\system32\Restore\rstrlog.dat
+ 2008-04-14 12:00 . 2009-07-31 09:02	1372672              c:\windows\system32\msxml6.dll
+ 2008-04-14 12:00 . 2010-11-05 05:04	3097088              c:\windows\system32\mshtml.dll
+ 2010-03-18 08:15 . 2010-03-18 08:15	4368720              c:\windows\system32\mfc100u.dll
+ 2010-03-18 08:15 . 2010-03-18 08:15	4342088              c:\windows\system32\mfc100.dll
+ 2010-08-30 16:28 . 2010-11-18 19:42	5971408              c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-04-14 12:00 . 2010-10-26 14:05	1853440              c:\windows\system32\dllcache\win32k.sys
- 2008-04-14 12:00 . 2010-09-09 14:17	1510400              c:\windows\system32\dllcache\shdocvw.dll
+ 2008-04-14 12:00 . 2010-11-05 05:04	1510400              c:\windows\system32\dllcache\shdocvw.dll
+ 2008-04-14 12:00 . 2009-07-31 09:02	1372672              c:\windows\system32\dllcache\msxml6.dll
+ 2008-04-14 12:00 . 2010-11-05 05:04	3097088              c:\windows\system32\dllcache\mshtml.dll
+ 2008-04-14 12:00 . 2010-11-05 05:04	1025024              c:\windows\system32\dllcache\browseui.dll
- 2008-04-14 12:00 . 2010-09-09 14:17	1025024              c:\windows\system32\dllcache\browseui.dll
+ 2010-09-08 12:50 . 2008-07-12 07:18	3851784              c:\windows\system32\D3DX9_39.dll
- 2010-09-08 12:50 . 2008-07-10 09:00	3851784              c:\windows\system32\D3DX9_39.dll
+ 2010-09-08 12:50 . 2006-03-31 11:40	2388176              c:\windows\system32\d3dx9_30.dll
- 2010-09-08 12:50 . 2006-03-31 10:40	2388176              c:\windows\system32\d3dx9_30.dll
+ 2008-04-14 12:00 . 2010-11-05 05:04	1025024              c:\windows\system32\browseui.dll
- 2008-04-14 12:00 . 2010-09-09 14:17	1025024              c:\windows\system32\browseui.dll
+ 2010-04-07 22:48 . 2010-04-07 22:48	5967872              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
- 2008-11-25 03:59 . 2008-11-25 03:59	5242880              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-09-22 08:44 . 2010-09-22 08:44	5242880              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 04:32 . 2010-03-23 04:32	3182592              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2010-05-11 05:40 . 2010-05-11 05:40	5812560              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2009-08-07 22:51 . 2009-08-07 22:51	5812560              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 05:40 . 2010-05-11 05:40	4550656              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2010-12-15 10:19 . 2010-12-15 10:19	3065856              c:\windows\Installer\a335b.msi
+ 2010-12-17 17:33 . 2010-12-17 17:33	1568768              c:\windows\Installer\86209d3.msi
+ 2008-12-13 08:57 . 2008-12-13 08:57	8397824              c:\windows\Installer\7b324.msp
+ 2008-07-29 18:26 . 2008-07-29 18:26	1043456              c:\windows\Installer\696b4.msp
+ 2008-07-29 19:37 . 2008-07-29 19:37	2679808              c:\windows\Installer\696b2.msp
+ 2008-07-29 20:15 . 2008-07-29 20:15	3697664              c:\windows\Installer\696b0.msp
+ 2008-07-29 18:34 . 2008-07-29 18:34	1448448              c:\windows\Installer\696af.msp
+ 2008-07-29 19:22 . 2008-07-29 19:22	4137984              c:\windows\Installer\696ae.msp
+ 2008-07-29 18:18 . 2008-07-29 18:18	3376640              c:\windows\Installer\696ad.msp
+ 2007-12-28 08:24 . 2007-12-28 08:24	4994048              c:\windows\Installer\68b4d4.msp
+ 2010-11-10 11:19 . 2010-11-10 11:19	1120768              c:\windows\Installer\68b4cd.msi
+ 2008-07-29 16:45 . 2008-07-29 16:45	2543616              c:\windows\Installer\3d24d.msp
+ 2008-07-29 16:29 . 2008-07-29 16:29	2926080              c:\windows\Installer\3d24c.msp
+ 2008-07-29 16:41 . 2008-07-29 16:41	6487040              c:\windows\Installer\3d24b.msp
+ 2008-07-29 16:39 . 2008-07-29 16:39	3403264              c:\windows\Installer\3d24a.msp
+ 2008-07-29 16:43 . 2008-07-29 16:43	1013248              c:\windows\Installer\3d248.msp
+ 2008-07-29 16:31 . 2008-07-29 16:31	6083072              c:\windows\Installer\3d245.msp
+ 2009-08-09 22:32 . 2009-08-09 22:32	5288960              c:\windows\Installer\28a41ba.msp
+ 2010-11-10 23:25 . 2010-11-10 23:25	6333440              c:\windows\Installer\281ec14.msi
+ 2010-11-10 23:23 . 2010-11-10 23:23	9472000              c:\windows\Installer\281ec10.msi
+ 2010-11-08 07:14 . 2010-11-08 07:14	3402752              c:\windows\Installer\15b7fe0b.msp
+ 2009-11-08 23:25 . 2009-11-08 23:25	1935360              c:\windows\Installer\106ca6c.msp
+ 2010-09-23 06:39 . 2010-09-23 06:39	4265472              c:\windows\Installer\106ca46.msp
+ 2010-04-11 21:17 . 2010-04-11 21:17	2607104              c:\windows\Installer\106ca2c.msp
+ 2010-09-16 02:08 . 2010-09-16 02:08	6210560              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B7449A0400000010\9.4.0\authplay.dll
+ 2008-12-05 18:30 . 2008-12-05 18:30	5283840              c:\windows\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\PresentationFramework_x86.dll
+ 2010-11-11 21:41 . 2010-11-11 21:41	5283840              c:\windows\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\PresentationFramework_GAC_x86.dll
+ 2010-12-16 02:13 . 2010-12-16 02:13	3325440              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cec7ecb8eac09dd630d180ce87d23b80\WindowsBase.ni.dll
+ 2010-12-16 02:14 . 2010-12-16 02:14	1049600              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\b7f6e7b265f9aae807ddc4284563e550\UIAutomationClientsideProviders.ni.dll
+ 2010-12-16 02:10 . 2010-12-16 02:10	7949824              c:\windows\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
+ 2010-12-16 02:13 . 2010-12-16 02:13	5450752              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
+ 2010-12-16 02:16 . 2010-12-16 02:16	1356288              c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bec60fe2e934a6284224ab45b0e981e2\System.WorkflowServices.ni.dll
+ 2010-12-16 02:16 . 2010-12-16 02:16	1908224              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\09da139c48e2f5e76994a5c0f2e5b19e\System.Workflow.Runtime.ni.dll
+ 2010-12-16 02:16 . 2010-12-16 02:16	4514304              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\6809417da74ff937e18b3034f1eac2f2\System.Workflow.ComponentModel.ni.dll
+ 2010-12-16 02:16 . 2010-12-16 02:16	2992640              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\6c91ee82035d30efa8893e7b0396bbb0\System.Workflow.Activities.ni.dll
+ 2010-12-16 02:16 . 2010-12-16 02:16	1840640              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\181254ba0cb690decedb950fd26d7bea\System.Web.Services.ni.dll
+ 2010-12-16 02:16 . 2010-12-16 02:16	2209280              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4200f716e9a41cb91d17516ba864e586\System.Web.Mobile.ni.dll
+ 2010-12-16 02:16 . 2010-12-16 02:16	2405376              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\da367bc2ecf2c9c5b4f858b6dba9e2ea\System.Web.Extensions.ni.dll
+ 2010-12-16 02:16 . 2010-12-16 02:16	1917952              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5eb08849d17b272ed2a393420cb0305b\System.Speech.ni.dll
+ 2010-12-16 02:16 . 2010-12-16 02:16	1706496              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\8e34e273d036b7468fc4e951a1fde437\System.ServiceModel.Web.ni.dll
+ 2010-12-16 02:15 . 2010-12-16 02:15	2345472              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8061a0f5c1c2ee0549e19224352f67fa\System.Runtime.Serialization.ni.dll
+ 2010-12-16 02:13 . 2010-12-16 02:13	1035776              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\99767d4df92b83fdfb06012512722ec1\System.Printing.ni.dll
+ 2010-12-16 02:15 . 2010-12-16 02:15	1070080              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\095bb4f033374647b6d66c51f16bb886\System.IdentityModel.ni.dll
+ 2010-12-16 02:13 . 2010-12-16 02:13	1587200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll
+ 2010-12-16 02:16 . 2010-12-16 02:16	1116672              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d20b7e58607ddb1ded9b687627ae8c21\System.DirectoryServices.ni.dll
+ 2010-12-16 02:16 . 2010-12-16 02:16	1801216              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\daa33674d4250e38a24b70180d209ac8\System.Deployment.ni.dll
+ 2010-12-16 02:13 . 2010-12-16 02:13	6616576              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f04ef00e652a8655a717639e8aeb7b63\System.Data.ni.dll
+ 2010-12-16 02:15 . 2010-12-16 02:15	2510336              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f0470c2be4e6bb1dadbeed43e4e8af5c\System.Data.SqlXml.ni.dll
+ 2010-12-16 02:16 . 2010-12-16 02:16	1328128              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\b8c9267d87b7358e1a5f00bf1572c313\System.Data.Services.ni.dll
+ 2010-12-16 02:13 . 2010-12-16 02:13	2516480              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c18c236a09e715138daec2e25be205bb\System.Data.Linq.ni.dll
+ 2010-12-16 02:16 . 2010-12-16 02:16	9924096              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6ce886492d9b6a34555be3f328682ec2\System.Data.Entity.ni.dll
+ 2010-12-16 02:12 . 2010-12-16 02:12	2295296              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\faeda674832135a080bc73eda51813ff\System.Core.ni.dll
+ 2010-12-16 02:13 . 2010-12-16 02:13	2128896              c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\3e85c3d63ce3c3f37061aa626feb2a52\ReachFramework.ni.dll
+ 2010-12-16 02:13 . 2010-12-16 02:13	1657856              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\bf67db30179ff6e8cb1bdbaa290d122e\PresentationUI.ni.dll
+ 2010-12-16 02:10 . 2010-12-16 02:10	1451008              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\835786d8a0caabae09ad440f6e3abfc6\PresentationBuildTasks.ni.dll
+ 2010-12-16 02:15 . 2010-12-16 02:15	1712128              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a27783547338dbebf84101a685ba641b\Microsoft.VisualBasic.ni.dll
+ 2010-12-16 02:15 . 2010-12-16 02:15	1093120              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\773d7bf69a9a0c0556aa41f53e75ab05\Microsoft.Transactions.Bridge.ni.dll
+ 2010-12-16 02:16 . 2010-12-16 02:16	2332160              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07efdb9da2a18e27585c604be\Microsoft.JScript.ni.dll
+ 2010-12-16 02:15 . 2010-12-16 02:15	1620992              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d0fb91b296616a1a844bf265947018ee\Microsoft.Build.Tasks.ni.dll
+ 2010-12-16 02:15 . 2010-12-16 02:15	1966080              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\892e993c8df1c75081113131dc429c15\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-12-16 02:15 . 2010-12-16 02:15	1888768              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d0beebd2c9045158cdcd4bd5987b717b\Microsoft.Build.Engine.ni.dll
+ 2010-12-16 02:12 . 2010-12-16 02:12	1249280              c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2010-11-06 21:18 . 2010-11-06 21:18	1249280              c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2010-12-16 02:12 . 2010-12-16 02:12	3182592              c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-12-16 02:12 . 2010-12-16 02:12	2048000              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	2048000              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-11-06 18:24 . 2010-11-06 18:24	1630208              c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2010-11-11 21:35 . 2010-11-11 21:35	1630208              c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
- 2010-11-06 18:24 . 2010-11-06 18:24	1138688              c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2010-11-11 21:35 . 2010-11-11 21:35	1138688              c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	5025792              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-12-16 02:11 . 2010-12-16 02:11	5025792              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-12-16 02:12 . 2010-12-16 02:12	1277952              c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2010-11-06 21:19 . 2010-11-06 21:19	1277952              c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2010-12-16 02:06 . 2010-12-16 02:06	5967872              c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2010-12-16 02:11 . 2010-12-16 02:11	5062656              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	5062656              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-11-06 18:25 . 2010-11-06 18:25	2879488              c:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2010-11-11 21:36 . 2010-11-11 21:36	2879488              c:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2010-11-06 21:18 . 2010-11-06 21:18	5279744              c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2010-12-16 02:12 . 2010-12-16 02:12	5279744              c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	5242880              c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-12-16 02:11 . 2010-12-16 02:11	5242880              c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-11-06 21:24 . 2010-11-06 21:24	2933248              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-12-16 02:12 . 2010-12-16 02:12	2933248              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-12-16 02:12 . 2010-12-16 02:12	4210688              c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2010-11-06 21:18 . 2010-11-06 21:18	4210688              c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-12-16 02:12 . 2010-12-16 02:12	4550656              c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-08-31 10:57 . 2010-12-16 02:00	37366216              c:\windows\system32\MRT.exe
+ 2008-12-13 09:21 . 2008-12-13 09:21	10473472              c:\windows\Installer\7b32f.msp
+ 2010-03-31 00:23 . 2010-03-31 00:23	15638528              c:\windows\Installer\106ca79.msp
+ 2010-05-19 12:08 . 2010-05-19 12:08	11408896              c:\windows\Installer\106ca51.msp
+ 2010-04-11 21:17 . 2010-04-11 21:17	14599680              c:\windows\Installer\106ca3b.msp
+ 2010-12-16 02:13 . 2010-12-16 02:13	12430848              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll
+ 2010-12-16 02:16 . 2010-12-16 02:16	11800576              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\41f436dae3c8146752d06130f7331527\System.Web.ni.dll
+ 2010-12-16 02:15 . 2010-12-16 02:15	17403904              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\75aeb590008d6e166f7be18f935c52d2\System.ServiceModel.ni.dll
+ 2010-12-16 02:13 . 2010-12-16 02:13	10683392              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\fdc42078fd10e4dc8b05087900c63977\System.Design.ni.dll
+ 2010-12-16 02:13 . 2010-12-16 02:13	14328320              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a632f3ef85ffd35341b383eed577cb93\PresentationFramework.ni.dll
+ 2010-12-16 02:13 . 2010-12-16 02:13	12215808              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f00db8db51f5707c7fe52c0683dc6136\PresentationCore.ni.dll
+ 2010-12-16 02:10 . 2010-12-16 02:10	11490816              c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QIP2005"="c:\programme\jeak.de\QIP 2005\qip.exe" [2009-08-13 3276288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-16 16806400]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"nwiz"="c:\programme\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07	932288	----a-r-	c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47	35760	----a-w-	c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44	70936	----a-w-	c:\dokumente und einstellungen\Basti\Anwendungsdaten\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 10:17	421888	----a-w-	c:\programme\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Six Engine]
2008-07-23 15:04	5625344	----a-w-	c:\programme\ASUS\EPU-4 Engine\FourEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43	248040	----a-w-	c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-07-12 16:32	74752	----a-w-	c:\programme\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VC10SecS"=2 (0x2)
"NAUpdate"=2 (0x2)
"PnkBstrA"=2 (0x2)
"pgsql-8.3"=2 (0x2)
"Bonjour Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\BitTorrent\\BitTorrent.exe"=
"c:\\Programme\\jeak.de\\QIP 2005\\qip.exe"=
"c:\\Programme\\World of Warcraft\\WoW-3.2.0.10192-to-3.3.0.10958-deDE-downloader.exe"=
"c:\\Programme\\World of Warcraft\\Launcher.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Codemasters\\F1 2010\\F1_2010_game.exe"=
"c:\\Programme\\2K Sports\\NBA 2K11\\nba2k11.exe"=
"c:\\Programme\\ICQ7.2\\ICQ.exe"=
"c:\\Programme\\ICQ7.2\\aolload.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Steam\\steamapps\\itsab11\\counter-strike\\hl.exe"=
"d:\\Steam\\steamapps\\shd19911\\counter-strike source\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [08.09.2010 13:33 691696]
R3 EuMusDesignVirtualAudioCableWdm_s2x;Sound2x Audio Cable (WDM);c:\windows\system32\drivers\vacs2xkd.sys [24.11.2010 16:05 42880]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [24.11.2010 16:05 16512]
S4 pgsql-8.3;PostgreSQL Database Server 8.3;c:\programme\PostgreSQL\8.3\bin\pg_ctl.exe runservice -w -N "pgsql-8.3" -D "c:\programme\PostgreSQL\8.3\data\" --> c:\programme\PostgreSQL\8.3\bin\pg_ctl.exe runservice -w -N pgsql-8.3 [?]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = local
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\Basti\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
FF - ProfilePath - c:\dokumente und einstellungen\Basti\Anwendungsdaten\Mozilla\Firefox\Profiles\q57fa5ta.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

AddRemove-Octoshape add-in for Adobe Flash Player - c:\dokumente und einstellungen\Basti\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-12-23 23:56
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'explorer.exe'(868)
c:\windows\system32\msi.dll
.
Zeit der Fertigstellung: 2010-12-23  23:57:30
ComboFix-quarantined-files.txt  2010-12-23 22:57
ComboFix2.txt  2010-11-07 11:58

Vor Suchlauf: 14 Verzeichnis(se), 76.225.642.496 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 76.301.049.856 Bytes frei

- - End Of File - - 0623670446661BDAA3940E5E7C39B240

--- --- ---

cosinus · 24.12.2010, 00:53

Zitat:

C:\Lineage-II-Freya.zip

Wasn das hier?

Itsab11 · 24.12.2010, 16:17

www.lineage2.com

Ist der Client zu dem Rollenspiel Lineage2, ist auch von offizieller Quelle heruntergeladen. Dürfte also nichts komisches sein

cosinus · 25.12.2010, 00:50

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur eine Sekunde.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Itsab11 · 25.12.2010, 17:24

ok das Problem besteht immer noch :/

Gmer Log
GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-12-25 17:19:25
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-10 WDC_WD5000AACS-00G8B1 rev.05.04C05
Running: 3yp3e5nf.exe; Driver: C:\DOKUME~1\Basti\LOKALE~1\Temp\kgtdapow.sys


---- System - GMER 1.0.15 ----

SSDT      spsk.sys                                                                                                            ZwCreateKey [0xF74E40E0]
SSDT      spsk.sys                                                                                                            ZwEnumerateKey [0xF74FCDA4]
SSDT      spsk.sys                                                                                                            ZwEnumerateValueKey [0xF74FD132]
SSDT      spsk.sys                                                                                                            ZwOpenKey [0xF74E40C0]
SSDT      spsk.sys                                                                                                            ZwQueryKey [0xF74FD20A]
SSDT      spsk.sys                                                                                                            ZwQueryValueKey [0xF74FD08A]
SSDT      spsk.sys                                                                                                            ZwSetValueKey [0xF74FD29C]

INT 0x63  ?                                                                                                                   8A386BF8
INT 0x63  ?                                                                                                                   8A386BF8
INT 0x63  ?                                                                                                                   8A386BF8
INT 0x63  ?                                                                                                                   8A386BF8
INT 0x63  ?                                                                                                                   8A096F00
INT 0x63  ?                                                                                                                   8A386BF8
INT 0x83  ?                                                                                                                   8A386BF8
INT 0x83  ?                                                                                                                   8A386BF8
INT 0x83  ?                                                                                                                   8A096F00
INT 0x83  ?                                                                                                                   8A386BF8
INT 0x84  ?                                                                                                                   8A096F00
INT 0xA4  ?                                                                                                                   8A096F00
INT 0xA4  ?                                                                                                                   8A096F00
INT 0xA4  ?                                                                                                                   8A096F00
INT 0xA4  ?                                                                                                                   8A096F00
INT 0xB4  ?                                                                                                                   8A096F00

Code      \??\C:\DOKUME~1\Basti\LOKALE~1\Temp\catchme.sys                                                                     pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

?         spsk.sys                                                                                                            Das System kann die angegebene Datei nicht finden. !
.text     C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                            section is writeable [0xB6F263A0, 0x5CC259, 0xE8000020]
.text     USBPORT.SYS!DllUnload                                                                                               B6F068AC 5 Bytes  JMP 8A0964E0 
.text     adfymrpn.SYS                                                                                                        B6E6A386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]
.text     adfymrpn.SYS                                                                                                        B6E6A3AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]
.text     adfymrpn.SYS                                                                                                        B6E6A3C4 3 Bytes  [00, 80, 02]
.text     adfymrpn.SYS                                                                                                        B6E6A3C9 1 Byte  [30]
.text     adfymrpn.SYS                                                                                                        B6E6A3C9 11 Bytes  [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text     ...                                                                                                                 
?         C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                                                          Das System kann die angegebene Datei nicht finden. !
?         C:\DOKUME~1\Basti\LOKALE~1\Temp\catchme.sys                                                                         Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text     C:\Programme\Mozilla Firefox\firefox.exe[1488] ntdll.dll!LdrLoadDll                                                 7C9263C3 5 Bytes  JMP 004013F0 C:\Programme\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text     C:\Programme\Mozilla Firefox\plugin-container.exe[3044] USER32.dll!TrackPopupMenu                                   7E3B531E 5 Bytes  JMP 10402342 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT       \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                  8A3882D8
IAT       pci.sys[ntoskrnl.exe!IoDetachDevice]                                                                                [F750FDDC] spsk.sys
IAT       pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack]                                                                   [F750FE30] spsk.sys
IAT       atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                  [F74E5042] spsk.sys
IAT       atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                          [F74E513E] spsk.sys
IAT       atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                 [F74E50C0] spsk.sys
IAT       atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                         [F74E5800] spsk.sys
IAT       atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                 [F74E56D6] spsk.sys
IAT       \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                8A0965E0
IAT       \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                  [F74F4B90] spsk.sys
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!RtlInitUnicodeString]                                        8800001C
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!swprintf]                                                    001CBA86
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!KeSetEvent]                                                  C61AEB00
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoCreateSymbolicLink]                                        001C8986
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoGetConfigurationInformation]                               86C61200
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoDeleteSymbolicLink]                                        00001C8B
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!MmFreeMappingAddress]                                        96868801
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoFreeErrorLogEntry]                                         8800001C
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoDisconnectInterrupt]                                       001CB286
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!MmUnmapIoSpace]                                              88968B00
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!ObReferenceObjectByPointer]                                  8900001C
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IofCompleteRequest]                                          001CA496
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!RtlCompareUnicodeString]                                     C6168B00
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IofCallDriver]                                               001CC186
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!MmAllocateMappingAddress]                                    428A0A00
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry]                                     C286880C
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoConnectInterrupt]                                          8B00001C
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoDetachDevice]                                              24A48DFA
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!KeWaitForSingleObject]                                       00000000
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!KeInitializeEvent]                                           4B8BDF8B
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!KeCancelTimer]                                               8D3F0304
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString]                                CB033043
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!RtlInitAnsiString]                                           0673C13B
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest]                               C13B0003
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoQueueWorkItem]                                             8366FA72
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!MmMapIoSpace]                                                75000E7B
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations]                                 0B7D80E3
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoReportDetectedDevice]                                      307B8D00
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoReportResourceForDetection]                                00AA840F
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize]                                 83660000
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!NlsMbCodePageTag]                                            6A000E7A
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!PoRequestPowerIrp]                                           C6647400
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue]                                    001CC386
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection]                            4F8B0200
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!sprintf]                                                     968D5140
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache]                                00001C98
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!ObfDereferenceObject]                                        22F6E852
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference]                                478B0000
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoInvalidateDeviceState]                                     50016A40
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!ZwClose]                                                     1CB48E8D
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!ObReferenceObjectByHandle]                                   E8510000
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!ZwCreateDirectoryObject]                                     000022E4
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest]                                6A18538B
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!PoStartNextPowerIrp]                                         868D5200
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoCreateDevice]                                              00001CA0
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!RtlCopyUnicodeString]                                        22D2E850
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension]                             4B8B0000
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!RtlQueryRegistryValues]                                      51016A18
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!ZwOpenKey]                                                   1CBC968D
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!RtlFreeUnicodeString]                                        E8520000
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoStartTimer]                                                000022C0
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!KeInitializeTimer]                                           8A05478A
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoInitializeTimer]                                           001CC38E
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!KeInitializeDpc]                                             30C48300
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!KeInitializeSpinLock]                                        1CC58688
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoInitializeIrp]                                             80E90000
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!ZwCreateKey]                                                 C6000000
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString]                              001CC386
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString]                                   438B0100
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!ZwSetValueKey]                                               8E8D5018
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!KeInsertQueueDpc]                                            00001C98
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel]                                2292E851
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoStartPacket]                                               538B0000
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel]                              52016A18
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest]                               1CB4868D
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoFreeMdl]                                                   E8500000
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!MmUnlockPages]                                               00002280
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoWriteErrorLogEntry]                                        8A05478A
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue]                                    001CC38E
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping]                         18C48300
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!MmUnmapReservedMapping]                                      1CC58688
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!KeSynchronizeExecution]                                      43EB0000
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoStartNextPacket]                                           320C538A
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!KeBugCheckEx]                                                88F93BC0
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!KeRemoveDeviceQueue]                                         001CC396
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!KeSetTimer]                                                  F6317300
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!_allmul]                                                     74070647
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!MmProbeAndLockPages]                                         75C0841A
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!_except_handler3]                                            05578A0B
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!PoSetPowerState]                                             968801B0
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey]                                     00001CC5
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!RtlWriteRegistryValue]                                       57B60F66
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!RtlDeleteRegistryValue]                                      533B6604
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!_aulldiv]                                                    03087408
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!strstr]                                                      72F93B3F
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!_strupr]                                                     8A09EBDA
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!KeQuerySystemTime]                                           86880547
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoWMIRegistrationControl]                                    00001CC5
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!KeTickCount]                                                 88084B8A
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack]                                 001CC68E
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoDeleteDevice]                                              40578B00
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!ExAllocatePoolWithTag]                                       8D52006A
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoAllocateWorkItem]                                          001CC886
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoAllocateIrp]                                               11E85000
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoAllocateMdl]                                               8B000022
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool]                                   001CC08E
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!MmLockPagableDataSection]                                    C4968B00
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoGetDriverObjectExtension]                                  8900001C
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!MmUnlockPagableImageSection]                                 001CCC8E
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!ExFreePoolWithTag]                                           D0968900
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoFreeIrp]                                                   8B00001C
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoFreeWorkItem]                                              016A4047
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!InitSafeBootMode]                                            D4C68150
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!RtlCompareMemory]                                            5600001C
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!PoCallDriver]                                                0021E7E8
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!memmove]                                                     18C48300
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!MmHighestUserAddress]                                        5D5B5E5F
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[HAL.dll!KfAcquireSpinLock]                                                18C4830E
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[HAL.dll!READ_PORT_UCHAR]                                                  1C959E88
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[HAL.dll!KeGetCurrentIrql]                                                 9E880000
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[HAL.dll!KfRaiseIrql]                                                      00001CB1
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[HAL.dll!KfLowerIrql]                                                      0E798366
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[HAL.dll!HalGetInterruptVector]                                            74AAB000
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[HAL.dll!HalTranslateBusAddress]                                           8986C636
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[HAL.dll!KeStallExecutionProcessor]                                        1A00001C
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[HAL.dll!KfReleaseSpinLock]                                                1C8B86C6
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                          C6020000
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[HAL.dll!READ_PORT_USHORT]                                                 001C9686
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                         86C60200
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                 00001CB2
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[WMILIB.SYS!WmiSystemControl]                                              8800001C
IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[WMILIB.SYS!WmiCompleteRequest]                                            001CB99E

---- Devices - GMER 1.0.15 ----

Device    \FileSystem\Ntfs \Ntfs                                                                                              8A3851F8
Device    \Driver\usbuhci \Device\USBPDO-0                                                                                    8A14F500
Device    \Driver\usbuhci \Device\USBPDO-1                                                                                    8A14F500
Device    \Driver\usbuhci \Device\USBPDO-2                                                                                    8A14F500
Device    \Driver\usbehci \Device\USBPDO-3                                                                                    8A14E500
Device    \Driver\usbuhci \Device\USBPDO-4                                                                                    8A14F500
Device    \Driver\sptd \Device\1481022098                                                                                     spsk.sys
Device    \Driver\usbuhci \Device\USBPDO-5                                                                                    8A14F500
Device    \Driver\usbuhci \Device\USBPDO-6                                                                                    8A14F500
Device    \Driver\Ftdisk \Device\HarddiskVolume1                                                                              8A3141F8
Device    \Driver\usbehci \Device\USBPDO-7                                                                                    8A14E500
Device    \Driver\Ftdisk \Device\HarddiskVolume2                                                                              8A3141F8
Device    \Driver\Cdrom \Device\CdRom0                                                                                        8A0911F8
Device    \Driver\atapi \Device\Ide\IdePort0                                                                                  [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                         [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort1                                                                                  [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort2                                                                                  [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort3                                                                                  [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort4                                                                                  [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort5                                                                                  [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-10                                                                        [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\Cdrom \Device\CdRom1                                                                                        8A0911F8
Device    \Driver\usbstor \Device\00000081                                                                                    896F51F8
Device    \Driver\usbstor \Device\00000082                                                                                    896F51F8
Device    \Driver\usbstor \Device\00000083                                                                                    896F51F8
Device    \Driver\NetBT \Device\NetBt_Wins_Export                                                                             8978A1F8
Device    \Driver\PCI_PNP8348 \Device\0000004a                                                                                spsk.sys
Device    \Driver\PCI_PNP8348 \Device\0000004a                                                                                spsk.sys
Device    \Driver\usbstor \Device\00000084                                                                                    896F51F8
Device    \Driver\NetBT \Device\NetbiosSmb                                                                                    8978A1F8
Device    \Driver\usbuhci \Device\USBFDO-0                                                                                    8A14F500
Device    \Driver\usbuhci \Device\USBFDO-1                                                                                    8A14F500
Device    \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                   896FA1F8
Device    \Driver\usbuhci \Device\USBFDO-2                                                                                    8A14F500
Device    \FileSystem\MRxSmb \Device\LanmanRedirector                                                                         896FA1F8
Device    \Driver\usbehci \Device\USBFDO-3                                                                                    8A14E500
Device    \Driver\usbuhci \Device\USBFDO-4                                                                                    8A14F500
Device    \Driver\Ftdisk \Device\FtControl                                                                                    8A3141F8
Device    \Driver\usbstor \Device\0000007e                                                                                    896F51F8
Device    \Driver\usbuhci \Device\USBFDO-5                                                                                    8A14F500
Device    \Driver\usbuhci \Device\USBFDO-6                                                                                    8A14F500
Device    \Driver\usbehci \Device\USBFDO-7                                                                                    8A14E500
Device    \Driver\adfymrpn \Device\Scsi\adfymrpn1Port6Path0Target0Lun0                                                        8A0D91F8
Device    \Driver\adfymrpn \Device\Scsi\adfymrpn1                                                                             8A0D91F8
Device    \FileSystem\Cdfs \Cdfs                                                                                              89D6E500

---- Registry - GMER 1.0.15 ----

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  1
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x12 0xA1 0x52 0xB3 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Programme\DAEMON Tools Lite\
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x74 0x9A 0x9F 0xDA ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xCC 0x71 0x59 0x67 ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x12 0xA1 0x52 0xB3 ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Programme\DAEMON Tools Lite\
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x74 0x9A 0x9F 0xDA ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xCC 0x71 0x59 0x67 ...

---- EOF - GMER 1.0.15 ----

--- --- ---

Osam

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:22:04 on 25.12.2010

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.13

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"adfymrpn" (adfymrpn) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\adfymrpn.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"aducirw" (aducirw) - ? - C:\WINDOWS\system32\aducirw.sys  (File not found)
"Advanced SCSI Programming Interface Driver" (ASPI) - "Adaptec" - C:\WINDOWS\System32\DRIVERS\ASPI32.sys
"ajub" (ajub) - ? - C:\WINDOWS\system32\ajub.sys  (File not found)
"AsIO" (AsIO) - ? - C:\WINDOWS\System32\drivers\AsIO.sys  (File found, but it contains no detailed information)
"catchme" (catchme) - ? - C:\DOKUME~1\Basti\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"dpcisekt" (dpcisekt) - ? - C:\WINDOWS\system32\dpcisekt.sys  (File not found)
"ehwgmxco" (ehwgmxco) - ? - C:\WINDOWS\system32\ehwgmxco.sys  (File not found)
"gpxiz" (gpxiz) - ? - C:\WINDOWS\system32\gpxiz.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"kgtdapow" (kgtdapow) - ? - C:\DOKUME~1\Basti\LOKALE~1\Temp\kgtdapow.sys  (Hidden registry entry, rootkit activity | File not found)
"kpclsep" (kpclsep) - ? - C:\WINDOWS\system32\kpclsep.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"mbr" (mbr) - ? - C:\Cofi\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"RivaTuner32" (RivaTuner32) - ? - C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys  (File found, but it contains no detailed information)
"sekw" (sekw) - ? - C:\WINDOWS\system32\sekw.sys  (File not found)
"Sound2x Audio Cable (WDM)" (EuMusDesignVirtualAudioCableWdm_s2x) - "Eugene V. Muzychenko" - C:\WINDOWS\System32\DRIVERS\vacs2xkd.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"tdmseow" (tdmseow) - ? - C:\WINDOWS\system32\tdmseow.sys  (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"wktxlze" (wktxlze) - ? - C:\WINDOWS\system32\wktxlze.sys  (File not found)
"xfow" (xfow) - ? - C:\WINDOWS\system32\xfow.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10k.ocx / hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7.2" - "ICQ, LLC." - C:\Programme\ICQ7.2\ICQ.exe
"PokerStars" - "PokerStars" - C:\Programme\PokerStars\PokerStarsUpdate.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Basti\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"QIP2005" - "The Author of QIP" - C:\Programme\jeak.de\QIP 2005\qip.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"nwiz" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nwiz.exe /installquiet

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/QUOTE]

MBR

Zitat:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 117):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80700000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF74E3000 spsk.sys
0xF7989000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xF74CB000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF749C000 ACPI.sys
0xF748B000 pci.sys
0xF75F7000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7607000 MountMgr.sys
0xF7868000 ftdisk.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF7850000 atapi.sys
0xF7627000 disk.sys
0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7830000 fltMgr.sys
0xF7975000 sr.sys
0xF7647000 PxHelp20.sys
0xF795E000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF7A22000 NDIS.sys
0xF7B38000 Mup.sys
0xB8199000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB6F26000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB6F12000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7807000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB6EEE000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF780F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB6EC6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8189000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB8179000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8169000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB6EA3000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7817000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF79B1000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0xB8149000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF781F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB8139000 \SystemRoot\system32\DRIVERS\serial.sys
0xB87CE000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB6E6A000 \SystemRoot\System32\Drivers\adfymrpn.SYS
0xB8129000 \SystemRoot\system32\DRIVERS\vacs2xkd.sys
0xB6E46000 \SystemRoot\system32\DRIVERS\portcls.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\drmk.sys
0xF7AB0000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB87BE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB6E2F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB7937000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB6E1E000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB792F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF777F000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF747B000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7787000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF79B7000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB6DC0000 \SystemRoot\system32\DRIVERS\update.sys
0xB87B2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF746B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF744B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79BB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB3ADE000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB87C2000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF743B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF77A7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF79C5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB86FC000 \SystemRoot\System32\Drivers\Null.SYS
0xF79C7000 \SystemRoot\System32\Drivers\Beep.SYS
0xF77BF000 \SystemRoot\System32\drivers\vga.sys
0xF79C9000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79CB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF77C7000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77CF000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB6D9D000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB3953000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB38FA000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB38D4000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB38AC000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF742B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB388A000 \SystemRoot\System32\drivers\afd.sys
0xF741B000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB385F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB37EF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF740B000 \SystemRoot\System32\Drivers\Fips.SYS
0xF77DF000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF77E7000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF79D3000 \SystemRoot\system32\drivers\AsIO.sys
0xB3FA3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB3F9F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB8766000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB375F000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79DD000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB3ADA000 \SystemRoot\System32\drivers\Dxapi.sys
0xF77EF000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB7F72000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB2AF9000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB27B8000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB2710000 \SystemRoot\system32\DRIVERS\srv.sys
0xB24A3000 \SystemRoot\system32\drivers\wdmaud.sys
0xB2678000 \SystemRoot\system32\drivers\sysaudio.sys
0xB23B5000 \SystemRoot\system32\drivers\kmixer.sys
0xB20EE000 \SystemRoot\System32\Drivers\HTTP.sys
0xF79CF000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xF772F000 \??\C:\DOKUME~1\Basti\LOKALE~1\Temp\catchme.sys
0x8AEFA000 \??\C:\DOKUME~1\Basti\LOKALE~1\Temp\kgtdapow.sys
0xB1FE4000 \SystemRoot\system32\DRIVERS\l1e51x86.sys
0x7C910000 \WINDOWS\system32\ntdll.dll
0x10000000 \Programme\DAEMON Tools Lite\Engine.dll

Processes (total 31):
0 System Idle Process
4 System
644 C:\WINDOWS\system32\smss.exe
692 csrss.exe
716 C:\WINDOWS\system32\winlogon.exe
760 C:\WINDOWS\system32\services.exe
772 C:\WINDOWS\system32\lsass.exe
944 C:\WINDOWS\system32\nvsvc32.exe
976 C:\WINDOWS\system32\svchost.exe
1040 svchost.exe
1136 C:\WINDOWS\system32\svchost.exe
1264 svchost.exe
1336 svchost.exe
1480 C:\WINDOWS\system32\spoolsv.exe
1612 svchost.exe
1640 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1688 C:\Programme\Java\jre6\bin\jqs.exe
1896 wdfmgr.exe
528 alg.exe

cosinus · 25.12.2010, 17:31

Zitat:

"aducirw" (aducirw) - ? - C:\WINDOWS\system32\aducirw.sys (File not found)
"ajub" (ajub) - ? - C:\WINDOWS\system32\ajub.sys (File not found)
"dpcisekt" (dpcisekt) - ? - C:\WINDOWS\system32\dpcisekt.sys (File not found)
"ehwgmxco" (ehwgmxco) - ? - C:\WINDOWS\system32\ehwgmxco.sys (File not found)
"gpxiz" (gpxiz) - ? - C:\WINDOWS\system32\gpxiz.sys (File not found)
"kpclsep" (kpclsep) - ? - C:\WINDOWS\system32\kpclsep.sys (File not found)
"sekw" (sekw) - ? - C:\WINDOWS\system32\sekw.sys (File not found)
"tdmseow" (tdmseow) - ? - C:\WINDOWS\system32\tdmseow.sys (File not found)
"wktxlze" (wktxlze) - ? - C:\WINDOWS\system32\wktxlze.sys (File not found)
"xfow" (xfow) - ? - C:\WINDOWS\system32\xfow.sys (File not found)

Diese Einträge mit OSAM deaktivieren und löschen, siehe Anleitung zu OSAM. Danach ein neues Log posten.
Das Log von mbrcheck musst du auch nochmal vollständig posten.

Internet Verbindung trennt sich andauernd - System mit hoher Speicherauslastung im Task Manager

Log-Analyse und Auswertung: Internet Verbindung trennt sich andauernd - System mit hoher Speicherauslastung im Task Manager