Trojaner-Board - Internet Verbindung trennt sich andauernd - System mit hoher Speicherauslastung im Task Manager

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Internet Verbindung trennt sich andauernd - System mit hoher Speicherauslastung im Task Manager (https://www.trojaner-board.de/93818-internet-verbindung-trennt-andauernd-system-hoher-speicherauslastung-task-manager.html)

Internet Verbindung trennt sich andauernd - System mit hoher Speicherauslastung im Task Manager

Hallo,

Seit ca. 2 Tagen habe ich das Problem, dass wenn ich im Internet rumsurfe oder Spiele spiele welche Verbindung zum Internet aufbauen, mein Internet sich regelmäßig alle 10-15 Minuten trennt und 2-3 Minuten später wieder neu einloggt. Virenscanner und Malwarebites haben nichts weiteres gefunden.

Was mir desweiteren auffällt ist die "Datei" System in meinem Task Manager, welche eine Speicherauslastung von 113.356 K hat (aber keine CPU Auslastung in Anspruch nimmt)

Hijack this log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:15:59, on 15.12.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programme\AVG\AVG10\avgwdsvc.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Programme\AVG\AVG10\avgnsx.exe
C:\Programme\AVG\AVG10\avgemcx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Programme\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\AVG\AVG10\avgtray.exe
C:\Programme\jeak.de\QIP 2005\qip.exe
C:\Programme\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Dokumente und Einstellungen\Basti\Desktop\HiJackThis204.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG10\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Programme\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [QIP2005] C:\Programme\jeak.de\QIP 2005\qip.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Basti\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Programme\AVG\AVG10\avgwdsvc.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5203 bytes

Malwarebytes logfile:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5065

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

15.12.2010 18:56:19
mbam-log-2010-12-15 (18-56-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|I:\|J:\|)
Durchsuchte Objekte: 247698
Laufzeit: 1 Stunde(n), 4 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Bitte um Hilfe

Gruß

Zitat:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 5065

Du hast Malwarebytes vorher nicht aktualisiert. Bitte updaten und einen Vollscan machen.

auch mit der neuesten Version keine Funde :/

Problem besteht aber immernoch :(

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

OTL Logfile:

Code:

OTL logfile created on: 19.12.2010 17:23:10 - Run 2

OTL by OldTimer - Version 3.2.17.3     Folder = C:\Dokumente und Einstellungen\Basti\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 78,00% Memory free

7,00 Gb Paging File | 6,00 Gb Available in Paging File | 89,00% Paging File free

Paging file location(s): C:\pagefile.sys 8184 16368 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 343,89 Gb Total Space | 70,82 Gb Free Space | 20,59% Space Free | Partition Type: NTFS

Drive D: | 121,87 Gb Total Space | 8,19 Gb Free Space | 6,72% Space Free | Partition Type: NTFS

Drive I: | 638,37 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: PCBASTI | User Name: Basti | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Dokumente und Einstellungen\Basti\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Last.fm\LastFM.exe (Last.fm)

PRC - C:\Programme\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Programme\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Programme\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Programme\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Programme\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Programme\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Programme\jeak.de\QIP 2005\qip.exe (The Author of QIP)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Dokumente und Einstellungen\Basti\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found

SRV - (AVGIDSAgent) -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

SRV - (avgwd) -- C:\Programme\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (pgsql-8.3) -- C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (WBio) -- C:\DOKUME~1\Basti\LOKALE~1\Temp\iniuriar0-winxp.sys File not found

DRV - (SymIMMP) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys File not found

DRV - (SymIM) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys File not found

DRV - (GGSAFERDriver) -- C:\Programme\Garena\safedrv.sys File not found

DRV - (catchme) -- C:\DOKUME~1\Basti\LOKALE~1\Temp\catchme.sys File not found

DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()

DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )

DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )

DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )

DRV - (RivaTuner32) -- C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys ()

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)

DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()

DRV - (EuMusDesignVirtualAudioCableWdm_s2x) Sound2x Audio Cable (WDM) -- C:\WINDOWS\system32\drivers\vacs2xkd.sys (Eugene V. Muzychenko)

DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()

DRV - (ASPI) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q="

FF - prefs.js..network.proxy.http: "localhost"

FF - prefs.js..network.proxy.http_port: 9666

FF - prefs.js..network.proxy.socks: "localhost"

FF - prefs.js..network.proxy.socks_port: 9050

FF - prefs.js..network.proxy.socks_remote_dns: true

FF - prefs.js..network.proxy.ssl: "localhost"

FF - prefs.js..network.proxy.ssl_port: 9666

FF - prefs.js..network.proxy.type: 0

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programme\AVG\AVG10\Firefox\ [2010.12.15 11:18:56 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.12.11 15:56:44 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.12.11 15:56:44 | 000,000,000 | ---D | M]

 

[2010.08.30 17:08:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Basti\Anwendungsdaten\Mozilla\Extensions

[2010.12.18 11:15:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Basti\Anwendungsdaten\Mozilla\Firefox\Profiles\q57fa5ta.default\extensions

[2010.09.13 08:37:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Basti\Anwendungsdaten\Mozilla\Firefox\Profiles\q57fa5ta.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.09.17 12:40:32 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Basti\Anwendungsdaten\Mozilla\Firefox\Profiles\q57fa5ta.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}

[2010.10.13 10:20:19 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Basti\Anwendungsdaten\Mozilla\Firefox\Profiles\q57fa5ta.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2010.10.08 15:18:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Basti\Anwendungsdaten\Mozilla\Firefox\Profiles\q57fa5ta.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2010.12.16 12:45:24 | 000,001,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Basti\Anwendungsdaten\Mozilla\Firefox\Profiles\q57fa5ta.default\searchplugins\icqplugin.xml

[2010.12.18 11:15:58 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

[2010.09.22 13:58:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010.09.22 13:58:24 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll

[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll

[2010.07.23 01:48:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.07.23 01:48:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.07.23 01:48:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.07.23 01:48:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.07.23 01:48:56 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2010.11.07 12:57:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKCU..\Run: [QIP2005] C:\Programme\jeak.de\QIP 2005\qip.exe (The Author of QIP)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Basti\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010.08.30 16:42:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2003.05.19 14:23:50 | 000,049,152 | R--- | M] () - I:\autoplay.exe -- [ CDFS ]

O32 - AutoRun File - [2003.02.12 09:01:48 | 000,000,050 | R--- | M] () - I:\autorun.inf -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Programme\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Programme\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.12.18 11:53:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP

[2010.12.15 12:40:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Basti\Anwendungsdaten\AVG

[2010.12.15 11:49:06 | 000,000,000 | -H-D | C] -- C:\$AVG

[2010.12.15 11:20:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Basti\Anwendungsdaten\AVG10

[2010.12.15 11:19:24 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files

[2010.12.15 11:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG

[2010.12.15 11:18:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG10

[2010.12.15 11:18:25 | 000,000,000 | ---D | C] -- C:\Programme\AVG

[2010.12.15 11:17:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData

[2010.12.05 12:23:00 | 000,000,000 | ---D | C] -- C:\Programme\Ski Alpin Racing 2007

[2010.12.01 20:05:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Basti\Anwendungsdaten\Winter Sports 2011

[2010.12.01 19:58:33 | 000,000,000 | ---D | C] -- C:\Programme\Winter Sports 2011

[2010.11.26 18:31:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Basti\Desktop\erhbxf

[2010.11.26 15:18:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Anwendungsdaten\PunkBuster

[2010.11.26 14:59:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Basti\Anwendungsdaten\id Software

[2010.11.26 14:59:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles

[2010.11.26 14:59:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\id Software

[2010.11.24 16:05:40 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll

[2010.11.24 16:05:40 | 000,042,880 | ---- | C] (Eugene V. Muzychenko) -- C:\WINDOWS\System32\drivers\vacs2xkd.sys

[2010.11.24 16:05:40 | 000,022,528 | ---- | C] (Jukka Poikolainen Software) -- C:\WINDOWS\System32\WNASPI32.DLL

[2010.11.24 16:05:40 | 000,016,512 | ---- | C] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS

[2010.11.24 16:05:38 | 000,000,000 | ---D | C] -- C:\Programme\4Musics OGG to MP3 Converter

[2010.11.19 19:35:27 | 000,139,264 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\War3Unin.exe

[2010.11.19 19:35:08 | 000,000,000 | ---D | C] -- C:\Programme\Garena

[2010.11.19 19:32:26 | 000,000,000 | ---D | C] -- C:\Programme\Warcraft III

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.12.19 15:07:37 | 000,118,784 | ---- | M] () -- C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.12.19 08:02:33 | 102,092,412 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2010.12.18 21:06:13 | 000,000,596 | ---- | M] () -- C:\Dokumente und Einstellungen\Basti\Desktop\pvpTool.lnk

[2010.12.18 13:37:09 | 000,000,749 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\World of Warcraft.lnk

[2010.12.18 12:00:04 | 000,449,452 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2010.12.18 12:00:04 | 000,433,338 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010.12.18 12:00:04 | 000,081,086 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2010.12.18 12:00:04 | 000,068,294 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010.12.18 11:55:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010.12.18 11:45:16 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010.12.16 03:29:54 | 000,093,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010.12.16 03:13:13 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010.12.15 11:19:18 | 000,000,686 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG 2011.lnk

[2010.12.15 10:58:46 | 000,000,331 | -HS- | M] () -- C:\boot.ini

[2010.12.05 12:24:02 | 000,000,790 | ---- | M] () -- C:\Dokumente und Einstellungen\Basti\Desktop\Ski Alpin Racing 2007.lnk

[2010.12.04 00:28:13 | 007,184,965 | ---- | M] () -- C:\Dokumente und Einstellungen\Basti\Eigene Dateien\Neu WinRAR-ZIP-Archiv.zip

[2010.12.04 00:28:00 | 015,110,444 | ---- | M] () -- C:\Dokumente und Einstellungen\Basti\Eigene Dateien\ts3_recording_10_12_04_0_24_2.wav

[2010.12.01 20:03:27 | 000,001,681 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Winter Sports 2011.lnk

[2010.12.01 16:18:49 | 000,137,960 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2010.12.01 16:18:39 | 000,235,248 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr

[2010.12.01 15:25:35 | 000,000,600 | ---- | M] () -- C:\Dokumente und Einstellungen\Basti\PUTTY.RND

[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010.11.26 15:32:01 | 000,000,707 | ---- | M] () -- C:\Dokumente und Einstellungen\Basti\Desktop\Verknüpfung mit Frozen Throne.lnk

[2010.11.26 14:59:38 | 002,373,712 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe

[2010.11.25 08:51:25 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010.11.24 16:59:56 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk

[2010.11.19 19:54:10 | 000,076,421 | ---- | M] () -- C:\WINDOWS\War3Unin.dat

[2010.11.19 19:40:57 | 000,002,829 | ---- | M] () -- C:\WINDOWS\War3Unin.pif

[2010.11.19 19:40:56 | 000,139,264 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\War3Unin.exe

[2010.11.19 19:35:16 | 000,000,626 | ---- | M] () -- C:\Dokumente und Einstellungen\Basti\Desktop\Garena.lnk

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2010.12.19 08:02:33 | 102,092,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2010.12.18 21:06:13 | 000,000,596 | ---- | C] () -- C:\Dokumente und Einstellungen\Basti\Desktop\pvpTool.lnk

[2010.12.15 11:19:18 | 000,000,686 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG 2011.lnk

[2010.12.14 03:00:38 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2010.12.05 12:24:02 | 000,000,790 | ---- | C] () -- C:\Dokumente und Einstellungen\Basti\Desktop\Ski Alpin Racing 2007.lnk

[2010.12.04 00:28:09 | 007,184,965 | ---- | C] () -- C:\Dokumente und Einstellungen\Basti\Eigene Dateien\Neu WinRAR-ZIP-Archiv.zip

[2010.12.04 00:24:05 | 015,110,444 | ---- | C] () -- C:\Dokumente und Einstellungen\Basti\Eigene Dateien\ts3_recording_10_12_04_0_24_2.wav

[2010.12.01 20:03:27 | 000,001,681 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Winter Sports 2011.lnk

[2010.11.30 18:28:59 | 000,137,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2010.11.30 18:28:50 | 000,235,248 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.xtr

[2010.11.26 15:32:01 | 000,000,707 | ---- | C] () -- C:\Dokumente und Einstellungen\Basti\Desktop\Verknüpfung mit Frozen Throne.lnk

[2010.11.26 14:59:40 | 000,235,248 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe

[2010.11.26 14:59:38 | 002,373,712 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe

[2010.11.26 14:59:38 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe

[2010.11.25 08:51:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010.11.19 19:35:29 | 000,076,421 | ---- | C] () -- C:\WINDOWS\War3Unin.dat

[2010.11.19 19:35:28 | 000,002,829 | ---- | C] () -- C:\WINDOWS\War3Unin.pif

[2010.11.19 19:35:16 | 000,000,626 | ---- | C] () -- C:\Dokumente und Einstellungen\Basti\Desktop\Garena.lnk

[2010.11.01 21:10:35 | 000,004,157 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bltofzsb.qlf

[2010.09.11 13:44:03 | 002,129,952 | ---- | C] () -- C:\Programme\Kova 2011 Roster.ROS

[2010.09.08 15:21:34 | 000,001,733 | ---- | C] () -- C:\WINDOWS\TSearch.INI

[2010.09.08 13:33:51 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2010.08.31 14:19:32 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2010.08.31 14:19:31 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2010.08.31 14:19:29 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2010.08.31 14:19:29 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2010.08.31 14:19:28 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2010.08.31 14:16:31 | 000,118,784 | ---- | C] () -- C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.08.30 17:33:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010.08.30 17:01:15 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll

[2010.08.30 17:01:15 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys

[2010.08.30 17:01:12 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys

[2010.08.30 17:01:12 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys

[2010.08.30 16:53:05 | 000,031,114 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini

[2010.08.30 16:52:44 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2010.08.30 16:52:26 | 000,030,767 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2010.08.30 16:52:26 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2009.11.06 09:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
 

< End of report >

--- --- ---
OTL Logfile:

Code:

OTL Extras logfile created on: 19.12.2010 17:23:10 - Run 2

OTL by OldTimer - Version 3.2.17.3     Folder = C:\Dokumente und Einstellungen\Basti\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 78,00% Memory free

7,00 Gb Paging File | 6,00 Gb Available in Paging File | 89,00% Paging File free

Paging file location(s): C:\pagefile.sys 8184 16368 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 343,89 Gb Total Space | 70,82 Gb Free Space | 20,59% Space Free | Partition Type: NTFS

Drive D: | 121,87 Gb Total Space | 8,19 Gb Free Space | 6,72% Space Free | Partition Type: NTFS

Drive I: | 638,37 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: PCBASTI | User Name: Basti | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

"6881:TCP" = 6881:TCP:*:Enabled:Blizzard Downloader: 6881

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)

"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\BitTorrent\BitTorrent.exe" = C:\Programme\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

"C:\Programme\jeak.de\QIP 2005\qip.exe" = C:\Programme\jeak.de\QIP 2005\qip.exe:*:Enabled:Quiet Internet Pager -- (The Author of QIP)

"C:\Programme\World of Warcraft\WoW-3.2.0.10192-to-3.3.0.10958-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.2.0.10192-to-3.3.0.10958-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)

"C:\Programme\World of Warcraft\Launcher.exe" = C:\Programme\World of Warcraft\Launcher.exe:*:Enabled:Launcher.exe -- (Blizzard Entertainment)

"C:\Programme\Codemasters\F1 2010\F1_2010_game.exe" = C:\Programme\Codemasters\F1 2010\F1_2010_game.exe:*:Enabled:F1 2010 -- (Codemasters)

"C:\Programme\2K Sports\NBA 2K11\nba2k11.exe" = C:\Programme\2K Sports\NBA 2K11\nba2k11.exe:*:Enabled:NBA 2K11 -- (2K Sports)

"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)

"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)

"D:\Steam\steamapps\itsab11\counter-strike source\hl2.exe" = D:\Steam\steamapps\itsab11\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()

"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"D:\Steam\steamapps\itsab11\counter-strike\hl.exe" = D:\Steam\steamapps\itsab11\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)

"C:\Programme\AVG\AVG10\avgdiagex.exe" = C:\Programme\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnose 2011 -- (AVG Technologies CZ, s.r.o.)

"C:\Programme\AVG\AVG10\avgnsx.exe" = C:\Programme\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)

"C:\Programme\AVG\AVG10\avgmfapx.exe" = C:\Programme\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG-Installationsprogramm -- (AVG Technologies CZ, s.r.o.)

"C:\Programme\AVG\AVG10\avgemcx.exe" = C:\Programme\AVG\AVG10\avgemcx.exe:*:Enabled:Personal eMail-Scanner -- (AVG Technologies CZ, s.r.o.)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable

"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{21040472-F8DF-48A9-A093-2986C1495670}" = Lineage® II: The Chaotic Throne - Freya

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20

"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE

"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3CD5832D-13D9-4751-8B22-3A7D3F4ACA42}" = Quake Live Mozilla Plugin

"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11

"{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011

"{5AD96CF5-2627-4F29-9D2D-72FCD85F6355}" = AVG 2011

"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2

"{81DD0597-29EB-4FA0-8223-4F41362B2E72}" = NBA 2K11

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine

"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support

"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime

"{ED005281-E361-4378-AFAB-829B1ACB073D}" = QIP 2010 4196 Jeak-Edition

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011

"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour

"4Musics OGG to MP3 Converter 4.4_is1" = 4Musics OGG to MP3 Converter 4.4

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AVG" = AVG 2011

"BitTorrent" = BitTorrent

"CCleaner" = CCleaner

"EA Installer.828943773" = EA Installer

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8

"FUSSBALL MANAGER 11" = FUSSBALL MANAGER 11

"Garena" = Garena 2010

"GFWL_{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010

"JDownloader" = JDownloader

"KLiteCodecPack_is1" = K-Lite Codec Pack 6.3.0 (Full)

"LastFM_is1" = Last.fm 1.5.4.27091

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"mIRC" = mIRC

"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"PokerStars" = PokerStars

"PokerTracker3" = PokerTracker 3 (remove only)

"PunkBusterSvc" = PunkBuster Services

"QIP 2005 8095 Jeak-Edition" = QIP 2005 8095 Jeak-Edition

"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition

"Ski Alpin Racing 2007_0001" = Ski Alpin Racing 2007

"StarCraft II" = StarCraft II

"Steam App 310" = Team Fortress 2 Dedicated Server

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"TmNationsForever_is1" = TmNationsForever

"Veetle TV" = Veetle TV 0.9.18

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format Runtime

"WinRAR archiver" = WinRAR

"Winter Sports 2011_is1" = Winter Sports 2011

"World of Warcraft" = World of Warcraft

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

"Octoshape Streaming Services" = Octoshape Streaming Services

"Warcraft III" = Warcraft III: All Products

"Winamp Detect" = Winamp Erkennungs-Plug-in

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 06.11.2010 13:27:02 | Computer Name = PCBASTI | Source = MsiInstaller | ID = 1013

Description = Produkt: Microsoft .NET Framework 2.0 Service Pack 2 -- Microsoft 

.NET Framework 2.0 Service Pack 2 cannot be uninstalled because it will affect other

 applications that are installed. For more information, see hxxp://go.microsoft.com/fwlink/?LinkId=91126.

 

[ System Events ]

Error - 15.12.2010 14:47:41 | Computer Name = PCBASTI | Source = Service Control Manager | ID = 7001

Description = Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig,

 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31

 

Error - 15.12.2010 14:47:41 | Computer Name = PCBASTI | Source = Service Control Manager | ID = 7001

Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig,

 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31

 

Error - 15.12.2010 14:47:41 | Computer Name = PCBASTI | Source = Service Control Manager | ID = 7001

Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "AFD" abhängig,

 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31

 

Error - 15.12.2010 14:47:41 | Computer Name = PCBASTI | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Apple Mobile Device" ist vom Dienst "TCP/IP-Protokolltreiber"

 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31

 

Error - 15.12.2010 14:47:41 | Computer Name = PCBASTI | Source = Service Control Manager | ID = 7001

Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,

 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31

 

Error - 15.12.2010 14:47:41 | Computer Name = PCBASTI | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   AFD  AsIO  Avgldx86  Avgmfx86  Avgtdix  Fips  intelppm  IPSec  MRxSmb  NetBIOS  NetBT  RasAcd  Rdbss  sptd

Tcpip

 

Error - 15.12.2010 17:14:04 | Computer Name = PCBASTI | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 15.12.2010 18:42:50 | Computer Name = PCBASTI | Source = EventLog | ID = 6004

Description = Ein Treiberpaket, das vom E/A-Teilsystem empfangen wurde, war ungültig.

 Die Daten sind  das Paket.

 

Error - 15.12.2010 18:42:57 | Computer Name = PCBASTI | Source = EventLog | ID = 6004

Description = Ein Treiberpaket, das vom E/A-Teilsystem empfangen wurde, war ungültig.

 Die Daten sind  das Paket.

 

Error - 15.12.2010 18:43:07 | Computer Name = PCBASTI | Source = EventLog | ID = 6004

Description = Ein Treiberpaket, das vom E/A-Teilsystem empfangen wurde, war ungültig.

 Die Daten sind  das Paket.

 

 

< End of report >

--- --- ---

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

DRV - (WBio) -- C:\DOKUME~1\Basti\LOKALE~1\Temp\iniuriar0-winxp.sys File not found

DRV - (SymIMMP) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys File not found

DRV - (SymIM) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys File not found

DRV - (GGSAFERDriver) -- C:\Programme\Garena\safedrv.sys File not found

FF - prefs.js..network.proxy.http: "localhost"

FF - prefs.js..network.proxy.http_port: 9666

FF - prefs.js..network.proxy.socks: "localhost"

FF - prefs.js..network.proxy.socks_port: 9050

FF - prefs.js..network.proxy.socks_remote_dns: true

FF - prefs.js..network.proxy.ssl: "localhost"

FF - prefs.js..network.proxy.ssl_port: 9666

FF - prefs.js..network.proxy.type: 0

:Commands

[purity]

[resethosts]

[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

All processes killed
========== OTL ==========
Service WBio stopped successfully!
Service WBio deleted successfully!
File C:\DOKUME~1\Basti\LOKALE~1\Temp\iniuriar0-winxp.sys File not found not found.
Service SymIMMP stopped successfully!
Service SymIMMP deleted successfully!
File C:\WINDOWS\System32\DRIVERS\SymIM.sys File not found not found.
Service SymIM stopped successfully!
Service SymIM deleted successfully!
File C:\WINDOWS\System32\DRIVERS\SymIM.sys File not found not found.
Service GGSAFERDriver stopped successfully!
Service GGSAFERDriver deleted successfully!
File C:\Programme\Garena\safedrv.sys File not found not found.
Prefs.js: "localhost" removed from network.proxy.http
Prefs.js: 9666 removed from network.proxy.http_port
Prefs.js: "localhost" removed from network.proxy.socks
Prefs.js: 9050 removed from network.proxy.socks_port
Prefs.js: true removed from network.proxy.socks_remote_dns
Prefs.js: "localhost" removed from network.proxy.ssl
Prefs.js: 9666 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Basti
->Temp folder emptied: 7676297 bytes
->Temporary Internet Files folder emptied: 26997105 bytes
->Java cache emptied: 45983 bytes
->FireFox cache emptied: 111795567 bytes
->Flash cache emptied: 5582 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2352202 bytes
%systemroot%\System32 .tmp files removed: 2431631 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 124044 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 145,00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 12232010_193840

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

aber irgendwie ist dieses "system" mit der hohen Auslastung immer noch im Task Manager :/

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Also um cofi überhaupt ausführen zu können war ich ja gezwungen AVG zu deinstallieren. Seitdem ist dieses "System" aus dem Taskmanager wieder mit normaler SPeicherauslastung drin. Wäre aber komisch wenn ein Virenprogramm den Fehler verursacht oder etwa nicht? Werde auf jeden Fall mal schauen ob es evtl. daran lag und die Disconnects nun aufhören.

Nichtsdestotrotz hier der combofix log

Combofix Logfile:

Code:

ComboFix 10-12-23.02 - Basti 23.12.2010  23:52:15.2.4 - x86

Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.3327.2940 [GMT 1:00]

ausgeführt von:: c:\dokumente und einstellungen\Basti\Desktop\Cofi.exe

.
 

(((((((((((((((((((((((   Dateien erstellt von 2010-11-23 bis 2010-12-23  ))))))))))))))))))))))))))))))

.
 

2010-12-23 18:38 . 2010-12-23 18:38        --------        d-----w-        C:\_OTL

2010-12-18 10:53 . 2010-12-23 22:48        --------        d---a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP

2010-12-15 18:46 . 2010-12-18 10:53        --------        d-----w-        c:\dokumente und einstellungen\Administrator

2010-12-15 10:20 . 2010-12-15 10:20        --------        d-----w-        c:\dokumente und einstellungen\Basti\Anwendungsdaten\AVG10

2010-12-15 10:19 . 2010-12-15 10:19        --------        d--h--w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Common Files

2010-12-15 10:18 . 2010-12-23 22:31        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\AVG10

2010-12-15 10:18 . 2010-12-23 22:49        --------        d-----w-        c:\programme\AVG

2010-12-15 10:17 . 2010-12-15 10:18        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\MFAData

2010-12-05 11:23 . 2010-12-05 11:27        --------        d-----w-        c:\programme\Ski Alpin Racing 2007

2010-12-01 19:05 . 2010-12-01 19:45        --------        d-----w-        c:\dokumente und einstellungen\Basti\Anwendungsdaten\Winter Sports 2011

2010-12-01 18:58 . 2010-12-01 19:05        --------        d-----w-        c:\programme\Winter Sports 2011

2010-11-30 17:28 . 2010-12-01 15:18        137960        ----a-w-        c:\windows\system32\drivers\PnkBstrK.sys

2010-11-30 17:28 . 2010-12-01 15:18        235248        ----a-w-        c:\windows\system32\PnkBstrB.xtr

2010-11-26 14:18 . 2010-11-26 14:18        --------        d-----w-        c:\dokumente und einstellungen\Basti\Lokale Einstellungen\Anwendungsdaten\PunkBuster

2010-11-26 13:59 . 2010-11-26 13:59        --------        d-----w-        c:\dokumente und einstellungen\Basti\Anwendungsdaten\id Software

2010-11-26 13:59 . 2010-12-01 15:18        235248        ----a-w-        c:\windows\system32\PnkBstrB.exe

2010-11-26 13:59 . 2010-11-26 13:59        75064        ----a-w-        c:\windows\system32\PnkBstrA.exe

2010-11-26 13:59 . 2010-11-26 13:59        2373712        ----a-w-        c:\windows\system32\pbsvc.exe

2010-11-26 13:59 . 2010-11-26 13:59        --------        d-----w-        c:\windows\system32\LogFiles

2010-11-26 13:59 . 2010-11-26 13:59        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\id Software

2010-11-24 15:05 . 2007-11-01 17:53        42880        ----a-w-        c:\windows\system32\drivers\vacs2xkd.sys

2010-11-24 15:05 . 2003-03-19 09:19        1060864        ----a-w-        c:\windows\system32\MFC71.dll

2010-11-24 15:05 . 2003-03-19 06:14        499712        ----a-w-        c:\windows\system32\msvcp71.dll

2010-11-24 15:05 . 2002-07-17 08:05        16512        ----a-w-        c:\windows\system32\drivers\ASPI32.SYS

2010-11-24 15:05 . 2001-03-17 21:34        22528        ----a-w-        c:\windows\system32\WNASPI32.DLL

2010-11-24 15:05 . 2010-11-24 15:06        --------        d-----w-        c:\programme\4Musics OGG to MP3 Converter
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-29 16:42 . 2010-11-06 18:56        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-29 16:42 . 2010-11-06 18:56        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2010-11-19 18:40 . 2010-11-19 18:35        2829        ----a-w-        c:\windows\War3Unin.pif

2010-11-19 18:40 . 2010-11-19 18:35        139264        ----a-w-        c:\windows\War3Unin.exe

2010-11-18 18:12 . 2010-08-30 15:40        86016        ----a-w-        c:\windows\system32\isign32.dll

2010-11-17 12:41 . 2010-11-17 11:21        5840062622        ----a-w-        C:\Lineage-II-Freya.zip

2010-11-05 05:04 . 2008-04-14 12:00        672768        ----a-w-        c:\windows\system32\wininet.dll

2010-11-05 05:04 . 2008-04-14 12:00        61952        ----a-w-        c:\windows\system32\tdc.ocx

2010-11-05 05:04 . 2008-04-14 12:00        81920        ----a-w-        c:\windows\system32\ieencode.dll

2010-11-05 05:02 . 2008-04-14 12:00        371200        ----a-w-        c:\windows\system32\html.iec

2010-11-02 15:17 . 2008-04-14 12:00        40960        ----a-w-        c:\windows\system32\drivers\ndproxy.sys

2010-10-28 13:12 . 2008-04-14 12:00        290048        ----a-w-        c:\windows\system32\atmfd.dll

2010-10-26 14:05 . 2008-04-14 12:00        1853440        ----a-w-        c:\windows\system32\win32k.sys

2010-10-22 06:23 . 2010-08-30 16:11        61440        ----a-w-        c:\windows\system32\OpenCL.dll

2010-10-22 06:23 . 2010-08-30 16:11        14532608        ----a-w-        c:\windows\system32\nvoglnt.dll

2010-10-22 06:23 . 2010-11-06 18:27        888424        ----a-w-        c:\windows\system32\nvdispco32.dll

2010-10-22 06:23 . 2010-11-06 18:27        813672        ----a-w-        c:\windows\system32\nvgenco32.dll

2010-10-22 06:23 . 2010-08-30 16:11        2932840        ----a-w-        c:\windows\system32\nvcuvid.dll

2010-10-22 06:23 . 2010-08-30 16:11        2666600        ----a-w-        c:\windows\system32\nvcuvenc.dll

2010-10-22 06:23 . 2010-08-30 16:11        4882432        ----a-w-        c:\windows\system32\nvcuda.dll

2010-10-22 06:23 . 2010-08-30 16:11        9623680        ----a-w-        c:\windows\system32\drivers\nv4_mini.sys

2010-10-22 06:23 . 2010-08-30 16:11        1462272        ----a-w-        c:\windows\system32\nvapi.dll

2010-10-22 06:23 . 2010-08-30 16:11        13012992        ----a-w-        c:\windows\system32\nvcompiler.dll

2010-10-22 06:23 . 2010-08-30 16:11        6359552        ----a-w-        c:\windows\system32\nv4_disp.dll

2010-10-16 11:05 . 2010-10-16 11:05        81920        ----a-w-        c:\windows\system32\nvwddi.dll

2010-10-16 11:05 . 2010-10-16 11:05        335872        ----a-w-        c:\windows\system32\nvrsar.dll

2010-10-16 11:05 . 2010-10-16 11:05        331776        ----a-w-        c:\windows\system32\nvrshe.dll

2010-10-16 11:05 . 2010-10-16 11:05        286720        ----a-w-        c:\windows\system32\nvrsfr.dll

2010-10-16 11:05 . 2010-10-16 11:05        282624        ----a-w-        c:\windows\system32\nvrses.dll

2010-10-16 11:05 . 2010-10-16 11:05        282624        ----a-w-        c:\windows\system32\nvrsel.dll

2010-10-16 11:05 . 2010-10-16 11:05        278528        ----a-w-        c:\windows\system32\nvrsde.dll

2010-10-16 11:05 . 2010-10-16 11:05        274432        ----a-w-        c:\windows\system32\nvrsnl.dll

2010-10-16 11:05 . 2010-10-16 11:05        274432        ----a-w-        c:\windows\system32\nvrsesm.dll

2010-10-16 11:05 . 2010-10-16 11:05        270336        ----a-w-        c:\windows\system32\nvrsru.dll

2010-10-16 11:05 . 2010-10-16 11:05        270336        ----a-w-        c:\windows\system32\nvrsptb.dll

2010-10-16 11:05 . 2010-10-16 11:05        266240        ----a-w-        c:\windows\system32\nvrsko.dll

2010-10-16 11:05 . 2010-10-16 11:05        262144        ----a-w-        c:\windows\system32\nvrshu.dll

2010-10-16 11:05 . 2010-10-16 11:05        258048        ----a-w-        c:\windows\system32\nvrstr.dll

2010-10-16 11:05 . 2010-10-16 11:05        258048        ----a-w-        c:\windows\system32\nvrssl.dll

2010-10-16 11:05 . 2010-10-16 11:05        258048        ----a-w-        c:\windows\system32\nvrssk.dll

2010-10-16 11:05 . 2010-10-16 11:05        253952        ----a-w-        c:\windows\system32\nvrsth.dll

2010-10-16 11:05 . 2010-10-16 11:05        253952        ----a-w-        c:\windows\system32\nvrssv.dll

2010-10-16 11:05 . 2010-10-16 11:05        253952        ----a-w-        c:\windows\system32\nvrsda.dll

2010-10-16 11:05 . 2010-10-16 11:05        249856        ----a-w-        c:\windows\system32\nvrsfi.dll

2010-10-16 11:05 . 2010-10-16 11:05        249856        ----a-w-        c:\windows\system32\nvrseng.dll

2010-10-16 11:05 . 2010-10-16 11:05        249856        ----a-w-        c:\windows\system32\nvrscs.dll

2010-10-16 11:05 . 2010-10-16 11:05        229376        ----a-w-        c:\windows\system32\nvrszhc.dll

2010-10-16 11:05 . 2010-10-16 11:05        126976        ----a-w-        c:\windows\system32\nvrszht.dll

2010-10-16 11:05 . 2010-10-16 11:05        282624        ----a-w-        c:\windows\system32\nvrsit.dll

2010-10-16 11:05 . 2010-10-16 11:05        277608        ----a-w-        c:\windows\system32\nvmccs.dll

2010-10-16 11:05 . 2010-10-16 11:05        274432        ----a-w-        c:\windows\system32\nvrspt.dll

2010-10-16 11:05 . 2010-10-16 11:05        270336        ----a-w-        c:\windows\system32\nvrsja.dll

2010-10-16 11:05 . 2010-10-16 11:05        258048        ----a-w-        c:\windows\system32\nvrspl.dll

2010-10-16 11:05 . 2010-10-16 11:05        253952        ----a-w-        c:\windows\system32\nvrsno.dll

2010-10-16 11:05 . 2010-10-16 11:05        156776        ----a-w-        c:\windows\system32\nvsvc32.exe

2010-10-16 11:05 . 2010-10-16 11:05        145000        ----a-w-        c:\windows\system32\nvcolor.exe

2010-10-16 11:05 . 2010-10-16 11:05        13851752        ----a-w-        c:\windows\system32\nvcpl.dll

2010-10-16 11:05 . 2010-10-16 11:05        110696        ----a-w-        c:\windows\system32\nvmctray.dll

.
 

(((((((((((((((((((((((((((((   SnapShot@2010-11-07_11.57.27   )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-11-19 18:35 . 2010-11-19 18:54        76421              c:\windows\War3Unin.dat

+ 2010-12-23 22:33 . 2010-12-23 22:33        16384              c:\windows\Temp\Perflib_Perfdata_698.dat

+ 2010-03-18 08:15 . 2010-03-18 08:15        51024              c:\windows\system32\vcomp100.dll

+ 2008-04-14 12:00 . 2010-11-03 13:12        46080              c:\windows\system32\tzchange.exe

- 2008-04-14 12:00 . 2010-06-21 14:46        46080              c:\windows\system32\tzchange.exe

- 2010-08-31 10:47 . 2007-11-30 03:39        18808              c:\windows\system32\spmsg.dll

+ 2010-08-31 10:47 . 2009-05-26 11:40        18808              c:\windows\system32\spmsg.dll

+ 2008-04-14 12:00 . 2010-12-23 22:47        68294              c:\windows\system32\perfc009.dat

+ 2008-04-14 12:00 . 2010-12-23 22:47        81086              c:\windows\system32\perfc007.dat

+ 2010-03-18 08:15 . 2010-03-18 08:15        80720              c:\windows\system32\mfcm100u.dll

+ 2010-03-18 08:15 . 2010-03-18 08:15        80208              c:\windows\system32\mfcm100.dll

+ 2010-03-18 08:15 . 2010-03-18 08:15        60752              c:\windows\system32\mfc100rus.dll

+ 2010-03-18 08:15 . 2010-03-18 08:15        43344              c:\windows\system32\mfc100kor.dll

+ 2010-03-18 08:15 . 2010-03-18 08:15        43856              c:\windows\system32\mfc100jpn.dll

+ 2010-03-18 08:15 . 2010-03-18 08:15        62288              c:\windows\system32\mfc100ita.dll

+ 2010-03-18 08:15 . 2010-03-18 08:15        64336              c:\windows\system32\mfc100fra.dll

+ 2010-03-18 08:15 . 2010-03-18 08:15        63824              c:\windows\system32\mfc100esn.dll

+ 2010-03-18 08:15 . 2010-03-18 08:15        55120              c:\windows\system32\mfc100enu.dll

+ 2010-03-18 08:15 . 2010-03-18 08:15        64336              c:\windows\system32\mfc100deu.dll

+ 2010-03-18 08:15 . 2010-03-18 08:15        36176              c:\windows\system32\mfc100cht.dll

+ 2010-03-18 08:15 . 2010-03-18 08:15        36176              c:\windows\system32\mfc100chs.dll

+ 2010-08-30 16:32 . 2010-12-16 02:29        93480              c:\windows\system32\FNTCACHE.DAT

- 2010-08-30 16:32 . 2010-11-06 18:33        93480              c:\windows\system32\FNTCACHE.DAT

+ 2008-04-14 00:15 . 2008-04-13 23:15        49408              c:\windows\system32\drivers\stream.sys

- 2008-04-14 00:15 . 2008-04-13 22:15        49408              c:\windows\system32\drivers\stream.sys

- 2010-08-30 16:01 . 2008-04-13 22:15        60160              c:\windows\system32\drivers\drmk.sys

+ 2010-08-30 16:01 . 2008-04-13 23:15        60160              c:\windows\system32\drivers\drmk.sys

+ 2010-08-30 15:40 . 2010-10-11 14:59        45568              c:\windows\system32\dllcache\wab.exe

- 2008-04-14 00:15 . 2008-04-13 22:15        49408              c:\windows\system32\dllcache\stream.sys

+ 2008-04-14 00:15 . 2008-04-13 23:15        49408              c:\windows\system32\dllcache\stream.sys

+ 2008-04-14 12:00 . 2010-11-02 15:17        40960              c:\windows\system32\dllcache\ndproxy.sys

+ 2010-08-30 15:40 . 2010-11-18 18:12        86016              c:\windows\system32\dllcache\isign32.dll

- 2010-08-30 15:40 . 2008-04-14 12:00        86016              c:\windows\system32\dllcache\isign32.dll

- 2008-04-14 12:00 . 2010-09-09 14:17        81920              c:\windows\system32\dllcache\ieencode.dll

+ 2008-04-14 12:00 . 2010-11-05 05:04        81920              c:\windows\system32\dllcache\ieencode.dll

- 2010-08-30 16:01 . 2008-04-13 22:15        60160              c:\windows\system32\dllcache\drmk.sys

+ 2010-08-30 16:01 . 2008-04-13 23:15        60160              c:\windows\system32\dllcache\drmk.sys

- 2010-08-30 15:44 . 2010-08-30 15:44        32768              c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat

+ 2010-08-30 15:44 . 2010-12-07 05:47        32768              c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat

+ 2010-08-30 15:44 . 2010-12-07 05:47        32768              c:\windows\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat

- 2010-08-30 15:44 . 2010-08-30 15:44        32768              c:\windows\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat

+ 2010-11-15 05:51 . 2010-12-07 05:47        16384              c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2010-08-30 15:44 . 2010-08-30 15:44        16384              c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2008-07-29 18:16 . 2008-07-29 18:16        32768              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll

+ 2010-04-07 22:48 . 2010-04-07 22:48        32768              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll

+ 2010-09-22 08:43 . 2010-09-22 08:43        30544              c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe

+ 2008-07-29 20:07 . 2008-07-29 20:07        23040              c:\windows\Installer\696ac.msp

+ 2007-12-28 08:27 . 2007-12-28 08:27        25088              c:\windows\Installer\68b4d1.msp

+ 2007-12-28 06:43 . 2007-12-28 06:43        22016              c:\windows\Installer\68b4bf.msp

+ 2010-11-11 21:34 . 2010-11-11 21:34        88576              c:\windows\Installer\3d244.msi

+ 2010-12-16 02:14 . 2010-12-16 02:14        60928              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5ec9dec678303ebff0ef018edb5ec595\UIAutomationProvider.ni.dll

+ 2010-12-16 02:16 . 2010-12-16 02:16        37888              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll

+ 2010-12-16 02:16 . 2010-12-16 02:16        36864              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\70ee6267f7bad40e8707d402277770c3\System.Web.DynamicData.Design.ni.dll

+ 2010-12-16 02:15 . 2010-12-16 02:15        94208              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2b5ff2c6358c483eb1439b99badb54fd\System.ComponentModel.DataAnnotations.ni.dll

+ 2010-12-16 02:15 . 2010-12-16 02:15        82944              c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\6125ff5a4fcd93d70a246cbff3005d42\System.AddIn.Contract.ni.dll

+ 2010-12-16 02:12 . 2010-12-16 02:12        47104              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\de26af01222270c121788161496fcfe7\PresentationFontCache.ni.exe

+ 2010-12-16 02:12 . 2010-12-16 02:12        39424              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3c5adeedb70e6e052a6556c6ab9b6918\PresentationCFFRasterizer.ni.dll

+ 2010-12-16 02:16 . 2010-12-16 02:16        55296              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll

+ 2010-12-16 02:15 . 2010-12-16 02:15        74752              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e1d4e0b1f112000ab33bbaf88bd9ed99\Microsoft.Build.Framework.ni.dll

+ 2010-12-16 02:15 . 2010-12-16 02:15        65024              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4200cf5b7f247ec1b997808c6d1ba7d1\Microsoft.Build.Framework.ni.dll

+ 2010-12-16 02:15 . 2010-12-16 02:15        14336              c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\50b7fc7f36c76313cbb434b10923e4e9\dfsvc.ni.exe

+ 2010-12-16 02:15 . 2010-12-16 02:15        25600              c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5ffa548547613dbc5a92f2c5b7cad196\Accessibility.ni.dll

+ 2010-11-11 21:35 . 2010-11-11 21:35        94208              c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll

- 2010-11-06 18:24 . 2010-11-06 18:24        94208              c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll

- 2010-11-06 18:24 . 2010-11-06 18:24        98304              c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll

+ 2010-11-11 21:35 . 2010-11-11 21:35        98304              c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll

- 2010-11-06 18:24 . 2010-11-06 18:24        40960              c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll

+ 2010-11-11 21:35 . 2010-11-11 21:35        40960              c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll

+ 2010-11-11 21:37 . 2010-11-11 21:37        12288              c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll

- 2010-11-06 18:25 . 2010-11-06 18:25        12288              c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll

+ 2010-11-10 11:19 . 2010-11-10 11:19        81920              c:\windows\assembly\GAC_MSIL\System.Web.Services.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Web.Services.Resources.dll

- 2010-11-06 17:48 . 2010-11-06 17:48        81920              c:\windows\assembly\GAC_MSIL\System.Web.Services.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Web.Services.Resources.dll

+ 2010-11-11 21:37 . 2010-11-11 21:37        61440              c:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll

- 2010-11-06 18:25 . 2010-11-06 18:25        61440              c:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        77824              c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2010-12-16 02:11 . 2010-12-16 02:11        77824              c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

- 2010-11-06 17:48 . 2010-11-06 17:48        81920              c:\windows\assembly\GAC_MSIL\System.Web.Mobile.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Web.Mobile.resources.dll

+ 2010-11-10 11:19 . 2010-11-10 11:19        81920              c:\windows\assembly\GAC_MSIL\System.Web.Mobile.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Web.Mobile.resources.dll

- 2010-11-06 18:25 . 2010-11-06 18:25        32768              c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll

+ 2010-11-11 21:37 . 2010-11-11 21:37        32768              c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll

+ 2010-11-11 21:37 . 2010-11-11 21:37        77824              c:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll

- 2010-11-06 18:25 . 2010-11-06 18:25        77824              c:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll

- 2010-11-06 17:48 . 2010-11-06 17:48        28672              c:\windows\assembly\GAC_MSIL\System.Transactions.resources\2.0.0.0_de_b77a5c561934e089\System.Transactions.resources.dll

+ 2010-11-10 11:19 . 2010-11-10 11:19        28672              c:\windows\assembly\GAC_MSIL\System.Transactions.resources\2.0.0.0_de_b77a5c561934e089\System.Transactions.resources.dll

+ 2010-11-10 11:19 . 2010-11-10 11:19        40960              c:\windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.Resources.dll

- 2010-11-06 17:48 . 2010-11-06 17:48        40960              c:\windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.Resources.dll

- 2010-11-06 18:24 . 2010-11-06 18:24        32768              c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll

+ 2010-12-16 02:06 . 2010-12-16 02:06        32768              c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll

+ 2010-11-11 21:35 . 2010-11-11 21:35        73728              c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll

- 2010-11-06 18:24 . 2010-11-06 18:24        73728              c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll

- 2010-11-06 17:48 . 2010-11-06 17:48        28672              c:\windows\assembly\GAC_MSIL\System.Security.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Security.Resources.dll

+ 2010-11-10 11:19 . 2010-11-10 11:19        28672              c:\windows\assembly\GAC_MSIL\System.Security.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Security.Resources.dll

- 2010-11-06 17:48 . 2010-11-06 17:48        11776              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.Resources.dll

+ 2010-11-10 11:19 . 2010-11-10 11:19        11776              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.Resources.dll

- 2010-11-06 17:48 . 2010-11-06 17:48        32768              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.Resources.dll

+ 2010-11-10 11:19 . 2010-11-10 11:19        32768              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.Resources.dll

- 2010-11-06 17:48 . 2010-11-06 17:48        61440              c:\windows\assembly\GAC_MSIL\System.Messaging.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Messaging.Resources.dll

+ 2010-11-10 11:19 . 2010-11-10 11:19        61440              c:\windows\assembly\GAC_MSIL\System.Messaging.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Messaging.Resources.dll

- 2010-11-06 17:48 . 2010-11-06 17:48        13824              c:\windows\assembly\GAC_MSIL\system.management.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Management.Resources.dll

+ 2010-11-10 11:19 . 2010-11-10 11:19        13824              c:\windows\assembly\GAC_MSIL\system.management.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Management.Resources.dll

+ 2010-11-10 11:19 . 2010-11-10 11:19        32768              c:\windows\assembly\GAC_MSIL\System.EnterpriseServices.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.EnterpriseServices.Resources.dll

- 2010-11-06 17:48 . 2010-11-06 17:48        32768              c:\windows\assembly\GAC_MSIL\System.EnterpriseServices.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.EnterpriseServices.Resources.dll

- 2010-11-06 17:48 . 2010-11-06 17:48        24576              c:\windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Drawing.Resources.dll

+ 2010-11-10 11:19 . 2010-11-10 11:19        24576              c:\windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Drawing.Resources.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        81920              c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2010-12-16 02:11 . 2010-12-16 02:11        81920              c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2010-11-06 17:48 . 2010-11-06 17:48        40960              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.DirectoryServices.Resources.dll

+ 2010-11-10 11:19 . 2010-11-10 11:19        40960              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.DirectoryServices.Resources.dll

+ 2010-11-10 11:19 . 2010-11-10 11:19        28672              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.DirectoryServices.Protocols.resources.dll

- 2010-11-06 17:48 . 2010-11-06 17:48        28672              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.DirectoryServices.Protocols.resources.dll

+ 2010-11-10 11:19 . 2010-11-10 11:19        36864              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml.resources\2.0.0.0_de_b77a5c561934e089\system.data.sqlxml.resources.dll

- 2010-11-06 17:48 . 2010-11-06 17:48        36864              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml.resources\2.0.0.0_de_b77a5c561934e089\system.data.sqlxml.resources.dll

+ 2010-11-11 21:36 . 2010-11-11 21:36        53248              c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll

- 2010-11-06 18:25 . 2010-11-06 18:25        53248              c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll

+ 2010-11-10 11:19 . 2010-11-10 11:19        49152              c:\windows\assembly\GAC_MSIL\SYSTEM.CONFIGURATION.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Configuration.resources.dll

- 2010-11-06 17:48 . 2010-11-06 17:48        49152              c:\windows\assembly\GAC_MSIL\SYSTEM.CONFIGURATION.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Configuration.resources.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        81920              c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2010-12-16 02:12 . 2010-12-16 02:12        81920              c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2010-11-06 17:48 . 2010-11-06 17:48        28672              c:\windows\assembly\GAC_MSIL\System.Configuration.Install.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Configuration.Install.Resources.dll

+ 2010-11-10 11:19 . 2010-11-10 11:19        28672              c:\windows\assembly\GAC_MSIL\System.Configuration.Install.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Configuration.Install.Resources.dll

- 2010-11-06 18:25 . 2010-11-06 18:25        57344              c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll

+ 2010-11-11 21:37 . 2010-11-11 21:37        57344              c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll

+ 2010-11-11 21:36 . 2010-11-11 21:36        45056              c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll

- 2010-11-06 18:25 . 2010-11-06 18:25        45056              c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll

- 2010-11-06 17:48 . 2010-11-06 17:48        10752              c:\windows\assembly\GAC_MSIL\sysglobl.resources\2.0.0.0_de_b03f5f7f11d50a3a\sysglobl.resources.dll

+ 2010-11-10 11:19 . 2010-11-10 11:19        10752              c:\windows\assembly\GAC_MSIL\sysglobl.resources\2.0.0.0_de_b03f5f7f11d50a3a\sysglobl.resources.dll

- 2010-11-06 18:24 . 2010-11-06 18:24        46104              c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe

+ 2010-11-11 21:35 . 2010-11-11 21:35        46104              c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe

- 2010-11-06 18:24 . 2010-11-06 18:24        32768              c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll

+ 2010-11-11 21:35 . 2010-11-11 21:35        32768              c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll

+ 2010-12-16 02:11 . 2010-12-16 02:11        32768              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        32768              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        12800              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2010-12-16 02:12 . 2010-12-16 02:12        12800              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

- 2010-11-06 18:25 . 2010-11-06 18:25        41984              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll

+ 2010-11-11 21:36 . 2010-11-11 21:36        41984              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        28672              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2010-12-16 02:12 . 2010-12-16 02:12        28672              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

- 2010-11-06 17:48 . 2010-11-06 17:48        61440              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll

+ 2010-11-10 11:19 . 2010-11-10 11:19        61440              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll

- 2010-11-06 17:48 . 2010-11-06 17:48        45056              c:\windows\assembly\GAC_MSIL\Microsoft.Jscript.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.JScript.Resources.dll

+ 2010-11-10 11:19 . 2010-11-10 11:19        45056              c:\windows\assembly\GAC_MSIL\Microsoft.Jscript.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.JScript.Resources.dll

+ 2010-12-16 02:12 . 2010-12-16 02:12        77824              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        77824              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2010-11-11 21:36 . 2010-11-11 21:36        94208              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll

- 2010-11-06 18:25 . 2010-11-06 18:25        94208              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll

+ 2010-11-10 11:19 . 2010-11-10 11:19        10752              c:\windows\assembly\GAC_MSIL\microsoft.build.utilities.resources\2.0.0.0_de_b03f5f7f11d50a3a\Microsoft.Build.Utilities.Resources.dll

- 2010-11-06 17:48 . 2010-11-06 17:48        10752              c:\windows\assembly\GAC_MSIL\microsoft.build.utilities.resources\2.0.0.0_de_b03f5f7f11d50a3a\Microsoft.Build.Utilities.Resources.dll

+ 2010-12-16 02:12 . 2010-12-16 02:12        36864              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        36864              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2010-11-10 11:19 . 2010-11-10 11:19        53248              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\2.0.0.0_de_b03f5f7f11d50a3a\Microsoft.Build.Engine.resources.dll

- 2010-11-06 17:48 . 2010-11-06 17:48        53248              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\2.0.0.0_de_b03f5f7f11d50a3a\Microsoft.Build.Engine.resources.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        77824              c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2010-12-16 02:12 . 2010-12-16 02:12        77824              c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2010-12-16 02:12 . 2010-12-16 02:12        13312              c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        13312              c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        10752              c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2010-12-16 02:12 . 2010-12-16 02:12        10752              c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        72192              c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2010-12-16 02:12 . 2010-12-16 02:12        72192              c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2010-12-16 02:12 . 2010-12-16 02:12        69120              c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        69120              c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        8192              c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2010-12-16 02:12 . 2010-12-16 02:12        8192              c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2010-11-17 13:05 . 2009-04-06 09:08        4682              c:\windows\system32\npptNT2.sys

- 2010-11-06 17:48 . 2010-11-06 17:48        6144              c:\windows\assembly\GAC_MSIL\System.Drawing.Design.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Drawing.Design.Resources.dll

+ 2010-11-10 11:19 . 2010-11-10 11:19        6144              c:\windows\assembly\GAC_MSIL\System.Drawing.Design.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Drawing.Design.Resources.dll

- 2010-11-06 18:25 . 2010-11-06 18:25        5632              c:\windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll

+ 2010-11-11 21:36 . 2010-11-11 21:36        5632              c:\windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        7168              c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2010-12-16 02:12 . 2010-12-16 02:12        7168              c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2010-12-16 02:12 . 2010-12-16 02:12        5632              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2010-11-06 21:24 . 2010-11-06 21:24        5632              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2010-11-10 11:19 . 2010-11-10 11:19        9728              c:\windows\assembly\GAC_MSIL\MICROSOFT.VISUALBASIC.COMPATIBILITY.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.resources.dll

- 2010-11-06 17:48 . 2010-11-06 17:48        9728              c:\windows\assembly\GAC_MSIL\MICROSOFT.VISUALBASIC.COMPATIBILITY.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.resources.dll

+ 2010-11-10 11:19 . 2010-11-10 11:19        9216              c:\windows\assembly\GAC_MSIL\MICROSOFT.VISUALBASIC.COMPATIBILITY.DATA.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.resources.dll

- 2010-11-06 17:48 . 2010-11-06 17:48        9216              c:\windows\assembly\GAC_MSIL\MICROSOFT.VISUALBASIC.COMPATIBILITY.DATA.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.resources.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        6656              c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2010-12-16 02:12 . 2010-12-16 02:12        6656              c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2010-12-16 02:12 . 2010-12-16 02:12        113664              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        113664              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

+ 2010-12-16 02:12 . 2010-12-16 02:12        258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2008-04-14 12:00 . 2010-11-05 05:04        628736              c:\windows\system32\urlmon.dll

- 2008-04-14 12:00 . 2010-09-09 14:17        628736              c:\windows\system32\urlmon.dll

+ 2008-04-14 12:00 . 2010-12-23 22:47        433338              c:\windows\system32\perfh009.dat

+ 2008-04-14 12:00 . 2010-12-23 22:47        449452              c:\windows\system32\perfh007.dat

+ 2010-03-18 08:15 . 2010-03-18 08:15        770384              c:\windows\system32\msvcr100.dll

+ 2010-03-18 08:15 . 2010-03-18 08:15        421200              c:\windows\system32\msvcp100.dll

+ 2008-04-14 12:00 . 2010-11-05 05:04        532480              c:\windows\system32\mstime.dll

- 2008-04-14 12:00 . 2008-04-14 12:00        532480              c:\windows\system32\mstime.dll

+ 2008-04-14 12:00 . 2010-11-05 05:04        449024              c:\windows\system32\mshtmled.dll

- 2008-04-14 12:00 . 2010-09-09 14:17        449024              c:\windows\system32\mshtmled.dll

+ 2010-11-18 19:42 . 2010-11-18 19:42        233936              c:\windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe

- 2008-04-14 12:00 . 2010-09-09 14:17        251904              c:\windows\system32\iepeers.dll

+ 2008-04-14 12:00 . 2010-11-05 05:04        251904              c:\windows\system32\iepeers.dll

+ 2010-08-30 16:01 . 2008-04-13 23:49        146048              c:\windows\system32\drivers\portcls.sys

- 2010-08-30 16:01 . 2008-04-13 22:49        146048              c:\windows\system32\drivers\portcls.sys

+ 2008-04-14 00:46 . 2008-04-13 23:46        141056              c:\windows\system32\drivers\ks.sys

- 2008-04-14 00:46 . 2008-04-13 22:46        141056              c:\windows\system32\drivers\ks.sys

+ 2008-04-14 12:00 . 2010-11-05 05:04        672768              c:\windows\system32\dllcache\wininet.dll

- 2008-04-14 12:00 . 2010-09-09 14:17        672768              c:\windows\system32\dllcache\wininet.dll

- 2008-04-14 12:00 . 2010-09-09 14:17        628736              c:\windows\system32\dllcache\urlmon.dll

+ 2008-04-14 12:00 . 2010-11-05 05:04        628736              c:\windows\system32\dllcache\urlmon.dll

- 2010-08-30 16:01 . 2008-04-13 22:49        146048              c:\windows\system32\dllcache\portcls.sys

+ 2010-08-30 16:01 . 2008-04-13 23:49        146048              c:\windows\system32\dllcache\portcls.sys

+ 2008-04-14 12:00 . 2010-11-05 05:04        532480              c:\windows\system32\dllcache\mstime.dll

- 2008-04-14 12:00 . 2008-04-14 12:00        532480              c:\windows\system32\dllcache\mstime.dll

- 2008-04-14 12:00 . 2010-09-09 14:17        449024              c:\windows\system32\dllcache\mshtmled.dll

+ 2008-04-14 12:00 . 2010-11-05 05:04        449024              c:\windows\system32\dllcache\mshtmled.dll

+ 2008-04-14 00:46 . 2008-04-13 23:46        141056              c:\windows\system32\dllcache\ks.sys

- 2008-04-14 00:46 . 2008-04-13 22:46        141056              c:\windows\system32\dllcache\ks.sys

- 2008-04-14 12:00 . 2010-09-09 14:17        251904              c:\windows\system32\dllcache\iepeers.dll

+ 2008-04-14 12:00 . 2010-11-05 05:04        251904              c:\windows\system32\dllcache\iepeers.dll

+ 2008-04-14 12:00 . 2010-10-28 13:12        290048              c:\windows\system32\dllcache\atmfd.dll

+ 2010-03-18 08:15 . 2010-03-18 08:15        138056              c:\windows\system32\atl100.dll

+ 2010-11-11 21:36 . 2010-11-11 21:36        652800              c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi

- 2010-11-06 18:24 . 2010-11-06 18:24        652800              c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi

+ 2010-04-07 22:48 . 2010-04-07 22:48        970752              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll

- 2008-07-29 18:16 . 2008-07-29 18:16        110592              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll

+ 2010-04-07 22:48 . 2010-04-07 22:48        110592              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll

+ 2010-09-22 08:43 . 2010-09-22 08:43        435024              c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll

+ 2010-05-11 05:40 . 2010-05-11 05:40        388936              c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll

- 2009-08-07 22:51 . 2009-08-07 22:51        989016              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

+ 2010-05-11 05:40 . 2010-05-11 05:40        989016              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

+ 2009-03-20 10:48 . 2009-03-20 10:48        183808              c:\windows\Installer\91cb446.msp

+ 2008-12-13 08:58 . 2008-12-13 08:58        754688              c:\windows\Installer\7b33b.msp

+ 2010-11-11 21:37 . 2010-11-11 21:37        648192              c:\windows\Installer\7b265.msi

+ 2008-07-29 20:23 . 2008-07-29 20:23        250880              c:\windows\Installer\696b5.msp

+ 2008-07-29 20:28 . 2008-07-29 20:28        278016              c:\windows\Installer\696b3.msp

+ 2008-07-29 18:40 . 2008-07-29 18:40        291840              c:\windows\Installer\696b1.msp

+ 2010-11-11 21:36 . 2010-11-11 21:36        137728              c:\windows\Installer\696ab.msi

+ 2007-12-28 08:19 . 2007-12-28 08:19        152064              c:\windows\Installer\68b4d3.msp

+ 2007-12-28 08:13 . 2007-12-28 08:13        117760              c:\windows\Installer\68b4d2.msp

+ 2007-12-28 08:15 . 2007-12-28 08:15        738304              c:\windows\Installer\68b4d0.msp

+ 2007-12-28 08:21 . 2007-12-28 08:21        314880              c:\windows\Installer\68b4cf.msp

+ 2007-12-28 08:17 . 2007-12-28 08:17        166912              c:\windows\Installer\68b4ce.msp

+ 2007-12-28 06:49 . 2007-12-28 06:49        709120              c:\windows\Installer\68b4be.msp

+ 2007-12-28 06:56 . 2007-12-28 06:56        491008              c:\windows\Installer\68b4bd.msp

+ 2007-12-28 06:41 . 2007-12-28 06:41        245248              c:\windows\Installer\68b4bc.msp

+ 2007-12-28 06:53 . 2007-12-28 06:53        706560              c:\windows\Installer\68b4bb.msp

+ 2010-11-10 11:19 . 2010-11-10 11:19        103424              c:\windows\Installer\68b4ba.msi

+ 2010-11-10 11:08 . 2010-11-10 11:08        151552              c:\windows\Installer\5f4b19.msi

+ 2008-07-29 16:35 . 2008-07-29 16:35        553472              c:\windows\Installer\3d249.msp

+ 2008-07-29 16:33 . 2008-07-29 16:33        506368              c:\windows\Installer\3d247.msp

+ 2008-07-29 16:37 . 2008-07-29 16:37        911360              c:\windows\Installer\3d246.msp

+ 2010-11-26 13:59 . 2010-11-26 13:59        178176              c:\windows\Installer\1c91d7f.msi

+ 2010-09-23 20:02 . 2010-09-23 20:02        798208              c:\windows\Installer\106ca81.msp

+ 2010-11-10 23:25 . 2010-11-10 23:25        380928              c:\windows\Installer\{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}\iTunesIco.exe

+ 2010-09-22 17:10 . 2010-09-22 17:10        103864              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B7449A0400000010\9.4.0\nppdf32.dll

+ 2010-12-16 02:15 . 2010-12-16 02:15        321536              c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\a16b8bcca59515281688ec856c034698\WsatConfig.ni.exe

+ 2010-12-16 02:14 . 2010-12-16 02:14        240128              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\672c4d8e3c33e309c1ed90fa4cb85aba\WindowsFormsIntegration.ni.dll

+ 2010-12-16 02:14 . 2010-12-16 02:14        187904              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\cd91a32f4e36ccb2981c72c0d333e928\UIAutomationTypes.ni.dll

+ 2010-12-16 02:13 . 2010-12-16 02:14        447488              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\9df760fdf8071c7b0de78f39de365e6a\UIAutomationClient.ni.dll

+ 2010-12-16 02:16 . 2010-12-16 02:16        129536              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\7f9a1ae146571025fd49914b5c71a39b\System.Web.Routing.ni.dll

+ 2010-12-16 02:16 . 2010-12-16 02:16        202240              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\d0ae809162b55e2fa958739177476af8\System.Web.RegularExpressions.ni.dll

+ 2010-12-16 02:16 . 2010-12-16 02:16        859648              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\b1646e54b708b9824f4193f87eb00c0e\System.Web.Extensions.Design.ni.dll

+ 2010-12-16 02:16 . 2010-12-16 02:16        328704              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\504a93e73da77c502ecf98bfdfc1485e\System.Web.Entity.ni.dll

+ 2010-12-16 02:16 . 2010-12-16 02:16        301056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f22334fbd9497d79448fffef515ae0cc\System.Web.Entity.Design.ni.dll

+ 2010-12-16 02:16 . 2010-12-16 02:16        547328              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\af5452305588da228a74e30324681d20\System.Web.DynamicData.ni.dll

+ 2010-12-16 02:16 . 2010-12-16 02:16        141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\9d9bca1a8993c427984aa1bc9c165a33\System.Web.Abstractions.ni.dll

+ 2010-12-16 02:16 . 2010-12-16 02:16        627200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\26d5bf1f7e700c2c19aa9b1da5519b24\System.Transactions.ni.dll

+ 2010-12-16 02:16 . 2010-12-16 02:16        212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll

+ 2010-12-16 02:15 . 2010-12-16 02:15        679936              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\75e331a5d731d8e207be07adc06dec23\System.Security.ni.dll

+ 2010-12-16 02:16 . 2010-12-16 02:16        311296              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dd7497aa089340600c8c5af8ab421ff7\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2010-12-16 02:16 . 2010-12-16 02:16        621056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll

+ 2010-12-16 02:16 . 2010-12-16 02:16        998400              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll

+ 2010-12-16 02:16 . 2010-12-16 02:16        330752              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll

+ 2010-12-16 02:15 . 2010-12-16 02:15        381440              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\4490976887e2e5a3b594041edbdf5064\System.IO.Log.ni.dll

+ 2010-12-16 02:15 . 2010-12-16 02:15        212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\77b9f6f6671aaaeb84c6907d467e792c\System.IdentityModel.Selectors.ni.dll

+ 2010-12-16 02:13 . 2010-12-16 02:13        208384              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\90199b4aa63b1b9c8ed0c3de16eec824\System.Drawing.Design.ni.dll

+ 2010-12-16 02:16 . 2010-12-16 02:16        881152              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll

+ 2010-12-16 02:16 . 2010-12-16 02:16        455680              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7a823a4f61cf8c86aad02559f8fed07b\System.DirectoryServices.Protocols.ni.dll

+ 2010-12-16 02:16 . 2010-12-16 02:16        354816              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll

+ 2010-12-16 02:16 . 2010-12-16 02:16        939008              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll

+ 2010-12-16 02:16 . 2010-12-16 02:16        756736              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\165bd290e518b9397ca55192985fdee3\System.Data.Entity.Design.ni.dll

+ 2010-12-16 02:15 . 2010-12-16 02:15        135680              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\41345e34f26854fc1878eae3e4d5d4a5\System.Data.DataSetExtensions.ni.dll

+ 2010-12-16 02:15 . 2010-12-16 02:15        971264              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll

+ 2010-12-16 02:16 . 2010-12-16 02:16        141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\b48677ab9aa7a6830785f67b8478b4da\System.Configuration.Install.ni.dll

+ 2010-12-16 02:15 . 2010-12-16 02:15        633856              c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\93a0958d5557e2b380647af0171ad354\System.AddIn.ni.dll

+ 2010-12-16 02:15 . 2010-12-16 02:15        366080              c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d0758f84e927e3f0a15a6cde1b96d835\SMSvcHost.ni.exe

+ 2010-12-16 02:15 . 2010-12-16 02:15        256000              c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8043a108e3bb2d3dcc84b547b8085e99\SMDiagnostics.ni.dll

+ 2010-12-16 02:15 . 2010-12-16 02:15        320512              c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\72d3aacfca2e1ce835c210f5a1decb36\ServiceModelReg.ni.exe

+ 2010-12-16 02:13 . 2010-12-16 02:13        368128              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e7e7321956e6822b1bf3691c35c842f6\PresentationFramework.Aero.ni.dll

+ 2010-12-16 02:13 . 2010-12-16 02:13        258048              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a14488afff027f0f2985e659449097f5\PresentationFramework.Royale.ni.dll

+ 2010-12-16 02:13 . 2010-12-16 02:13        224768              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\787e60c5dd562cb45887080095d2a3b7\PresentationFramework.Classic.ni.dll

+ 2010-12-16 02:13 . 2010-12-16 02:13        539648              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2313ccc125dcb6a9800048ec1c51ec12\PresentationFramework.Luna.ni.dll

+ 2010-12-16 02:15 . 2010-12-16 02:15        133632              c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5db9c32d9f352162e6da220ca463db0d\MSBuild.ni.exe

+ 2010-12-16 02:15 . 2010-12-16 02:15        386560              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fcf975f74bd134d8e0fa8f37c5bc6a8c\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2010-12-16 02:15 . 2010-12-16 02:15        144384              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d6b9038136600fbfbbbd7460dc19da19\Microsoft.Build.Utilities.ni.dll

+ 2010-12-16 02:15 . 2010-12-16 02:15        175104              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\585cc7218599e7806521d0e737ba5ffb\Microsoft.Build.Utilities.v3.5.ni.dll

+ 2010-12-16 02:15 . 2010-12-16 02:15        839680              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3057ec53731286e69e389d103c32fa41\Microsoft.Build.Engine.ni.dll

+ 2010-12-16 02:15 . 2010-12-16 02:15        222720              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\914e338ac6e92714f3e32ae5d89bf03b\Microsoft.Build.Conversion.v3.5.ni.dll

+ 2010-12-16 02:15 . 2010-12-16 02:15        220672              c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\12ae6f3635448471fc9f7d8bfe39c67d\CustomMarshalers.ni.dll

+ 2010-12-16 02:15 . 2010-12-16 02:15        410112              c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\daca3c9ad6d867d3fec70d14b4f20cf3\ComSvcConfig.ni.exe

+ 2010-12-16 02:15 . 2010-12-16 02:15        842240              c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\af4a3ae6d5c1cafa57002beb487b8d7a\AspNetMMCExt.ni.dll

+ 2010-11-11 21:35 . 2010-11-11 21:35        385024              c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll

- 2010-11-06 18:24 . 2010-11-06 18:24        385024              c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll

- 2010-11-06 18:24 . 2010-11-06 18:24        167936              c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll

+ 2010-11-11 21:35 . 2010-11-11 21:35        167936              c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll

+ 2010-11-10 11:19 . 2010-11-10 11:19        163840              c:\windows\assembly\GAC_MSIL\System.XML.resources\2.0.0.0_de_b77a5c561934e089\System.xml.Resources.dll

- 2010-11-06 17:48 . 2010-11-06 17:48        163840              c:\windows\assembly\GAC_MSIL\System.XML.resources\2.0.0.0_de_b77a5c561934e089\System.xml.Resources.dll

- 2010-11-06 18:24 . 2010-11-06 18:24        507904              c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll

+ 2010-11-11 21:36 . 2010-11-11 21:36        507904              c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll

+ 2010-11-11 21:35 . 2010-11-11 21:35        540672              c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll

- 2010-11-06 18:24 . 2010-11-06 18:24        540672              c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll

+ 2010-11-10 11:19 . 2010-11-10 11:19        430080              c:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.Resources.dll

- 2010-11-06 17:48 . 2010-11-06 17:48        430080              c:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.Resources.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        839680              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2010-12-16 02:11 . 2010-12-16 02:11        839680              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2010-11-10 11:19 . 2010-11-10 11:19        622592              c:\windows\assembly\GAC_MSIL\System.Web.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Web.Resources.dll

- 2010-11-06 17:48 . 2010-11-06 17:48        622592              c:\windows\assembly\GAC_MSIL\System.Web.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Web.Resources.dll

+ 2010-12-16 02:11 . 2010-12-16 02:11        835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2010-11-11 21:37 . 2010-11-11 21:37        335872              c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll

- 2010-11-06 18:25 . 2010-11-06 18:25        335872              c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll

+ 2010-11-11 21:41 . 2010-11-11 21:41        139264              c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll

- 2010-11-06 21:22 . 2010-11-06 21:22        139264              c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll

- 2010-11-06 18:25 . 2010-11-06 18:25        131072              c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll

+ 2010-11-11 21:37 . 2010-11-11 21:37        131072              c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll

+ 2010-11-11 21:41 . 2010-11-11 21:41        229376              c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll

- 2010-11-06 21:22 . 2010-11-06 21:22        229376              c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll

+ 2010-11-10 11:17 . 2010-11-10 11:17        688128              c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll

- 2010-11-06 17:47 . 2010-11-06 17:47        688128              c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll

+ 2010-12-16 02:12 . 2010-12-16 02:12        114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

- 2010-11-06 18:24 . 2010-11-06 18:24        569344              c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll

+ 2010-11-11 21:36 . 2010-11-11 21:36        569344              c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll

+ 2010-12-16 02:12 . 2010-12-16 02:12        258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2010-12-16 02:06 . 2010-12-16 02:06        970752              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

+ 2010-12-16 02:11 . 2010-12-16 02:11        131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        303104              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2010-12-16 02:11 . 2010-12-16 02:11        303104              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2010-11-06 17:48 . 2010-11-06 17:48        212992              c:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\system.resources.dll

+ 2010-11-10 11:19 . 2010-11-10 11:19        212992              c:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\system.resources.dll

+ 2010-11-11 21:37 . 2010-11-11 21:37        233472              c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll

- 2010-11-06 18:25 . 2010-11-06 18:25        233472              c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2010-12-16 02:11 . 2010-12-16 02:11        258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2010-12-16 02:12 . 2010-12-16 02:12        372736              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        372736              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2010-11-11 21:37 . 2010-11-11 21:37        143360              c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll

- 2010-11-06 18:25 . 2010-11-06 18:25        143360              c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll

+ 2010-11-11 21:35 . 2010-11-11 21:35        131072              c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll

- 2010-11-06 18:24 . 2010-11-06 18:24        131072              c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll

+ 2010-12-16 02:06 . 2010-12-16 02:06        438272              c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll

- 2010-11-06 18:24 . 2010-11-06 18:24        126976              c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll

+ 2010-11-11 21:35 . 2010-11-11 21:35        126976              c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        626688              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2010-12-16 02:12 . 2010-12-16 02:12        626688              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        401408              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2010-12-16 02:12 . 2010-12-16 02:12        401408              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2010-12-16 02:12 . 2010-12-16 02:12        188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

- 2010-11-06 18:25 . 2010-11-06 18:25        286720              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll

+ 2010-11-11 21:36 . 2010-11-11 21:36        286720              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll

- 2010-11-06 17:48 . 2010-11-06 17:48        544768              c:\windows\assembly\GAC_MSIL\System.Design.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Design.Resources.dll

+ 2010-11-10 11:19 . 2010-11-10 11:19        544768              c:\windows\assembly\GAC_MSIL\System.Design.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Design.Resources.dll

+ 2010-12-16 02:12 . 2010-12-16 02:12        970752              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        970752              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2010-11-10 11:19 . 2010-11-10 11:19        389120              c:\windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll

- 2010-11-06 17:48 . 2010-11-06 17:48        389120              c:\windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll

+ 2010-12-16 02:12 . 2010-12-16 02:12        745472              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        745472              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2010-11-11 21:41 . 2010-11-11 21:41        442368              c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll

- 2010-11-06 21:22 . 2010-11-06 21:22        442368              c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll

+ 2010-11-11 21:36 . 2010-11-11 21:36        114688              c:\windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll

- 2010-11-06 18:24 . 2010-11-06 18:24        114688              c:\windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll

+ 2010-11-11 21:41 . 2010-11-11 21:41        294912              c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll

- 2010-11-06 21:22 . 2010-11-06 21:22        294912              c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll

+ 2010-11-10 11:19 . 2010-11-10 11:19        348160              c:\windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_de_b77a5c561934e089\System.Data.Resources.dll

- 2010-11-06 17:48 . 2010-11-06 17:48        348160              c:\windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_de_b77a5c561934e089\System.Data.Resources.dll

- 2010-11-06 17:48 . 2010-11-06 17:48        110592              c:\windows\assembly\GAC_MSIL\System.Data.OracleClient.resources\2.0.0.0_de_b77a5c561934e089\System.Data.OracleClient.resources.dll

+ 2010-11-10 11:19 . 2010-11-10 11:19        110592              c:\windows\assembly\GAC_MSIL\System.Data.OracleClient.resources\2.0.0.0_de_b77a5c561934e089\System.Data.OracleClient.resources.dll

+ 2010-11-11 21:36 . 2010-11-11 21:36        684032              c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll

- 2010-11-06 18:25 . 2010-11-06 18:25        684032              c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll

- 2010-11-06 18:25 . 2010-11-06 18:25        229376              c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll

+ 2010-11-11 21:36 . 2010-11-11 21:36        229376              c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll

- 2010-11-06 18:25 . 2010-11-06 18:25        667648              c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll

+ 2010-11-11 21:36 . 2010-11-11 21:36        667648              c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll

+ 2010-12-16 02:11 . 2010-12-16 02:11        425984              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        425984              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2010-11-06 18:25 . 2010-11-06 18:25        163840              c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll

+ 2010-11-11 21:36 . 2010-11-11 21:36        163840              c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2010-12-16 02:12 . 2010-12-16 02:12        110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2010-12-16 02:06 . 2010-12-16 02:06        110592              c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll

- 2010-11-06 18:24 . 2010-11-06 18:24        110592              c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll

+ 2010-11-11 21:35 . 2010-11-11 21:35        528384              c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll

- 2010-11-06 18:24 . 2010-11-06 18:24        528384              c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll

+ 2010-11-11 21:35 . 2010-11-11 21:35        864256              c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll

- 2010-11-06 18:24 . 2010-11-06 18:24        864256              c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll

+ 2010-11-11 21:35 . 2010-11-11 21:35        163840              c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll

- 2010-11-06 18:24 . 2010-11-06 18:24        163840              c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll

- 2010-11-06 18:24 . 2010-11-06 18:24        397312              c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll

+ 2010-11-11 21:35 . 2010-11-11 21:35        397312              c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll

- 2010-11-06 18:24 . 2010-11-06 18:24        139264              c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll

+ 2010-11-11 21:35 . 2010-11-11 21:35        139264              c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll

+ 2010-11-11 21:35 . 2010-11-11 21:35        196608              c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll

- 2010-11-06 18:24 . 2010-11-06 18:24        196608              c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll

- 2010-11-06 18:24 . 2010-11-06 18:24        598016              c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll

+ 2010-11-11 21:35 . 2010-11-11 21:35        598016              c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll

- 2010-11-06 17:48 . 2010-11-06 17:48        315392              c:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

+ 2010-11-10 11:19 . 2010-11-10 11:19        315392              c:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

+ 2010-12-16 02:11 . 2010-12-16 02:11        659456              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        659456              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2010-12-16 02:11 . 2010-12-16 02:11        372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2010-12-16 02:12 . 2010-12-16 02:12        110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2010-11-06 18:24 . 2010-11-06 18:24        397312              c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll

+ 2010-11-11 21:35 . 2010-11-11 21:35        397312              c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll

+ 2010-12-16 02:11 . 2010-12-16 02:11        749568              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        749568              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2010-12-16 02:12 . 2010-12-16 02:12        655360              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        655360              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

- 2010-11-06 18:25 . 2010-11-06 18:25        802816              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll

+ 2010-11-11 21:36 . 2010-11-11 21:36        802816              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll

+ 2010-11-10 11:19 . 2010-11-10 11:19        139264              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources\2.0.0.0_de_b03f5f7f11d50a3a\Microsoft.Build.Tasks.resources.dll

- 2010-11-06 17:48 . 2010-11-06 17:48        139264              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources\2.0.0.0_de_b03f5f7f11d50a3a\Microsoft.Build.Tasks.resources.dll

+ 2010-11-11 21:36 . 2010-11-11 21:36        733184              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

- 2010-11-06 18:25 . 2010-11-06 18:25        733184              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2010-12-16 02:12 . 2010-12-16 02:12        348160              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        348160              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

- 2010-11-06 18:25 . 2010-11-06 18:25        106496              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll

+ 2010-11-11 21:36 . 2010-11-11 21:36        106496              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll

+ 2010-12-16 02:11 . 2010-12-16 02:11        507904              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        507904              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2010-11-06 17:48 . 2010-11-06 17:48        315392              c:\windows\assembly\GAC_MSIL\AspNetMMCExt.resources\2.0.0.0_de_b03f5f7f11d50a3a\aspnetmmcext.resources.dll

+ 2010-11-10 11:18 . 2010-11-10 11:18        315392              c:\windows\assembly\GAC_MSIL\AspNetMMCExt.resources\2.0.0.0_de_b03f5f7f11d50a3a\aspnetmmcext.resources.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        261632              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2010-12-16 02:11 . 2010-12-16 02:11        261632              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2010-11-06 18:24 . 2010-11-06 18:24        368640              c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll

+ 2010-11-11 21:35 . 2010-11-11 21:35        368640              c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        486400              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2010-12-16 02:11 . 2010-12-16 02:11        486400              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

- 2010-11-06 18:24 . 2010-11-06 18:24        163840              c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

+ 2010-11-11 21:35 . 2010-11-11 21:35        163840              c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

- 2008-04-14 12:00 . 2010-09-09 14:17        1510400              c:\windows\system32\shdocvw.dll

+ 2008-04-14 12:00 . 2010-11-05 05:04        1510400              c:\windows\system32\shdocvw.dll

+ 2010-12-18 10:38 . 2010-12-18 10:54        6090120              c:\windows\system32\Restore\rstrlog.dat

+ 2008-04-14 12:00 . 2009-07-31 09:02        1372672              c:\windows\system32\msxml6.dll

+ 2008-04-14 12:00 . 2010-11-05 05:04        3097088              c:\windows\system32\mshtml.dll

+ 2010-03-18 08:15 . 2010-03-18 08:15        4368720              c:\windows\system32\mfc100u.dll

+ 2010-03-18 08:15 . 2010-03-18 08:15        4342088              c:\windows\system32\mfc100.dll

+ 2010-08-30 16:28 . 2010-11-18 19:42        5971408              c:\windows\system32\Macromed\Flash\NPSWF32.dll

+ 2008-04-14 12:00 . 2010-10-26 14:05        1853440              c:\windows\system32\dllcache\win32k.sys

- 2008-04-14 12:00 . 2010-09-09 14:17        1510400              c:\windows\system32\dllcache\shdocvw.dll

+ 2008-04-14 12:00 . 2010-11-05 05:04        1510400              c:\windows\system32\dllcache\shdocvw.dll

+ 2008-04-14 12:00 . 2009-07-31 09:02        1372672              c:\windows\system32\dllcache\msxml6.dll

+ 2008-04-14 12:00 . 2010-11-05 05:04        3097088              c:\windows\system32\dllcache\mshtml.dll

+ 2008-04-14 12:00 . 2010-11-05 05:04        1025024              c:\windows\system32\dllcache\browseui.dll

- 2008-04-14 12:00 . 2010-09-09 14:17        1025024              c:\windows\system32\dllcache\browseui.dll

+ 2010-09-08 12:50 . 2008-07-12 07:18        3851784              c:\windows\system32\D3DX9_39.dll

- 2010-09-08 12:50 . 2008-07-10 09:00        3851784              c:\windows\system32\D3DX9_39.dll

+ 2010-09-08 12:50 . 2006-03-31 11:40        2388176              c:\windows\system32\d3dx9_30.dll

- 2010-09-08 12:50 . 2006-03-31 10:40        2388176              c:\windows\system32\d3dx9_30.dll

+ 2008-04-14 12:00 . 2010-11-05 05:04        1025024              c:\windows\system32\browseui.dll

- 2008-04-14 12:00 . 2010-09-09 14:17        1025024              c:\windows\system32\browseui.dll

+ 2010-04-07 22:48 . 2010-04-07 22:48        5967872              c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll

- 2008-11-25 03:59 . 2008-11-25 03:59        5242880              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll

+ 2010-09-22 08:44 . 2010-09-22 08:44        5242880              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll

+ 2010-03-23 04:32 . 2010-03-23 04:32        3182592              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll

+ 2010-05-11 05:40 . 2010-05-11 05:40        5812560              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

- 2009-08-07 22:51 . 2009-08-07 22:51        5812560              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

+ 2010-05-11 05:40 . 2010-05-11 05:40        4550656              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2010-12-15 10:19 . 2010-12-15 10:19        3065856              c:\windows\Installer\a335b.msi

+ 2010-12-17 17:33 . 2010-12-17 17:33        1568768              c:\windows\Installer\86209d3.msi

+ 2008-12-13 08:57 . 2008-12-13 08:57        8397824              c:\windows\Installer\7b324.msp

+ 2008-07-29 18:26 . 2008-07-29 18:26        1043456              c:\windows\Installer\696b4.msp

+ 2008-07-29 19:37 . 2008-07-29 19:37        2679808              c:\windows\Installer\696b2.msp

+ 2008-07-29 20:15 . 2008-07-29 20:15        3697664              c:\windows\Installer\696b0.msp

+ 2008-07-29 18:34 . 2008-07-29 18:34        1448448              c:\windows\Installer\696af.msp

+ 2008-07-29 19:22 . 2008-07-29 19:22        4137984              c:\windows\Installer\696ae.msp

+ 2008-07-29 18:18 . 2008-07-29 18:18        3376640              c:\windows\Installer\696ad.msp

+ 2007-12-28 08:24 . 2007-12-28 08:24        4994048              c:\windows\Installer\68b4d4.msp

+ 2010-11-10 11:19 . 2010-11-10 11:19        1120768              c:\windows\Installer\68b4cd.msi

+ 2008-07-29 16:45 . 2008-07-29 16:45        2543616              c:\windows\Installer\3d24d.msp

+ 2008-07-29 16:29 . 2008-07-29 16:29        2926080              c:\windows\Installer\3d24c.msp

+ 2008-07-29 16:41 . 2008-07-29 16:41        6487040              c:\windows\Installer\3d24b.msp

+ 2008-07-29 16:39 . 2008-07-29 16:39        3403264              c:\windows\Installer\3d24a.msp

+ 2008-07-29 16:43 . 2008-07-29 16:43        1013248              c:\windows\Installer\3d248.msp

+ 2008-07-29 16:31 . 2008-07-29 16:31        6083072              c:\windows\Installer\3d245.msp

+ 2009-08-09 22:32 . 2009-08-09 22:32        5288960              c:\windows\Installer\28a41ba.msp

+ 2010-11-10 23:25 . 2010-11-10 23:25        6333440              c:\windows\Installer\281ec14.msi

+ 2010-11-10 23:23 . 2010-11-10 23:23        9472000              c:\windows\Installer\281ec10.msi

+ 2010-11-08 07:14 . 2010-11-08 07:14        3402752              c:\windows\Installer\15b7fe0b.msp

+ 2009-11-08 23:25 . 2009-11-08 23:25        1935360              c:\windows\Installer\106ca6c.msp

+ 2010-09-23 06:39 . 2010-09-23 06:39        4265472              c:\windows\Installer\106ca46.msp

+ 2010-04-11 21:17 . 2010-04-11 21:17        2607104              c:\windows\Installer\106ca2c.msp

+ 2010-09-16 02:08 . 2010-09-16 02:08        6210560              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B7449A0400000010\9.4.0\authplay.dll

+ 2008-12-05 18:30 . 2008-12-05 18:30        5283840              c:\windows\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\PresentationFramework_x86.dll

+ 2010-11-11 21:41 . 2010-11-11 21:41        5283840              c:\windows\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\PresentationFramework_GAC_x86.dll

+ 2010-12-16 02:13 . 2010-12-16 02:13        3325440              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cec7ecb8eac09dd630d180ce87d23b80\WindowsBase.ni.dll

+ 2010-12-16 02:14 . 2010-12-16 02:14        1049600              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\b7f6e7b265f9aae807ddc4284563e550\UIAutomationClientsideProviders.ni.dll

+ 2010-12-16 02:10 . 2010-12-16 02:10        7949824              c:\windows\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll

+ 2010-12-16 02:13 . 2010-12-16 02:13        5450752              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll

+ 2010-12-16 02:16 . 2010-12-16 02:16        1356288              c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bec60fe2e934a6284224ab45b0e981e2\System.WorkflowServices.ni.dll

+ 2010-12-16 02:16 . 2010-12-16 02:16        1908224              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\09da139c48e2f5e76994a5c0f2e5b19e\System.Workflow.Runtime.ni.dll

+ 2010-12-16 02:16 . 2010-12-16 02:16        4514304              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\6809417da74ff937e18b3034f1eac2f2\System.Workflow.ComponentModel.ni.dll

+ 2010-12-16 02:16 . 2010-12-16 02:16        2992640              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\6c91ee82035d30efa8893e7b0396bbb0\System.Workflow.Activities.ni.dll

+ 2010-12-16 02:16 . 2010-12-16 02:16        1840640              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\181254ba0cb690decedb950fd26d7bea\System.Web.Services.ni.dll

+ 2010-12-16 02:16 . 2010-12-16 02:16        2209280              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4200f716e9a41cb91d17516ba864e586\System.Web.Mobile.ni.dll

+ 2010-12-16 02:16 . 2010-12-16 02:16        2405376              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\da367bc2ecf2c9c5b4f858b6dba9e2ea\System.Web.Extensions.ni.dll

+ 2010-12-16 02:16 . 2010-12-16 02:16        1917952              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5eb08849d17b272ed2a393420cb0305b\System.Speech.ni.dll

+ 2010-12-16 02:16 . 2010-12-16 02:16        1706496              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\8e34e273d036b7468fc4e951a1fde437\System.ServiceModel.Web.ni.dll

+ 2010-12-16 02:15 . 2010-12-16 02:15        2345472              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8061a0f5c1c2ee0549e19224352f67fa\System.Runtime.Serialization.ni.dll

+ 2010-12-16 02:13 . 2010-12-16 02:13        1035776              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\99767d4df92b83fdfb06012512722ec1\System.Printing.ni.dll

+ 2010-12-16 02:15 . 2010-12-16 02:15        1070080              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\095bb4f033374647b6d66c51f16bb886\System.IdentityModel.ni.dll

+ 2010-12-16 02:13 . 2010-12-16 02:13        1587200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll

+ 2010-12-16 02:16 . 2010-12-16 02:16        1116672              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d20b7e58607ddb1ded9b687627ae8c21\System.DirectoryServices.ni.dll

+ 2010-12-16 02:16 . 2010-12-16 02:16        1801216              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\daa33674d4250e38a24b70180d209ac8\System.Deployment.ni.dll

+ 2010-12-16 02:13 . 2010-12-16 02:13        6616576              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f04ef00e652a8655a717639e8aeb7b63\System.Data.ni.dll

+ 2010-12-16 02:15 . 2010-12-16 02:15        2510336              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f0470c2be4e6bb1dadbeed43e4e8af5c\System.Data.SqlXml.ni.dll

+ 2010-12-16 02:16 . 2010-12-16 02:16        1328128              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\b8c9267d87b7358e1a5f00bf1572c313\System.Data.Services.ni.dll

+ 2010-12-16 02:13 . 2010-12-16 02:13        2516480              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c18c236a09e715138daec2e25be205bb\System.Data.Linq.ni.dll

+ 2010-12-16 02:16 . 2010-12-16 02:16        9924096              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6ce886492d9b6a34555be3f328682ec2\System.Data.Entity.ni.dll

+ 2010-12-16 02:12 . 2010-12-16 02:12        2295296              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\faeda674832135a080bc73eda51813ff\System.Core.ni.dll

+ 2010-12-16 02:13 . 2010-12-16 02:13        2128896              c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\3e85c3d63ce3c3f37061aa626feb2a52\ReachFramework.ni.dll

+ 2010-12-16 02:13 . 2010-12-16 02:13        1657856              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\bf67db30179ff6e8cb1bdbaa290d122e\PresentationUI.ni.dll

+ 2010-12-16 02:10 . 2010-12-16 02:10        1451008              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\835786d8a0caabae09ad440f6e3abfc6\PresentationBuildTasks.ni.dll

+ 2010-12-16 02:15 . 2010-12-16 02:15        1712128              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a27783547338dbebf84101a685ba641b\Microsoft.VisualBasic.ni.dll

+ 2010-12-16 02:15 . 2010-12-16 02:15        1093120              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\773d7bf69a9a0c0556aa41f53e75ab05\Microsoft.Transactions.Bridge.ni.dll

+ 2010-12-16 02:16 . 2010-12-16 02:16        2332160              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07efdb9da2a18e27585c604be\Microsoft.JScript.ni.dll

+ 2010-12-16 02:15 . 2010-12-16 02:15        1620992              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d0fb91b296616a1a844bf265947018ee\Microsoft.Build.Tasks.ni.dll

+ 2010-12-16 02:15 . 2010-12-16 02:15        1966080              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\892e993c8df1c75081113131dc429c15\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2010-12-16 02:15 . 2010-12-16 02:15        1888768              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d0beebd2c9045158cdcd4bd5987b717b\Microsoft.Build.Engine.ni.dll

+ 2010-12-16 02:12 . 2010-12-16 02:12        1249280              c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll

- 2010-11-06 21:18 . 2010-11-06 21:18        1249280              c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll

+ 2010-12-16 02:12 . 2010-12-16 02:12        3182592              c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2010-12-16 02:12 . 2010-12-16 02:12        2048000              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        2048000              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

- 2010-11-06 18:24 . 2010-11-06 18:24        1630208              c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll

+ 2010-11-11 21:35 . 2010-11-11 21:35        1630208              c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll

- 2010-11-06 18:24 . 2010-11-06 18:24        1138688              c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll

+ 2010-11-11 21:35 . 2010-11-11 21:35        1138688              c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        5025792              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2010-12-16 02:11 . 2010-12-16 02:11        5025792              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2010-12-16 02:12 . 2010-12-16 02:12        1277952              c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll

- 2010-11-06 21:19 . 2010-11-06 21:19        1277952              c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll

+ 2010-12-16 02:06 . 2010-12-16 02:06        5967872              c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll

+ 2010-12-16 02:11 . 2010-12-16 02:11        5062656              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        5062656              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

- 2010-11-06 18:25 . 2010-11-06 18:25        2879488              c:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll

+ 2010-11-11 21:36 . 2010-11-11 21:36        2879488              c:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll

- 2010-11-06 21:18 . 2010-11-06 21:18        5279744              c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll

+ 2010-12-16 02:12 . 2010-12-16 02:12        5279744              c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        5242880              c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2010-12-16 02:11 . 2010-12-16 02:11        5242880              c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

- 2010-11-06 21:24 . 2010-11-06 21:24        2933248              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2010-12-16 02:12 . 2010-12-16 02:12        2933248              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2010-12-16 02:12 . 2010-12-16 02:12        4210688              c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll

- 2010-11-06 21:18 . 2010-11-06 21:18        4210688              c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll

+ 2010-12-16 02:12 . 2010-12-16 02:12        4550656              c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2010-08-31 10:57 . 2010-12-16 02:00        37366216              c:\windows\system32\MRT.exe

+ 2008-12-13 09:21 . 2008-12-13 09:21        10473472              c:\windows\Installer\7b32f.msp

+ 2010-03-31 00:23 . 2010-03-31 00:23        15638528              c:\windows\Installer\106ca79.msp

+ 2010-05-19 12:08 . 2010-05-19 12:08        11408896              c:\windows\Installer\106ca51.msp

+ 2010-04-11 21:17 . 2010-04-11 21:17        14599680              c:\windows\Installer\106ca3b.msp

+ 2010-12-16 02:13 . 2010-12-16 02:13        12430848              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll

+ 2010-12-16 02:16 . 2010-12-16 02:16        11800576              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\41f436dae3c8146752d06130f7331527\System.Web.ni.dll

+ 2010-12-16 02:15 . 2010-12-16 02:15        17403904              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\75aeb590008d6e166f7be18f935c52d2\System.ServiceModel.ni.dll

+ 2010-12-16 02:13 . 2010-12-16 02:13        10683392              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\fdc42078fd10e4dc8b05087900c63977\System.Design.ni.dll

+ 2010-12-16 02:13 . 2010-12-16 02:13        14328320              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a632f3ef85ffd35341b383eed577cb93\PresentationFramework.ni.dll

+ 2010-12-16 02:13 . 2010-12-16 02:13        12215808              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f00db8db51f5707c7fe52c0683dc6136\PresentationCore.ni.dll

+ 2010-12-16 02:10 . 2010-12-16 02:10        11490816              c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll

.

-- Snapshot auf jetziges Datum zurückgesetzt --

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QIP2005"="c:\programme\jeak.de\QIP 2005\qip.exe" [2009-08-13 3276288]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2008-07-16 16806400]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]

"nwiz"="c:\programme\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]

"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-09-24 421160]

"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-20 22:07        932288        ----a-r-        c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-09-23 03:47        35760        ----a-w-        c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]

2009-01-08 13:44        70936        ----a-w-        c:\dokumente und einstellungen\Basti\Anwendungsdaten\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 10:17        421888        ----a-w-        c:\programme\QuickTime\QTTask.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Six Engine]

2008-07-23 15:04        5625344        ----a-w-        c:\programme\ASUS\EPU-4 Engine\FourEngine.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 09:43        248040        ----a-w-        c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2010-07-12 16:32        74752        ----a-w-        c:\programme\Winamp\winampa.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"VC10SecS"=2 (0x2)

"NAUpdate"=2 (0x2)

"PnkBstrA"=2 (0x2)

"pgsql-8.3"=2 (0x2)

"Bonjour Service"=2 (0x2)
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programme\\BitTorrent\\BitTorrent.exe"=

"c:\\Programme\\jeak.de\\QIP 2005\\qip.exe"=

"c:\\Programme\\World of Warcraft\\WoW-3.2.0.10192-to-3.3.0.10958-deDE-downloader.exe"=

"c:\\Programme\\World of Warcraft\\Launcher.exe"=

"c:\\Programme\\Bonjour\\mDNSResponder.exe"=

"c:\\Programme\\Codemasters\\F1 2010\\F1_2010_game.exe"=

"c:\\Programme\\2K Sports\\NBA 2K11\\nba2k11.exe"=

"c:\\Programme\\ICQ7.2\\ICQ.exe"=

"c:\\Programme\\ICQ7.2\\aolload.exe"=

"c:\\Programme\\iTunes\\iTunes.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"d:\\Steam\\steamapps\\itsab11\\counter-strike\\hl.exe"=

"d:\\Steam\\steamapps\\shd19911\\counter-strike source\\hl2.exe"=
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881
 

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [08.09.2010 13:33 691696]

R3 EuMusDesignVirtualAudioCableWdm_s2x;Sound2x Audio Cable (WDM);c:\windows\system32\drivers\vacs2xkd.sys [24.11.2010 16:05 42880]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [24.11.2010 16:05 16512]

S4 pgsql-8.3;PostgreSQL Database Server 8.3;c:\programme\PostgreSQL\8.3\bin\pg_ctl.exe runservice -w -N "pgsql-8.3" -D "c:\programme\PostgreSQL\8.3\data\" --> c:\programme\PostgreSQL\8.3\bin\pg_ctl.exe runservice -w -N pgsql-8.3 [?]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://start.icq.com/

uInternet Settings,ProxyOverride = local

IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\Basti\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm

FF - ProfilePath - c:\dokumente und einstellungen\Basti\Anwendungsdaten\Mozilla\Firefox\Profiles\q57fa5ta.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de

FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -
 

AddRemove-Octoshape add-in for Adobe Flash Player - c:\dokumente und einstellungen\Basti\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
 
 
 

**************************************************************************
 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2010-12-23 23:56

Windows 5.1.2600 Service Pack 3 NTFS
 

Scanne versteckte Prozesse... 
 

Scanne versteckte Autostarteinträge... 
 

Scanne versteckte Dateien... 
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0
 

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------
 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"
 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"
 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
 

- - - - - - - > 'explorer.exe'(868)

c:\windows\system32\msi.dll

.

Zeit der Fertigstellung: 2010-12-23  23:57:30

ComboFix-quarantined-files.txt  2010-12-23 22:57

ComboFix2.txt  2010-11-07 11:58
 

Vor Suchlauf: 14 Verzeichnis(se), 76.225.642.496 Bytes frei

Nach Suchlauf: 15 Verzeichnis(se), 76.301.049.856 Bytes frei
 

- - End Of File - - 0623670446661BDAA3940E5E7C39B240

--- --- ---

Zitat:

C:\Lineage-II-Freya.zip

Wasn das hier? :wtf:

www.lineage2.com

Ist der Client zu dem Rollenspiel Lineage2, ist auch von offizieller Quelle heruntergeladen. Dürfte also nichts komisches sein

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur eine Sekunde.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

ok das Problem besteht immer noch :/

Gmer Log
GMER Logfile:

Code:

GMER 1.0.15.15530 - hxxp://www.gmer.net

Rootkit scan 2010-12-25 17:19:25

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-10 WDC_WD5000AACS-00G8B1 rev.05.04C05

Running: 3yp3e5nf.exe; Driver: C:\DOKUME~1\Basti\LOKALE~1\Temp\kgtdapow.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT      spsk.sys                                                                                                            ZwCreateKey [0xF74E40E0]

SSDT      spsk.sys                                                                                                            ZwEnumerateKey [0xF74FCDA4]

SSDT      spsk.sys                                                                                                            ZwEnumerateValueKey [0xF74FD132]

SSDT      spsk.sys                                                                                                            ZwOpenKey [0xF74E40C0]

SSDT      spsk.sys                                                                                                            ZwQueryKey [0xF74FD20A]

SSDT      spsk.sys                                                                                                            ZwQueryValueKey [0xF74FD08A]

SSDT      spsk.sys                                                                                                            ZwSetValueKey [0xF74FD29C]
 

INT 0x63  ?                                                                                                                   8A386BF8

INT 0x63  ?                                                                                                                   8A386BF8

INT 0x63  ?                                                                                                                   8A386BF8

INT 0x63  ?                                                                                                                   8A386BF8

INT 0x63  ?                                                                                                                   8A096F00

INT 0x63  ?                                                                                                                   8A386BF8

INT 0x83  ?                                                                                                                   8A386BF8

INT 0x83  ?                                                                                                                   8A386BF8

INT 0x83  ?                                                                                                                   8A096F00

INT 0x83  ?                                                                                                                   8A386BF8

INT 0x84  ?                                                                                                                   8A096F00

INT 0xA4  ?                                                                                                                   8A096F00

INT 0xA4  ?                                                                                                                   8A096F00

INT 0xA4  ?                                                                                                                   8A096F00

INT 0xA4  ?                                                                                                                   8A096F00

INT 0xB4  ?                                                                                                                   8A096F00
 

Code      \??\C:\DOKUME~1\Basti\LOKALE~1\Temp\catchme.sys                                                                     pIofCallDriver
 

---- Kernel code sections - GMER 1.0.15 ----
 

?         spsk.sys                                                                                                            Das System kann die angegebene Datei nicht finden. !

.text     C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                            section is writeable [0xB6F263A0, 0x5CC259, 0xE8000020]

.text     USBPORT.SYS!DllUnload                                                                                               B6F068AC 5 Bytes  JMP 8A0964E0 

.text     adfymrpn.SYS                                                                                                        B6E6A386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]

.text     adfymrpn.SYS                                                                                                        B6E6A3AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]

.text     adfymrpn.SYS                                                                                                        B6E6A3C4 3 Bytes  [00, 80, 02]

.text     adfymrpn.SYS                                                                                                        B6E6A3C9 1 Byte  [30]

.text     adfymrpn.SYS                                                                                                        B6E6A3C9 11 Bytes  [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}

.text     ...                                                                                                                 

?         C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                                                          Das System kann die angegebene Datei nicht finden. !

?         C:\DOKUME~1\Basti\LOKALE~1\Temp\catchme.sys                                                                         Das System kann die angegebene Datei nicht finden. !
 

---- User code sections - GMER 1.0.15 ----
 

.text     C:\Programme\Mozilla Firefox\firefox.exe[1488] ntdll.dll!LdrLoadDll                                                 7C9263C3 5 Bytes  JMP 004013F0 C:\Programme\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

.text     C:\Programme\Mozilla Firefox\plugin-container.exe[3044] USER32.dll!TrackPopupMenu                                   7E3B531E 5 Bytes  JMP 10402342 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
 

---- Kernel IAT/EAT - GMER 1.0.15 ----
 

IAT       \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                  8A3882D8

IAT       pci.sys[ntoskrnl.exe!IoDetachDevice]                                                                                [F750FDDC] spsk.sys

IAT       pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack]                                                                   [F750FE30] spsk.sys

IAT       atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                  [F74E5042] spsk.sys

IAT       atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                          [F74E513E] spsk.sys

IAT       atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                 [F74E50C0] spsk.sys

IAT       atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                         [F74E5800] spsk.sys

IAT       atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                 [F74E56D6] spsk.sys

IAT       \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                8A0965E0

IAT       \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                  [F74F4B90] spsk.sys

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!RtlInitUnicodeString]                                        8800001C

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!swprintf]                                                    001CBA86

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!KeSetEvent]                                                  C61AEB00

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoCreateSymbolicLink]                                        001C8986

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoGetConfigurationInformation]                               86C61200

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoDeleteSymbolicLink]                                        00001C8B

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!MmFreeMappingAddress]                                        96868801

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoFreeErrorLogEntry]                                         8800001C

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoDisconnectInterrupt]                                       001CB286

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!MmUnmapIoSpace]                                              88968B00

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!ObReferenceObjectByPointer]                                  8900001C

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IofCompleteRequest]                                          001CA496

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!RtlCompareUnicodeString]                                     C6168B00

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IofCallDriver]                                               001CC186

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!MmAllocateMappingAddress]                                    428A0A00

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry]                                     C286880C

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoConnectInterrupt]                                          8B00001C

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoDetachDevice]                                              24A48DFA

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!KeWaitForSingleObject]                                       00000000

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!KeInitializeEvent]                                           4B8BDF8B

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!KeCancelTimer]                                               8D3F0304

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString]                                CB033043

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!RtlInitAnsiString]                                           0673C13B

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest]                               C13B0003

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoQueueWorkItem]                                             8366FA72

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!MmMapIoSpace]                                                75000E7B

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations]                                 0B7D80E3

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoReportDetectedDevice]                                      307B8D00

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoReportResourceForDetection]                                00AA840F

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize]                                 83660000

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!NlsMbCodePageTag]                                            6A000E7A

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!PoRequestPowerIrp]                                           C6647400

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue]                                    001CC386

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection]                            4F8B0200

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!sprintf]                                                     968D5140

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache]                                00001C98

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!ObfDereferenceObject]                                        22F6E852

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference]                                478B0000

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoInvalidateDeviceState]                                     50016A40

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!ZwClose]                                                     1CB48E8D

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!ObReferenceObjectByHandle]                                   E8510000

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!ZwCreateDirectoryObject]                                     000022E4

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest]                                6A18538B

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!PoStartNextPowerIrp]                                         868D5200

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoCreateDevice]                                              00001CA0

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!RtlCopyUnicodeString]                                        22D2E850

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension]                             4B8B0000

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!RtlQueryRegistryValues]                                      51016A18

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!ZwOpenKey]                                                   1CBC968D

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!RtlFreeUnicodeString]                                        E8520000

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoStartTimer]                                                000022C0

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!KeInitializeTimer]                                           8A05478A

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoInitializeTimer]                                           001CC38E

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!KeInitializeDpc]                                             30C48300

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!KeInitializeSpinLock]                                        1CC58688

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoInitializeIrp]                                             80E90000

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!ZwCreateKey]                                                 C6000000

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString]                              001CC386

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString]                                   438B0100

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!ZwSetValueKey]                                               8E8D5018

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!KeInsertQueueDpc]                                            00001C98

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel]                                2292E851

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoStartPacket]                                               538B0000

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel]                              52016A18

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest]                               1CB4868D

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoFreeMdl]                                                   E8500000

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!MmUnlockPages]                                               00002280

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoWriteErrorLogEntry]                                        8A05478A

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue]                                    001CC38E

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping]                         18C48300

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!MmUnmapReservedMapping]                                      1CC58688

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!KeSynchronizeExecution]                                      43EB0000

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoStartNextPacket]                                           320C538A

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!KeBugCheckEx]                                                88F93BC0

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!KeRemoveDeviceQueue]                                         001CC396

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!KeSetTimer]                                                  F6317300

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!_allmul]                                                     74070647

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!MmProbeAndLockPages]                                         75C0841A

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!_except_handler3]                                            05578A0B

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!PoSetPowerState]                                             968801B0

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey]                                     00001CC5

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!RtlWriteRegistryValue]                                       57B60F66

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!RtlDeleteRegistryValue]                                      533B6604

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!_aulldiv]                                                    03087408

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!strstr]                                                      72F93B3F

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!_strupr]                                                     8A09EBDA

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!KeQuerySystemTime]                                           86880547

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoWMIRegistrationControl]                                    00001CC5

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!KeTickCount]                                                 88084B8A

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack]                                 001CC68E

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoDeleteDevice]                                              40578B00

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!ExAllocatePoolWithTag]                                       8D52006A

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoAllocateWorkItem]                                          001CC886

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoAllocateIrp]                                               11E85000

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoAllocateMdl]                                               8B000022

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool]                                   001CC08E

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!MmLockPagableDataSection]                                    C4968B00

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoGetDriverObjectExtension]                                  8900001C

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!MmUnlockPagableImageSection]                                 001CCC8E

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!ExFreePoolWithTag]                                           D0968900

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoFreeIrp]                                                   8B00001C

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!IoFreeWorkItem]                                              016A4047

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!InitSafeBootMode]                                            D4C68150

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!RtlCompareMemory]                                            5600001C

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!PoCallDriver]                                                0021E7E8

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!memmove]                                                     18C48300

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[ntoskrnl.exe!MmHighestUserAddress]                                        5D5B5E5F

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[HAL.dll!KfAcquireSpinLock]                                                18C4830E

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[HAL.dll!READ_PORT_UCHAR]                                                  1C959E88

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[HAL.dll!KeGetCurrentIrql]                                                 9E880000

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[HAL.dll!KfRaiseIrql]                                                      00001CB1

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[HAL.dll!KfLowerIrql]                                                      0E798366

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[HAL.dll!HalGetInterruptVector]                                            74AAB000

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[HAL.dll!HalTranslateBusAddress]                                           8986C636

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[HAL.dll!KeStallExecutionProcessor]                                        1A00001C

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[HAL.dll!KfReleaseSpinLock]                                                1C8B86C6

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                          C6020000

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[HAL.dll!READ_PORT_USHORT]                                                 001C9686

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                         86C60200

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                 00001CB2

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[WMILIB.SYS!WmiSystemControl]                                              8800001C

IAT       \SystemRoot\System32\Drivers\adfymrpn.SYS[WMILIB.SYS!WmiCompleteRequest]                                            001CB99E
 

---- Devices - GMER 1.0.15 ----
 

Device    \FileSystem\Ntfs \Ntfs                                                                                              8A3851F8

Device    \Driver\usbuhci \Device\USBPDO-0                                                                                    8A14F500

Device    \Driver\usbuhci \Device\USBPDO-1                                                                                    8A14F500

Device    \Driver\usbuhci \Device\USBPDO-2                                                                                    8A14F500

Device    \Driver\usbehci \Device\USBPDO-3                                                                                    8A14E500

Device    \Driver\usbuhci \Device\USBPDO-4                                                                                    8A14F500

Device    \Driver\sptd \Device\1481022098                                                                                     spsk.sys

Device    \Driver\usbuhci \Device\USBPDO-5                                                                                    8A14F500

Device    \Driver\usbuhci \Device\USBPDO-6                                                                                    8A14F500

Device    \Driver\Ftdisk \Device\HarddiskVolume1                                                                              8A3141F8

Device    \Driver\usbehci \Device\USBPDO-7                                                                                    8A14E500

Device    \Driver\Ftdisk \Device\HarddiskVolume2                                                                              8A3141F8

Device    \Driver\Cdrom \Device\CdRom0                                                                                        8A0911F8

Device    \Driver\atapi \Device\Ide\IdePort0                                                                                  [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device    \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                         [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device    \Driver\atapi \Device\Ide\IdePort1                                                                                  [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device    \Driver\atapi \Device\Ide\IdePort2                                                                                  [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device    \Driver\atapi \Device\Ide\IdePort3                                                                                  [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device    \Driver\atapi \Device\Ide\IdePort4                                                                                  [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device    \Driver\atapi \Device\Ide\IdePort5                                                                                  [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device    \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-10                                                                        [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device    \Driver\Cdrom \Device\CdRom1                                                                                        8A0911F8

Device    \Driver\usbstor \Device\00000081                                                                                    896F51F8

Device    \Driver\usbstor \Device\00000082                                                                                    896F51F8

Device    \Driver\usbstor \Device\00000083                                                                                    896F51F8

Device    \Driver\NetBT \Device\NetBt_Wins_Export                                                                             8978A1F8

Device    \Driver\PCI_PNP8348 \Device\0000004a                                                                                spsk.sys

Device    \Driver\PCI_PNP8348 \Device\0000004a                                                                                spsk.sys

Device    \Driver\usbstor \Device\00000084                                                                                    896F51F8

Device    \Driver\NetBT \Device\NetbiosSmb                                                                                    8978A1F8

Device    \Driver\usbuhci \Device\USBFDO-0                                                                                    8A14F500

Device    \Driver\usbuhci \Device\USBFDO-1                                                                                    8A14F500

Device    \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                   896FA1F8

Device    \Driver\usbuhci \Device\USBFDO-2                                                                                    8A14F500

Device    \FileSystem\MRxSmb \Device\LanmanRedirector                                                                         896FA1F8

Device    \Driver\usbehci \Device\USBFDO-3                                                                                    8A14E500

Device    \Driver\usbuhci \Device\USBFDO-4                                                                                    8A14F500

Device    \Driver\Ftdisk \Device\FtControl                                                                                    8A3141F8

Device    \Driver\usbstor \Device\0000007e                                                                                    896F51F8

Device    \Driver\usbuhci \Device\USBFDO-5                                                                                    8A14F500

Device    \Driver\usbuhci \Device\USBFDO-6                                                                                    8A14F500

Device    \Driver\usbehci \Device\USBFDO-7                                                                                    8A14E500

Device    \Driver\adfymrpn \Device\Scsi\adfymrpn1Port6Path0Target0Lun0                                                        8A0D91F8

Device    \Driver\adfymrpn \Device\Scsi\adfymrpn1                                                                             8A0D91F8

Device    \FileSystem\Cdfs \Cdfs                                                                                              89D6E500
 

---- Registry - GMER 1.0.15 ----
 

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  1

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x12 0xA1 0x52 0xB3 ...

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Programme\DAEMON Tools Lite\

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x74 0x9A 0x9F 0xDA ...

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xCC 0x71 0x59 0x67 ...

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x12 0xA1 0x52 0xB3 ...

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Programme\DAEMON Tools Lite\

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x74 0x9A 0x9F 0xDA ...

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xCC 0x71 0x59 0x67 ...
 

---- EOF - GMER 1.0.15 ----

--- --- ---

Osam

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 17:22:04 on 25.12.2010
 

OS: Windows XP Home Edition Service Pack 3 (Build 2600)

Default Browser: Mozilla Corporation Firefox 3.6.13
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"adfymrpn" (adfymrpn) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\adfymrpn.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"aducirw" (aducirw) - ? - C:\WINDOWS\system32\aducirw.sys  (File not found)

"Advanced SCSI Programming Interface Driver" (ASPI) - "Adaptec" - C:\WINDOWS\System32\DRIVERS\ASPI32.sys

"ajub" (ajub) - ? - C:\WINDOWS\system32\ajub.sys  (File not found)

"AsIO" (AsIO) - ? - C:\WINDOWS\System32\drivers\AsIO.sys  (File found, but it contains no detailed information)

"catchme" (catchme) - ? - C:\DOKUME~1\Basti\LOKALE~1\Temp\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"dpcisekt" (dpcisekt) - ? - C:\WINDOWS\system32\dpcisekt.sys  (File not found)

"ehwgmxco" (ehwgmxco) - ? - C:\WINDOWS\system32\ehwgmxco.sys  (File not found)

"gpxiz" (gpxiz) - ? - C:\WINDOWS\system32\gpxiz.sys  (File not found)

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"kgtdapow" (kgtdapow) - ? - C:\DOKUME~1\Basti\LOKALE~1\Temp\kgtdapow.sys  (Hidden registry entry, rootkit activity | File not found)

"kpclsep" (kpclsep) - ? - C:\WINDOWS\system32\kpclsep.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"mbr" (mbr) - ? - C:\Cofi\mbr.sys  (Hidden registry entry, rootkit activity | File not found)

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys

"RivaTuner32" (RivaTuner32) - ? - C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys  (File found, but it contains no detailed information)

"sekw" (sekw) - ? - C:\WINDOWS\system32\sekw.sys  (File not found)

"Sound2x Audio Cable (WDM)" (EuMusDesignVirtualAudioCableWdm_s2x) - "Eugene V. Muzychenko" - C:\WINDOWS\System32\DRIVERS\vacs2xkd.sys

"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)

"tdmseow" (tdmseow) - ? - C:\WINDOWS\system32\tdmseow.sys  (File not found)

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

"wktxlze" (wktxlze) - ? - C:\WINDOWS\system32\wktxlze.sys  (File not found)

"xfow" (xfow) - ? - C:\WINDOWS\system32\xfow.sys  (File not found)
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll

{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll

{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10k.ocx / hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"ICQ7.2" - "ICQ, LLC." - C:\Programme\ICQ7.2\ICQ.exe

"PokerStars" - "PokerStars" - C:\Programme\PokerStars\PokerStarsUpdate.exe

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\Basti\Startmenü\Programme\Autostart\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"QIP2005" - "The Author of QIP" - C:\Programme\jeak.de\QIP 2005\qip.exe

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"

"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

"nwiz" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nwiz.exe /installquiet
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----

{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/QUOTE]

MBR

Zitat:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 117):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80700000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF74E3000 spsk.sys
0xF7989000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xF74CB000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF749C000 ACPI.sys
0xF748B000 pci.sys
0xF75F7000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7607000 MountMgr.sys
0xF7868000 ftdisk.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF7850000 atapi.sys
0xF7627000 disk.sys
0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7830000 fltMgr.sys
0xF7975000 sr.sys
0xF7647000 PxHelp20.sys
0xF795E000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF7A22000 NDIS.sys
0xF7B38000 Mup.sys
0xB8199000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB6F26000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB6F12000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7807000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB6EEE000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF780F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB6EC6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8189000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB8179000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8169000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB6EA3000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7817000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF79B1000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0xB8149000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF781F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB8139000 \SystemRoot\system32\DRIVERS\serial.sys
0xB87CE000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB6E6A000 \SystemRoot\System32\Drivers\adfymrpn.SYS
0xB8129000 \SystemRoot\system32\DRIVERS\vacs2xkd.sys
0xB6E46000 \SystemRoot\system32\DRIVERS\portcls.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\drmk.sys
0xF7AB0000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB87BE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB6E2F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB7937000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB6E1E000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB792F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF777F000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF747B000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7787000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF79B7000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB6DC0000 \SystemRoot\system32\DRIVERS\update.sys
0xB87B2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF746B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF744B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79BB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB3ADE000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB87C2000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF743B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF77A7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF79C5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB86FC000 \SystemRoot\System32\Drivers\Null.SYS
0xF79C7000 \SystemRoot\System32\Drivers\Beep.SYS
0xF77BF000 \SystemRoot\System32\drivers\vga.sys
0xF79C9000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79CB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF77C7000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77CF000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB6D9D000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB3953000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB38FA000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB38D4000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB38AC000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF742B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB388A000 \SystemRoot\System32\drivers\afd.sys
0xF741B000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB385F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB37EF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF740B000 \SystemRoot\System32\Drivers\Fips.SYS
0xF77DF000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF77E7000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF79D3000 \SystemRoot\system32\drivers\AsIO.sys
0xB3FA3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB3F9F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB8766000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB375F000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79DD000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB3ADA000 \SystemRoot\System32\drivers\Dxapi.sys
0xF77EF000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB7F72000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB2AF9000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB27B8000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB2710000 \SystemRoot\system32\DRIVERS\srv.sys
0xB24A3000 \SystemRoot\system32\drivers\wdmaud.sys
0xB2678000 \SystemRoot\system32\drivers\sysaudio.sys
0xB23B5000 \SystemRoot\system32\drivers\kmixer.sys
0xB20EE000 \SystemRoot\System32\Drivers\HTTP.sys
0xF79CF000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xF772F000 \??\C:\DOKUME~1\Basti\LOKALE~1\Temp\catchme.sys
0x8AEFA000 \??\C:\DOKUME~1\Basti\LOKALE~1\Temp\kgtdapow.sys
0xB1FE4000 \SystemRoot\system32\DRIVERS\l1e51x86.sys
0x7C910000 \WINDOWS\system32\ntdll.dll
0x10000000 \Programme\DAEMON Tools Lite\Engine.dll

Processes (total 31):
0 System Idle Process
4 System
644 C:\WINDOWS\system32\smss.exe
692 csrss.exe
716 C:\WINDOWS\system32\winlogon.exe
760 C:\WINDOWS\system32\services.exe
772 C:\WINDOWS\system32\lsass.exe
944 C:\WINDOWS\system32\nvsvc32.exe
976 C:\WINDOWS\system32\svchost.exe
1040 svchost.exe
1136 C:\WINDOWS\system32\svchost.exe
1264 svchost.exe
1336 svchost.exe
1480 C:\WINDOWS\system32\spoolsv.exe
1612 svchost.exe
1640 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1688 C:\Programme\Java\jre6\bin\jqs.exe
1896 wdfmgr.exe
528 alg.exe

Zitat:

"aducirw" (aducirw) - ? - C:\WINDOWS\system32\aducirw.sys (File not found)
"ajub" (ajub) - ? - C:\WINDOWS\system32\ajub.sys (File not found)
"dpcisekt" (dpcisekt) - ? - C:\WINDOWS\system32\dpcisekt.sys (File not found)
"ehwgmxco" (ehwgmxco) - ? - C:\WINDOWS\system32\ehwgmxco.sys (File not found)
"gpxiz" (gpxiz) - ? - C:\WINDOWS\system32\gpxiz.sys (File not found)
"kpclsep" (kpclsep) - ? - C:\WINDOWS\system32\kpclsep.sys (File not found)
"sekw" (sekw) - ? - C:\WINDOWS\system32\sekw.sys (File not found)
"tdmseow" (tdmseow) - ? - C:\WINDOWS\system32\tdmseow.sys (File not found)
"wktxlze" (wktxlze) - ? - C:\WINDOWS\system32\wktxlze.sys (File not found)
"xfow" (xfow) - ? - C:\WINDOWS\system32\xfow.sys (File not found)

Diese Einträge mit OSAM deaktivieren und löschen, siehe Anleitung zu OSAM. Danach ein neues Log posten.
Das Log von mbrcheck musst du auch nochmal vollständig posten.

delete success

Zitat:

(Success) HKLM\SYSTEM\CurrentControlSet\Services\dpcisekt dpcisekt C:\WINDOWS\system32\dpcisekt.sys
(Success) HKLM\SYSTEM\CurrentControlSet\Services\xfow xfow C:\WINDOWS\system32\xfow.sys
(Success) HKLM\SYSTEM\CurrentControlSet\Services\sekw sekw C:\WINDOWS\system32\sekw.sys
(Success) HKLM\SYSTEM\CurrentControlSet\Services\aducirw aducirw C:\WINDOWS\system32\aducirw.sys
(Success) HKLM\SYSTEM\CurrentControlSet\Services\ajub ajub C:\WINDOWS\system32\ajub.sys
(Success) HKLM\SYSTEM\CurrentControlSet\Services\tdmseow tdmseow C:\WINDOWS\system32\tdmseow.sys
(Success) HKLM\SYSTEM\CurrentControlSet\Services\ehwgmxco ehwgmxco C:\WINDOWS\system32\ehwgmxco.sys
(Success) HKLM\SYSTEM\CurrentControlSet\Services\gpxiz gpxiz C:\WINDOWS\system32\gpxiz.sys
(Success) HKLM\SYSTEM\CurrentControlSet\Services\kpclsep kpclsep C:\WINDOWS\system32\kpclsep.sys
(Success) HKLM\SYSTEM\CurrentControlSet\Services\wktxlze wktxlze C:\WINDOWS\system32\wktxlze.sys

Osam

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 17:44:18 on 25.12.2010
 

OS: Windows XP Home Edition Service Pack 3 (Build 2600)

Default Browser: Mozilla Corporation Firefox 3.6.13
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"a9kkd0jd" (a9kkd0jd) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\a9kkd0jd.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"Advanced SCSI Programming Interface Driver" (ASPI) - "Adaptec" - C:\WINDOWS\System32\DRIVERS\ASPI32.sys

"AsIO" (AsIO) - ? - C:\WINDOWS\System32\drivers\AsIO.sys  (File found, but it contains no detailed information)

"catchme" (catchme) - ? - C:\DOKUME~1\Basti\LOKALE~1\Temp\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys

"RivaTuner32" (RivaTuner32) - ? - C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys  (File found, but it contains no detailed information)

"Sound2x Audio Cable (WDM)" (EuMusDesignVirtualAudioCableWdm_s2x) - "Eugene V. Muzychenko" - C:\WINDOWS\System32\DRIVERS\vacs2xkd.sys

"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll

{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll

{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10k.ocx / hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"ICQ7.2" - "ICQ, LLC." - C:\Programme\ICQ7.2\ICQ.exe

"PokerStars" - "PokerStars" - C:\Programme\PokerStars\PokerStarsUpdate.exe

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\Basti\Startmenü\Programme\Autostart\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"QIP2005" - "The Author of QIP" - C:\Programme\jeak.de\QIP 2005\qip.exe

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"

"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

"nwiz" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nwiz.exe /installquiet
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----

{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/QUOTE]

MBR

Zitat:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 114):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80700000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF74E3000 spfy.sys
0xF7989000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xF74CB000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF749C000 ACPI.sys
0xF748B000 pci.sys
0xF75F7000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7607000 MountMgr.sys
0xF7868000 ftdisk.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF7850000 atapi.sys
0xF7627000 disk.sys
0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7830000 fltMgr.sys
0xF7975000 sr.sys
0xF7647000 PxHelp20.sys
0xF795E000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF7A22000 NDIS.sys
0xF7B38000 Mup.sys
0xB8776000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB6E8C000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB6E78000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF77F7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB6E54000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77FF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB6E2C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8766000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB8756000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8746000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB6E09000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7807000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB8736000 \SystemRoot\system32\DRIVERS\l1e51x86.sys
0xF79AB000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0xB8726000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF780F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB8716000 \SystemRoot\system32\DRIVERS\serial.sys
0xB87D2000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB6DD0000 \SystemRoot\System32\Drivers\a9kkd0jd.SYS
0xB8706000 \SystemRoot\system32\DRIVERS\vacs2xkd.sys
0xB6D95000 \SystemRoot\system32\DRIVERS\portcls.sys
0xF7697000 \SystemRoot\system32\DRIVERS\drmk.sys
0xB8701000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB87C2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB6D7E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB8193000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB6D6D000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB818B000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF776F000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7777000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF79B1000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB5B7B000 \SystemRoot\system32\DRIVERS\update.sys
0xB87B6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF747B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF745B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79B5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB357A000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xF79B9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7A7E000 \SystemRoot\System32\Drivers\Null.SYS
0xF79BB000 \SystemRoot\System32\Drivers\Beep.SYS
0xF779F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF77A7000 \SystemRoot\System32\drivers\vga.sys
0xF79BD000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79BF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF77AF000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77B7000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB5B73000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB34DF000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB3486000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB3436000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB3410000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF744B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB334E000 \SystemRoot\System32\drivers\afd.sys
0xB784A000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB3323000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB32B3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB783A000 \SystemRoot\System32\Drivers\Fips.SYS
0xF79C1000 \SystemRoot\system32\drivers\AsIO.sys
0xB3A4B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB780A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB77FA000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF77BF000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF77CF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB3A3F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB3A3B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB3223000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79C7000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB3576000 \SystemRoot\System32\drivers\Dxapi.sys
0xF77DF000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB807A000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB25C5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB2294000 \SystemRoot\system32\drivers\wdmaud.sys
0xB3380000 \SystemRoot\system32\drivers\sysaudio.sys
0xB2246000 \SystemRoot\system32\drivers\kmixer.sys
0xB1FBF000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB1EEF000 \SystemRoot\system32\DRIVERS\srv.sys
0xB1B3E000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C910000 \WINDOWS\system32\ntdll.dll
0x10000000 \Programme\DAEMON Tools Lite\Engine.dll

Processes (total 32):
0 System Idle Process
4 System
644 C:\WINDOWS\system32\smss.exe
692 csrss.exe
716 C:\WINDOWS\system32\winlogon.exe
760 C:\WINDOWS\system32\services.exe
772 C:\WINDOWS\system32\lsass.exe
944 C:\WINDOWS\system32\nvsvc32.exe
976 C:\WINDOWS\system32\svchost.exe
1044 svchost.exe
1140 C:\WINDOWS\system32\svchost.exe
1264 svchost.exe
1336 svchost.exe
1484 C:\WINDOWS\system32\spoolsv.exe
1760 C:\WINDOWS\explorer.exe
1884 C:\WINDOWS\RTHDCPL.exe
1900 C:\WINDOWS\system32\rundll32.exe
1924 C:\Programme\iTunes\iTunesHelper.exe
1936 C:\Programme\Adobe\Reader 9.0\Reader\reader_sl.exe
1944 C:\Programme\jeak.de\QIP 2005\qip.exe
2020 svchost.exe
148 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
192 C:\Programme\Java\jre6\bin\jqs.exe
532 wdfmgr.exe
1320 C:\WINDOWS\system32\wuauclt.exe
2084 C:\Programme\iPod\bin\iPodService.exe
2096 C:\WINDOWS\system32\wscntfy.exe
2116 alg.exe
3152 C:\Programme\Mozilla Firefox\firefox.exe
3372 C:\Programme\Mozilla Firefox\plugin-container.exe
3496 C:\WINDOWS\system32\notepad.exe
3528 C:\Dokumente und Einstellungen\Basti\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000055`f8f93600 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AACS-00G8B1, Rev: 05.04C05

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11

Done!

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

bei beiden Durchläufen keine Funde :/

was mir aufgefallen ist, ist dass das Internet sich vor allem trennt wenn mehrere PCs im Haushalt gleichzeitig im Internet was machen, also dass evtl. der Router damit überlastet wird und sich deshalb trennt. Kann das sein? und wenn ja kann man irgendwie die Auslastung für den Router drosseln?

Poste bitte trotzdem die Logs.

Zitat:

also dass evtl. der Router damit überlastet wird und sich deshalb trennt. Kann das sein? und wenn ja kann man irgendwie die Auslastung für den Router drosseln?

Was für ein Router genau hast du da?
Firmwarestand?
Das Teil mal für 10 Minuten stromlos gemacht und wieder angestellt?
Nicht relevant für die Internetverbindung aber trotzdem wichtig: Standardpasswort für die browserbasierte Administration des Routers ändern, falls WLAN im Spiel ist, diese sollte nur mit WPA/WPA2 und langem Schlüsselt verschlüsselt sein!