Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

windefence32?! hijacked browser...need help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

windefence32?! hijacked browser...need help

Unread postby 0v3rK!LL » November 4th, 2009, 4:30 pm

hi there,

I know there's something wrong with at least the entry of "windefence32"...I googled and couldn't find anything helpful for this. My browser is kind of hijacked...there are many popups and windows which are opened itselves...what's the name of this malware, what does it do and how to remove it completely? does it also steal passwords and stuff???

kind regards


here my log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:51:51, on 04.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Programme\Sandboxie\SbieSvc.exe
C:\Programme\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programme\Sandboxie\SbieCtrl.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
C:\Programme\MirandaFusion\miranda32.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SandboxieControl] "C:\Programme\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [WinDefence32] C:\WINDOWS\system32\WinDefence\windefence32.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKLM\..\Policies\Explorer\Run: [WinDefence] C:\WINDOWS\system32\WinDefence\windefence32.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinDefence] C:\WINDOWS\system32\WinDefence\windefence32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7285374116
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Programme\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Programme\Sandboxie\SbieSvc.exe

--
End of file - 5128 bytes
0v3rK!LL
Regular Member
 
Posts: 17
Joined: November 4th, 2009, 3:10 pm
Advertisement
Register to Remove

Re: windefence32?! hijacked browser...need help

Unread postby Dakeyras » November 7th, 2009, 9:50 am

Hi,

I have bad news I'm afraid :(

One or more of the identified infections is a Backdoor Trojan.

OK since we are dealing with the aforementioned infection(s) I would be providing your good self with a disservice if I did not make you aware of the ramifications below:

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Although an attempt could be made to clean this machine, it could never be considered to be truly clean, secure, or trustworthy. We could not say definitively that unknown and unseen malware will have been removed, nor will your system be restored to its pre-infection state. We cannot remedy unknown changes the malware may likely have made in order to allow itself access, nor can we repair the damage it may possibly have caused to vital system files. Additionally, it is quite possible that changes made to the system by the malware may impact negatively on your computer during the removal process. In short, your system may never regain its former stability or its full functionality without a reformat. Therefore, your best and safest course of action is a reformat and reinstallation of the Windows operating system, and that is the course we strongly recommend.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

I can attempt to clean this machine but I can't guarantee that it will be at all secure afterwords.

Should you have any questions, please feel free to ask.

Please let myself know what you have decided to do in your next post.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: windefence32?! hijacked browser...need help

Unread postby 0v3rK!LL » November 7th, 2009, 10:21 am

hi,

thank you very much for your answer! Could be that the system is now clean again. This windefence32.exe was deleted by the norton inet.sec. 2010 but there was still a browsing hijacking-problem. I let several anti-spyware and antivirus programs run and also some additional onlinescanners. They haven't really found anything. Then i found somewhere a program called combofix. This solved the browser hijacking. It removed an atapi.sys in the windows/system32/drivers folder. From then on I haven't had any browsing problems...I now have GDATA Antivirus 2010 and Norton Antibot installed...I hope I'm safe now. Is there anything else I you would recommend me?
0v3rK!LL
Regular Member
 
Posts: 17
Joined: November 4th, 2009, 3:10 pm

Re: windefence32?! hijacked browser...need help

Unread postby Dakeyras » November 7th, 2009, 12:46 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.
Hi 0v3rK!LL and welcome to Malware Removal :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!.
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

thank you very much for your answer!
You're welcome!

Some friendly advice, ComboFix is a very powerful application and best not to be used without trained supervision.

Saying that by all means I will check your computer for you.

I would like to view the log created after the ComboFix run. It can be located here:-

C:\ComboFix.txt

Scan with RSIT:

  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
Make sure that RSIT.exe is on the your Desktop before running the application!
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.

Note: Both logs can also be located within this folder rsit at the root of your installed Hard-Drive. EG: C:\rsit

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • ComboFix Log.
  • Both RSIT logs. <-- Post them individually please, IE: one Log per post/reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

info.txt

Unread postby 0v3rK!LL » November 7th, 2009, 5:32 pm

info.txt logfile of random's system information tool 1.06 2009-11-07 21:31:39

======Uninstall list======

-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee Pro 3-->MsiExec.exe /I{1B280FAF-AE10-4E31-A41A-DB3917D651DC}
Acronis True Image Home-->MsiExec.exe /X{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}
Ad-Aware-->"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A92000000001}
Alt.Binz 0.25.0-->C:\Programme\AltBinz\uninst.exe
Atheros for Acer Driver 5.3.0.67_Foxconn Installation Program-->C:\Programme\InstallShield Installation Information\{F70D5D8C-C1AF-40B3-9E47-3BB5F19EEA3A}\setup.exe -runfromtemp -l0x0009 -removeonly
Auslogics Disk Defrag-->"C:\Programme\Auslogics\Auslogics Disk Defrag\unins000.exe"
Camtasia Studio 6-->MsiExec.exe /I{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}
DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Programme\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
G Data AntiVirus-->MsiExec.exe /I{0FDB2D25-D880-4E10-868F-8C64EFE155F1}
HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Minilyrics(remove only)-->"C:\Programme\Minilyrics\uninst-ml.exe"
Miranda Fusion 2.0.11-->"C:\Programme\MirandaFusion\uninstall.exe"
Mozilla Firefox (3.5.5)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.23)-->C:\Programme\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Norton AntiBot-->MsiExec.exe /X{F75C5363-5988-4230-9D5A-567CEAE5D07F}
Panda ActiveScan 2.0-->C:\Programme\Panda Security\ActiveScan 2.0\as2uninst.exe
PartyPoker-->"D:\PartyPoker\PartyPoker\Uninstall.exe" "D:\PartyPoker\PartyPoker\install.log"
PokerStrategy Elephant-->MsiExec.exe /I{D7DCC734-7F6F-4E82-9B74-0BAB4BB36C4A}
PostgreSQL 8.4-->D:\PostgreSQL\8.4\uninstall-postgresql.exe
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7 -removeonly
Sandboxie 3.40-->"C:\WINDOWS\Installer\SandboxieInstall.exe" /remove
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Programme\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TuneUp Utilities-->C:\Programme\TuneUp Utilities 2010\TUInstallHelper.exe --Trigger-Uninstall
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update für Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VLC media player 1.0.3-->C:\Programme\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Programme\Winamp\UninstWA.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Programme\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
xp-AntiSpy 3.97-4-->C:\Programme\xp-AntiSpy\Uninstall.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: G Data AntiVirus 2010 (disabled)

======System event log======

Computer Name: CHANGEME
Event Code: 4377
Message: Windows XP, Hotfix KB898461 wurde installiert.

Record Number: 5
Source Name: NtServicePack
Time Written: 20091103172623.000000+000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: CHANGEME
Event Code: 15007
Message: Die von URL-Präfix "http://*:2869/" identifizierte Namespacereservierung wurde erfolgreich hinzugefügt.

Record Number: 4
Source Name: HTTP
Time Written: 20091103172454.000000+000
Event Type: Informationen
User:

Computer Name: CHANGEME
Event Code: 6011
Message: Der NetBIOS-Name und DNS-Hostname dieses Computers wurden von MACHINENAME in CHANGEME geändert.

Record Number: 3
Source Name: EventLog
Time Written: 20091103172016.000000+000
Event Type: Informationen
User:

Computer Name: MACHINENAME
Event Code: 6005
Message: Der Ereignisprotokolldienst wurde gestartet.

Record Number: 2
Source Name: EventLog
Time Written: 20091103171608.000000+000
Event Type: Informationen
User:

Computer Name: MACHINENAME
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20091103171608.000000+000
Event Type: Informationen
User:

=====Application event log=====

Computer Name: CHANGEME
Event Code: 1000
Message: Die Leistungsindikatoren für den Dienst MSDTC (MSDTC) wurden geladen.
Die Daten enthalten die dem Dienst zugeordneten neuen Indexwerte.

Record Number: 5
Source Name: LoadPerf
Time Written: 20091103172219.000000+000
Event Type: Informationen
User:

Computer Name: CHANGEME
Event Code: 1000
Message: Die Leistungsindikatoren für den Dienst TermService (Terminaldienste) wurden geladen.
Die Daten enthalten die dem Dienst zugeordneten neuen Indexwerte.

Record Number: 4
Source Name: LoadPerf
Time Written: 20091103172216.000000+000
Event Type: Informationen
User:

Computer Name: CHANGEME
Event Code: 1000
Message: Die Leistungsindikatoren für den Dienst RemoteAccess (Routing und RAS) wurden geladen.
Die Daten enthalten die dem Dienst zugeordneten neuen Indexwerte.

Record Number: 3
Source Name: LoadPerf
Time Written: 20091103172059.000000+000
Event Type: Informationen
User:

Computer Name: CHANGEME
Event Code: 1000
Message: Die Leistungsindikatoren für den Dienst PSched (PSched) wurden geladen.
Die Daten enthalten die dem Dienst zugeordneten neuen Indexwerte.

Record Number: 2
Source Name: LoadPerf
Time Written: 20091103172039.000000+000
Event Type: Informationen
User:

Computer Name: CHANGEME
Event Code: 1000
Message: Die Leistungsindikatoren für den Dienst RSVP (QoS-RSVP) wurden geladen.
Die Daten enthalten die dem Dienst zugeordneten neuen Indexwerte.

Record Number: 1
Source Name: LoadPerf
Time Written: 20091103172025.000000+000
Event Type: Informationen
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\WINDOWS\system32\WindowsPowerShell\v1.0;C:\Programme\Gemeinsame Dateien\DivX Shared\;C:\Programme\Gemeinsame Dateien\Acronis\SnapAPI\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
0v3rK!LL
Regular Member
 
Posts: 17
Joined: November 4th, 2009, 3:10 pm

log.txt

Unread postby 0v3rK!LL » November 7th, 2009, 5:33 pm

Logfile of random's system information tool 1.06 (written by random/random)
Run by FLO at 2009-11-07 21:30:59
Microsoft Windows XP Professional Service Pack 3
System drive C: has 24 GB (77%) free of 31 GB
Total RAM: 2038 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:31:36, on 07.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\G Data\AntiVirus\AVKTray\AVKTray.exe
C:\Programme\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe
C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
C:\Programme\Sandboxie\SbieCtrl.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Symantec\Norton AntiBot\agent\bin\NABMonitor.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe
C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
C:\Programme\G Data\AntiVirus\AVK\AVKService.exe
C:\Programme\G Data\AntiVirus\AVK\AVKWCtl.exe
C:\Programme\MirandaFusion\miranda32.exe
C:\Programme\Sandboxie\SbieSvc.exe
C:\Programme\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
C:\Programme\Gemeinsame Dateien\G DATA\GDScan\GDScan.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\AltBinz\altbinz.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programme\Winamp\winamp.exe
C:\Programme\Mozilla Thunderbird\thunderbird.exe
C:\Dokumente und Einstellungen\FLO\Desktop\RSIT.exe
C:\Programme\trend micro\FLO.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\AntiVirus\Webfilter\AVKWebIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\AntiVirus\Webfilter\AVKWebIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Programme\G Data\AntiVirus\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [NortonAntiBot] "C:\Programme\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [SandboxieControl] "C:\Programme\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-21-1220945662-1580436667-1177238915-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7285374116
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Programme\G Data\AntiVirus\AVK\AVKService.exe
O23 - Service: G Data Dateisystem Wächter (AVKWCtl) - G Data Software AG - C:\Programme\G Data\AntiVirus\AVK\AVKWCtl.exe
O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Programme\Gemeinsame Dateien\G DATA\GDScan\GDScan.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - D:/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Programme\Sandboxie\SbieSvc.exe
O23 - Service: SymantecAntiBotAgent - Symantec - C:\Programme\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
O23 - Service: SymantecAntiBotWatcher - Symantec - C:\Programme\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe

--
End of file - 6032 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Automatische Problemsuche.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}]
G Data WebFilter - C:\Programme\G Data\AntiVirus\Webfilter\AVKWebIE.dll [2009-09-18 594504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0124123D-61B4-456f-AF86-78C53A0790C5} - G Data WebFilter - C:\Programme\G Data\AntiVirus\Webfilter\AVKWebIE.dll [2009-09-18 594504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-11-03 16342528]
"SynTPStart"=C:\Programme\Synaptics\SynTP\SynTPStart.exe [2009-11-03 102400]
"G DATA AntiVirus Trayapplication"=C:\Programme\G Data\AntiVirus\AVKTray\AVKTray.exe [2009-09-18 924232]
"NortonAntiBot"=C:\Programme\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe [2008-09-08 1378840]
"TrueImageMonitor.exe"=C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe [2009-09-12 5082488]
"Acronis Scheduler2 Service"=C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe [2009-09-12 357800]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"=C:\Programme\Sandboxie\SbieCtrl.exe [2009-09-30 387584]
"Skype"=C:\Programme\Skype\Phone\Skype.exe [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2009-11-03 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoRecentDocsNetHood"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Skype\Plugin Manager\skypePM.exe"="C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-11-07 21:30:59 ----D---- C:\rsit
2009-11-07 19:54:52 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-11-07 15:38:54 ----D---- C:\Programme\Zone Labs
2009-11-07 15:37:54 ----D---- C:\WINDOWS\Internet Logs
2009-11-07 14:58:11 ----D---- C:\WINDOWS\LastGood
2009-11-07 13:32:48 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
2009-11-07 13:23:16 ----D---- C:\Programme\PokerStrategy
2009-11-07 13:15:46 ----D---- C:\Programme\Gemeinsame Dateien\Acronis
2009-11-07 13:15:45 ----D---- C:\Programme\Acronis
2009-11-07 12:21:08 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\Talkback
2009-11-07 12:20:58 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\Thunderbird
2009-11-07 02:08:09 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2009-11-07 02:08:09 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2009-11-07 02:07:47 ----D---- C:\Programme\Gemeinsame Dateien\DivX Shared
2009-11-07 02:07:47 ----D---- C:\Programme\DivX
2009-11-07 01:10:33 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\Symantec
2009-11-07 01:06:03 ----D---- C:\Programme\Symantec
2009-11-07 00:48:38 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations
2009-11-06 20:30:29 ----A---- C:\WINDOWS\system32\tsccvid.dll
2009-11-06 20:30:27 ----D---- C:\WINDOWS\system32\QuickTime
2009-11-06 20:30:07 ----D---- C:\Programme\Gemeinsame Dateien\TechSmith Shared
2009-11-06 20:30:04 ----D---- C:\Programme\TechSmith
2009-11-06 18:49:30 ----A---- C:\WINDOWS\system32\ctfmon.exe.backup
2009-11-06 17:35:19 ----D---- C:\WINDOWS\system32\appmgmt
2009-11-06 16:19:48 ----RASHD---- C:\cmdcons
2009-11-06 16:18:30 ----A---- C:\WINDOWS\zip.exe
2009-11-06 16:18:30 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-11-06 16:18:30 ----A---- C:\WINDOWS\SWSC.exe
2009-11-06 16:18:30 ----A---- C:\WINDOWS\SWREG.exe
2009-11-06 16:18:30 ----A---- C:\WINDOWS\sed.exe
2009-11-06 16:18:30 ----A---- C:\WINDOWS\PEV.exe
2009-11-06 16:18:30 ----A---- C:\WINDOWS\NIRCMD.exe
2009-11-06 16:18:30 ----A---- C:\WINDOWS\MBR.exe
2009-11-06 16:18:30 ----A---- C:\WINDOWS\grep.exe
2009-11-06 16:12:07 ----D---- C:\WINDOWS\ERDNT
2009-11-06 13:21:51 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\vlc
2009-11-06 13:00:14 ----A---- C:\WINDOWS\system32\msstdfmt.dll
2009-11-06 01:32:24 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2009-11-06 00:39:56 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2009-11-05 23:21:59 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA
2009-11-05 23:21:48 ----D---- C:\Programme\Gemeinsame Dateien\G DATA
2009-11-05 23:21:48 ----D---- C:\Programme\G Data
2009-11-05 17:42:50 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-11-05 17:42:48 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
2009-11-05 07:56:57 ----D---- C:\Programme\MSXML 4.0
2009-11-05 07:53:39 ----D---- C:\WINDOWS\system32\windowspowershell
2009-11-05 07:52:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-11-05 07:52:12 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-11-05 07:51:34 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-11-05 00:33:43 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sunbelt
2009-11-04 20:43:10 ----D---- C:\Programme\Windows Live Safety Center
2009-11-04 18:49:52 ----D---- C:\Programme\Trend Micro
2009-11-04 16:35:51 ----HDC---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-04 16:35:42 ----D---- C:\Programme\Lavasoft
2009-11-04 16:35:42 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
2009-11-04 00:41:43 ----D---- C:\Programme\Panda Security
2009-11-04 00:37:03 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\QuickScan
2009-11-03 23:55:55 ----D---- C:\aircrack-ng-1.0-win
2009-11-03 23:46:15 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\ACD Systems
2009-11-03 23:45:31 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems
2009-11-03 23:45:24 ----D---- C:\Programme\Gemeinsame Dateien\ACD Systems
2009-11-03 23:45:24 ----D---- C:\Programme\ACD Systems
2009-11-03 23:29:51 ----D---- C:\Programme\VideoLAN
2009-11-03 23:23:54 ----D---- C:\Programme\AltBinz
2009-11-03 23:06:43 ----D---- C:\Lyrics
2009-11-03 23:06:42 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\MiniLyrics
2009-11-03 23:06:13 ----D---- C:\Programme\Minilyrics
2009-11-03 22:59:36 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
2009-11-03 22:59:25 ----D---- C:\Programme\Gemeinsame Dateien\Adobe
2009-11-03 22:59:25 ----D---- C:\Programme\Adobe
2009-11-03 22:57:35 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-11-03 22:57:35 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-11-03 22:57:35 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-11-03 22:57:35 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-11-03 22:57:35 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-11-03 22:57:35 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-11-03 22:57:35 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-11-03 22:57:35 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-11-03 22:57:35 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-11-03 22:57:35 ----N---- C:\WINDOWS\system32\px.dll
2009-11-03 22:57:32 ----D---- C:\Programme\Winamp
2009-11-03 22:57:32 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\Winamp
2009-11-03 22:52:03 ----A---- C:\WINDOWS\system32\TURegOpt.exe
2009-11-03 22:52:02 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2009-11-03 22:51:41 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\TuneUp Software
2009-11-03 22:51:32 ----D---- C:\Programme\TuneUp Utilities 2010
2009-11-03 22:51:11 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
2009-11-03 22:51:07 ----SHD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2009-11-03 22:49:09 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\Macromedia
2009-11-03 22:49:09 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\Adobe
2009-11-03 22:45:48 ----D---- C:\Programme\DAEMON Tools Lite
2009-11-03 22:45:26 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\DAEMON Tools Lite
2009-11-03 22:45:23 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
2009-11-03 22:42:25 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\skypePM
2009-11-03 22:41:48 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\Skype
2009-11-03 22:41:28 ----D---- C:\Programme\Gemeinsame Dateien\Skype
2009-11-03 22:41:26 ----RD---- C:\Programme\Skype
2009-11-03 22:41:19 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
2009-11-03 22:36:22 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\Miranda Fusion
2009-11-03 22:36:16 ----D---- C:\Programme\MirandaFusion
2009-11-03 22:18:25 ----D---- C:\WINDOWS\ie8updates
2009-11-03 22:17:58 ----D---- C:\WINDOWS\WBEM
2009-11-03 22:16:23 ----HDC---- C:\WINDOWS\ie8
2009-11-03 22:15:13 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-03 22:09:40 ----D---- C:\WINDOWS\system32\XPSViewer
2009-11-03 22:09:36 ----D---- C:\Programme\MSBuild
2009-11-03 22:09:35 ----D---- C:\WINDOWS\system32\en-US
2009-11-03 22:09:27 ----D---- C:\Programme\Reference Assemblies
2009-11-03 22:09:00 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-11-03 22:09:00 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-11-03 22:08:59 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-11-03 22:08:20 ----RSD---- C:\WINDOWS\assembly
2009-11-03 22:07:50 ----D---- C:\WINDOWS\Microsoft.NET
2009-11-03 22:06:01 ----HDC---- C:\WINDOWS\$NtUninstallKB943729$
2009-11-03 22:05:54 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-11-03 22:05:53 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-11-03 22:05:31 ----D---- C:\Programme\Windows Media Connect 2
2009-11-03 22:03:59 ----D---- C:\WINDOWS\system32\LogFiles
2009-11-03 22:03:54 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-11-03 21:57:33 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage
2009-11-03 21:56:41 ----A---- C:\WINDOWS\system32\wups2.dll
2009-11-03 21:56:41 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2009-11-03 21:56:40 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-11-03 21:56:40 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-11-03 21:56:40 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-11-03 18:53:37 ----D---- C:\Programme\Windows Sidebar
2009-11-03 18:53:34 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton
2009-11-03 18:52:53 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NortonInstaller
2009-11-03 18:48:55 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\Mozilla
2009-11-03 18:48:11 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\WinRAR
2009-11-03 18:47:25 ----RD---- C:\Sandbox
2009-11-03 18:47:04 ----D---- C:\Programme\WinRAR
2009-11-03 18:46:52 ----A---- C:\WINDOWS\Sandboxie.ini
2009-11-03 18:46:43 ----D---- C:\Programme\Sandboxie
2009-11-03 18:45:20 ----D---- C:\Programme\Synaptics
2009-11-03 18:45:20 ----A---- C:\WINDOWS\system32\SynTPCo4.dll
2009-11-03 18:45:20 ----A---- C:\WINDOWS\system32\SynTPAPI.dll
2009-11-03 18:45:20 ----A---- C:\WINDOWS\system32\SynCtrl.dll
2009-11-03 18:45:20 ----A---- C:\WINDOWS\system32\SynCOM.dll
2009-11-03 18:44:19 ----D---- C:\WINDOWS\Options
2009-11-03 18:44:19 ----D---- C:\Programme\Atheros
2009-11-03 18:43:55 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\InstallShield
2009-11-03 18:43:55 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Atheros
2009-11-03 18:33:25 ----A---- C:\WINDOWS\system32\ChCfg.exe
2009-11-03 18:33:07 ----D---- C:\WINDOWS\system32\RTCOM
2009-11-03 18:33:06 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-11-03 18:33:02 ----A---- C:\WINDOWS\SoundMan.exe
2009-11-03 18:33:02 ----A---- C:\WINDOWS\SkyTel.exe
2009-11-03 18:33:02 ----A---- C:\WINDOWS\RtlUpd.exe
2009-11-03 18:33:01 ----A---- C:\WINDOWS\RTLCPL.exe
2009-11-03 18:33:00 ----D---- C:\Programme\Realtek
2009-11-03 18:33:00 ----A---- C:\WINDOWS\RTHDCPL.exe
2009-11-03 18:33:00 ----A---- C:\WINDOWS\MicCal.exe
2009-11-03 18:33:00 ----A---- C:\WINDOWS\alcwzrd.exe
2009-11-03 18:33:00 ----A---- C:\WINDOWS\Alcmtr.exe
2009-11-03 18:32:59 ----HD---- C:\Programme\InstallShield Installation Information
2009-11-03 18:32:58 ----A---- C:\WINDOWS\RtlExUpd.dll
2009-11-03 18:32:58 ----A---- C:\WINDOWS\HideWin.exe
2009-11-03 18:32:56 ----D---- C:\Programme\Gemeinsame Dateien\InstallShield
2009-11-03 18:31:24 ----A---- C:\WINDOWS\system32\igfxres.dll
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igxprd32.dll
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igxpgd32.dll
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igxpdx32.dll
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igxpdv32.dll
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igmedcompkrn.dll
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igklg450.dll
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igklg400.dll
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igfxzoom.exe
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igfxtray.exe
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igfxsrvc.exe
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igfxsrvc.dll
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igfxress.dll
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igfxpph.dll
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igfxpers.exe
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igfxext.exe
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igfxexps.dll
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igfxdo.dll
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igfxdev.dll
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igfxCoIn_v4885.dll
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igfxcfg.exe
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\ig4icd32.dll
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\ig4dev32.dll
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\hkcmd.exe
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\hccutils.dll
2009-11-03 18:29:29 ----D---- C:\WINDOWS\system32\Lang
2009-11-03 18:29:29 ----A---- C:\WINDOWS\system32\igxpun.exe
2009-11-03 18:29:29 ----A---- C:\WINDOWS\system32\difxapi.dll
2009-11-03 18:26:43 ----D---- C:\Programme\Mozilla Thunderbird
2009-11-03 18:24:02 ----D---- C:\Programme\Spybot - Search & Destroy
2009-11-03 18:24:02 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2009-11-03 18:23:22 ----D---- C:\Programme\Mozilla Firefox
2009-11-03 18:21:58 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-11-03 18:21:56 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-03 18:21:56 ----D---- C:\Programme\Intel
2009-11-03 18:21:47 ----D---- C:\Intel
2009-11-03 18:20:45 ----D---- C:\WINDOWS\pss
2009-11-03 18:16:21 ----D---- C:\Programme\xp-AntiSpy
2009-11-03 18:15:07 ----RASH---- C:\boot.ini
2009-11-03 18:13:42 ----SHD---- C:\RECYCLER
2009-11-03 18:13:36 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\Auslogics
2009-11-03 18:13:33 ----D---- C:\Programme\Auslogics
2009-11-03 18:10:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-03 18:10:54 ----RSD---- C:\WINDOWS\Fonts
2009-11-03 18:10:54 ----RD---- C:\WINDOWS\Web
2009-11-03 18:10:54 ----HD---- C:\WINDOWS\inf
2009-11-03 18:10:54 ----D---- C:\WINDOWS\WinSxS
2009-11-03 18:10:54 ----D---- C:\WINDOWS\twain_32
2009-11-03 18:10:54 ----D---- C:\WINDOWS\Temp
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\wins
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\wbem
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\usmt
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\spool
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\ShellExt
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\Setup
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\ras
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\oobe
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\npp
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\mui
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\Macromed
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\inetsrv
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\IME
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\icsxml
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\ias
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\export
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\drivers
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\dhcp
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\de-de
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\de
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\config
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\3com_dmi
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\3076
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\2052
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\1054
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\1042
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\1041
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\1037
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\1033
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\1031
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\1028
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\1025
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system
2009-11-03 18:10:54 ----D---- C:\WINDOWS\security
2009-11-03 18:10:54 ----D---- C:\WINDOWS\Resources
2009-11-03 18:10:54 ----D---- C:\WINDOWS\repair
2009-11-03 18:10:54 ----D---- C:\WINDOWS\Provisioning
2009-11-03 18:10:54 ----D---- C:\WINDOWS\PeerNet
2009-11-03 18:10:54 ----D---- C:\WINDOWS\pchealth
2009-11-03 18:10:54 ----D---- C:\WINDOWS\Network Diagnostic
2009-11-03 18:10:54 ----D---- C:\WINDOWS\mui
2009-11-03 18:10:54 ----D---- C:\WINDOWS\msapps
2009-11-03 18:10:54 ----D---- C:\WINDOWS\msagent
2009-11-03 18:10:54 ----D---- C:\WINDOWS\Media
2009-11-03 18:10:54 ----D---- C:\WINDOWS\L2Schemas
2009-11-03 18:10:54 ----D---- C:\WINDOWS\java
2009-11-03 18:10:54 ----D---- C:\WINDOWS\ime
2009-11-03 18:10:54 ----D---- C:\WINDOWS\Help
2009-11-03 18:10:54 ----D---- C:\WINDOWS\ehome
2009-11-03 18:10:54 ----D---- C:\WINDOWS\Driver Cache
2009-11-03 18:10:54 ----D---- C:\WINDOWS\Debug
2009-11-03 18:10:54 ----D---- C:\WINDOWS\Cursors
2009-11-03 18:10:54 ----D---- C:\WINDOWS\Connection Wizard
2009-11-03 18:10:54 ----D---- C:\WINDOWS\Config
2009-11-03 18:10:54 ----D---- C:\WINDOWS\AppPatch
2009-11-03 18:10:54 ----D---- C:\WINDOWS\addins
2009-11-03 18:10:54 ----D---- C:\WINDOWS
2009-11-03 18:00:38 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\Identities
2009-11-03 18:00:37 ----HD---- C:\Programme\Uninstall Information
2009-11-03 18:00:17 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-11-03 18:00:08 ----SD---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\Microsoft
2009-11-03 18:00:08 ----ASH---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\desktop.ini
2009-11-03 17:58:21 ----D---- C:\WINDOWS\SoftwareDistribution
2009-11-03 17:58:19 ----SD---- C:\WINDOWS\system32\Microsoft
2009-11-03 17:58:19 ----D---- C:\WINDOWS\Prefetch
2009-11-03 17:58:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-03 17:26:52 ----D---- C:\WINDOWS\system32\xircom
2009-11-03 17:26:52 ----D---- C:\Programme\xerox
2009-11-03 17:26:52 ----D---- C:\Programme\microsoft frontpage
2009-11-03 17:26:23 ----D---- C:\WINDOWS\system32\PreInstall
2009-11-03 17:26:22 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-11-03 17:26:21 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-03 17:26:08 ----A---- C:\WINDOWS\control.ini
2009-11-03 17:26:08 ----A---- C:\AUTOEXEC.BAT
2009-11-03 17:25:58 ----A---- C:\WINDOWS\OEWABLog.txt
2009-11-03 17:25:53 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-11-03 17:25:05 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-11-03 17:25:05 ----RD---- C:\WINDOWS\Offline Web Pages
2009-11-03 17:25:05 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-11-03 17:25:00 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-11-03 17:24:55 ----HD---- C:\Programme\WindowsUpdate
2009-11-03 17:24:51 ----D---- C:\Programme\Online-Dienste
2009-11-03 17:24:33 ----D---- C:\WINDOWS\system32\DirectX
2009-11-03 17:24:26 ----A---- C:\WINDOWS\system32\atrace.dll
2009-11-03 17:24:23 ----A---- C:\WINDOWS\system32\desktop.ini
2009-11-03 17:24:23 ----A---- C:\WINDOWS\desktop.ini
2009-11-03 17:24:16 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-11-03 17:24:15 ----A---- C:\WINDOWS\system32\acctres.dll
2009-11-03 17:24:14 ----D---- C:\Programme\Gemeinsame Dateien\Dienste
2009-11-03 17:24:11 ----SD---- C:\WINDOWS\Tasks
2009-11-03 17:24:11 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-11-03 17:24:10 ----D---- C:\Programme\Gemeinsame Dateien\MSSoap
2009-11-03 17:24:06 ----D---- C:\WINDOWS\srchasst
2009-11-03 17:24:02 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-11-03 17:24:02 ----A---- C:\WINDOWS\system32\wups.dll
2009-11-03 17:24:02 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-11-03 17:24:02 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-11-03 17:24:02 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-11-03 17:24:02 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-11-03 17:24:01 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-11-03 17:24:01 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-11-03 17:24:01 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-11-03 17:24:01 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2009-11-03 17:24:01 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-11-03 17:24:01 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-11-03 17:24:01 -------- C:\WINDOWS\system32\wuauclt.exe
2009-11-03 17:24:01 -------- C:\WINDOWS\system32\qmgr.dll
2009-11-03 17:23:56 ----D---- C:\Programme\Movie Maker
2009-11-03 17:23:37 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-11-03 17:23:37 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-11-03 17:23:37 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-11-03 17:23:37 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-11-03 17:23:33 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-11-03 17:23:33 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-11-03 17:23:32 ----D---- C:\WINDOWS\system32\Restore
2009-11-03 17:23:32 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-11-03 17:23:32 ----A---- C:\WINDOWS\system32\srclient.dll
2009-11-03 17:23:32 -------- C:\WINDOWS\system32\srsvc.dll
2009-11-03 17:23:31 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-11-03 17:23:31 ----A---- C:\WINDOWS\system32\msconf.dll
2009-11-03 17:23:31 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-11-03 17:23:31 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-11-03 17:23:31 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-11-03 17:23:31 ----A---- C:\WINDOWS\system32\ils.dll
2009-11-03 17:23:28 ----D---- C:\Programme\NetMeeting
2009-11-03 17:23:28 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-11-03 17:23:28 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-11-03 17:23:26 ----A---- C:\WINDOWS\system32\inetres.dll
2009-11-03 17:23:26 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-11-03 17:23:24 ----D---- C:\Programme\Outlook Express
2009-11-03 17:23:24 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-11-03 17:23:24 ----A---- C:\WINDOWS\system32\mstask.dll
2009-11-03 17:23:24 -------- C:\WINDOWS\system32\schedsvc.dll
2009-11-03 17:23:23 ----A---- C:\WINDOWS\system32\isign32.dll
2009-11-03 17:23:23 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-11-03 17:23:23 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-11-03 17:23:23 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-11-03 17:23:17 ----D---- C:\Programme\Gemeinsame Dateien\System
2009-11-03 17:23:12 ----D---- C:\Programme\Internet Explorer
2009-11-03 17:22:32 ----D---- C:\Programme\ComPlus Applications
2009-11-03 17:22:30 ----A---- C:\WINDOWS\vbaddin.ini
2009-11-03 17:22:30 ----A---- C:\WINDOWS\vb.ini
2009-11-03 17:22:24 ----D---- C:\WINDOWS\Registration
2009-11-03 17:22:16 ----D---- C:\Programme\Windows Media Player
2009-11-03 17:22:16 ----D---- C:\Programme\Online Services
2009-11-03 17:22:09 ----D---- C:\Programme\Messenger
2009-11-03 17:22:05 ----D---- C:\Programme\MSN Gaming Zone
2009-11-03 17:22:05 ----A---- C:\WINDOWS\system32\write.exe
2009-11-03 17:21:55 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-11-03 17:21:55 ----A---- C:\WINDOWS\system32\hticons.dll
2009-11-03 17:21:55 ----A---- C:\WINDOWS\system32\avwav.dll
2009-11-03 17:21:55 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-11-03 17:21:55 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-11-03 17:21:54 ----A---- C:\WINDOWS\system32\winchat.exe
2009-11-03 17:21:47 ----A---- C:\WINDOWS\system32\getuname.dll
2009-11-03 17:21:46 ----A---- C:\WINDOWS\system32\winmine.exe
2009-11-03 17:21:46 ----A---- C:\WINDOWS\system32\sol.exe
2009-11-03 17:21:46 ----A---- C:\WINDOWS\system32\charmap.exe
2009-11-03 17:21:46 ----A---- C:\WINDOWS\system32\calc.exe
2009-11-03 17:21:45 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-11-03 17:21:45 ----A---- C:\WINDOWS\system32\tskill.exe
2009-11-03 17:21:45 ----A---- C:\WINDOWS\system32\reset.exe
2009-11-03 17:21:45 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-11-03 17:21:45 ----A---- C:\WINDOWS\system32\freecell.exe
2009-11-03 17:21:44 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-11-03 17:21:44 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-11-03 17:21:44 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-11-03 17:21:44 ----A---- C:\WINDOWS\system32\tscon.exe
2009-11-03 17:21:44 ----A---- C:\WINDOWS\system32\shadow.exe
2009-11-03 17:21:44 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-11-03 17:21:44 ----A---- C:\WINDOWS\system32\regini.exe
2009-11-03 17:21:44 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-11-03 17:21:44 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-11-03 17:21:44 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-11-03 17:21:44 ----A---- C:\WINDOWS\system32\msg.exe
2009-11-03 17:21:43 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-11-03 17:21:43 ----A---- C:\WINDOWS\system32\logoff.exe
2009-11-03 17:21:43 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-11-03 17:21:37 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-11-03 17:21:25 ----D---- C:\Programme\MSN
2009-11-03 17:21:24 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-11-03 17:21:23 ----D---- C:\Programme\Windows NT
2009-11-03 17:21:23 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-11-03 17:21:23 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-11-03 17:21:23 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-11-03 17:21:22 ----A---- C:\WINDOWS\system32\spider.exe
2009-11-03 17:21:22 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-11-03 17:21:22 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-11-03 17:21:21 ----A---- C:\WINDOWS\system32\tsgqec.dll
2009-11-03 17:21:21 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-11-03 17:21:21 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2009-11-03 17:21:20 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-11-03 17:21:20 ----A---- C:\WINDOWS\system32\aaclient.dll
2009-11-03 17:21:19 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-11-03 17:21:19 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-11-03 17:21:19 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-11-03 17:21:19 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-11-03 17:21:19 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-11-03 17:21:19 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-11-03 17:21:19 -------- C:\WINDOWS\system32\termsrv.dll
2009-11-03 17:21:18 ----D---- C:\WINDOWS\system32\MsDtc
2009-11-03 17:21:18 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-11-03 17:21:18 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-11-03 17:21:18 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-11-03 17:21:18 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-11-03 17:21:18 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-11-03 17:21:18 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-11-03 17:21:18 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-11-03 17:21:18 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-11-03 17:21:17 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-11-03 17:21:17 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-11-03 17:21:17 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-11-03 17:21:17 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-11-03 17:21:17 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-11-03 17:21:16 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-11-03 17:21:16 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-11-03 17:21:16 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-11-03 17:21:16 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-11-03 17:21:15 ----D---- C:\WINDOWS\system32\Com
2009-11-03 17:21:15 ----A---- C:\WINDOWS\system32\stclient.dll
2009-11-03 17:21:15 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-11-03 17:21:15 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-11-03 17:21:15 ----A---- C:\WINDOWS\system32\colbact.dll
2009-11-03 17:21:15 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-11-03 17:21:15 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-11-03 17:21:15 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-11-03 17:21:14 ----A---- C:\WINDOWS\system32\comuid.dll
2009-11-03 17:21:14 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-11-03 17:21:14 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-11-03 17:21:14 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-11-03 17:21:13 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-11-03 17:21:06 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-11-03 17:21:06 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-11-03 17:21:06 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-11-03 17:21:06 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-11-03 17:20:13 ----A---- C:\WINDOWS\system32\h323log.txt
2009-11-03 17:18:38 ----A---- C:\WINDOWS\system32\usbui.dll
2009-11-03 17:17:22 ----A---- C:\WINDOWS\imsins.BAK
2009-11-03 17:17:20 ----SHD---- C:\WINDOWS\Installer
2009-11-03 17:17:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-03 17:17:19 ----D---- C:\Programme\Gemeinsame Dateien\ODBC
2009-11-03 17:17:19 ----A---- C:\WINDOWS\ODBCINST.INI
2009-11-03 17:17:15 ----RD---- C:\Programme
2009-11-03 17:17:15 ----D---- C:\Programme\Gemeinsame Dateien\SpeechEngines
2009-11-03 17:17:15 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2009-11-03 17:17:15 ----D---- C:\Programme\Gemeinsame Dateien
2009-11-03 17:17:11 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-11-03 17:17:10 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-11-03 17:17:10 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-11-03 17:17:09 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-11-03 17:17:09 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-11-03 17:17:08 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-11-03 17:17:08 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-11-03 17:17:08 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-11-03 17:17:08 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-11-03 17:17:08 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-11-03 17:17:08 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-11-03 17:17:08 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-11-03 17:17:08 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-11-03 17:17:08 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-11-03 17:17:08 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-11-03 17:17:06 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-11-03 17:17:06 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-11-03 17:17:06 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-11-03 17:17:06 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-11-03 17:17:06 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-11-03 17:17:06 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-11-03 17:17:06 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-11-03 17:17:04 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-11-03 17:17:04 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-11-03 17:17:04 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-11-03 17:17:04 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-11-03 17:17:04 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-11-03 17:17:03 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-11-03 17:17:03 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-11-03 17:17:03 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-11-03 17:17:03 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-11-03 17:17:03 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-11-03 17:17:02 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-11-03 17:17:02 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-11-03 17:17:02 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-11-03 17:17:02 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-11-03 17:17:02 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-11-03 17:17:02 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-11-03 17:17:02 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-11-03 17:17:02 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-11-03 17:16:57 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-11-03 17:16:57 ----A---- C:\WINDOWS\system32\irclass.dll
2009-11-03 17:16:57 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-11-03 17:16:57 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-11-03 17:16:56 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-11-03 17:16:54 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-11-03 17:16:54 ----A---- C:\WINDOWS\system32\batt.dll
2009-11-03 17:16:54 -------- C:\WINDOWS\system32\CONFIG.TMP
2009-11-03 17:16:53 ----A---- C:\WINDOWS\system32\storprop.dll
2009-11-03 17:16:53 ----A---- C:\WINDOWS\NOTEPAD.EXE
2009-11-03 17:16:44 ----ASH---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini
2009-11-03 17:16:38 ----RA---- C:\WINDOWS\SET8.tmp
2009-11-03 17:16:36 ----RA---- C:\WINDOWS\SET4.tmp
2009-11-03 17:16:34 ----RA---- C:\WINDOWS\SET3.tmp
2009-11-03 17:16:30 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-03 17:16:30 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-03 17:16:24 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft
2009-11-03 17:16:00 ----D---- C:\Dokumente und Einstellungen
2009-11-03 17:15:59 ----SHD---- C:\System Volume Information
2009-10-13 18:22:08 ----A---- C:\WINDOWS\system32\nlite.cmd
2009-10-13 17:57:46 ----A---- C:\WINDOWS\system32\wmspdmod.dll
2009-10-13 17:57:44 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-10-13 17:57:39 ----A---- C:\WINDOWS\system32\msasn1.dll
2009-10-13 17:57:37 ----N---- C:\WINDOWS\system32\wininet.dll
2009-10-13 17:57:36 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-10-13 17:57:36 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-10-13 17:57:34 ----N---- C:\WINDOWS\system32\mshtml.dll
2009-10-13 17:57:17 ----A---- C:\WINDOWS\system32\strmdll.dll
2009-10-13 17:57:05 -------- C:\WINDOWS\system32\ntoskrnl.exe
2009-10-13 17:56:49 ----A---- C:\WINDOWS\system32\query.dll
2009-10-13 17:56:40 ----A---- C:\WINDOWS\system32\wmvcore.dll
2009-10-13 17:56:29 ----A---- C:\WINDOWS\system32\wmnetmgr.dll
2009-10-13 17:56:27 ----A---- C:\WINDOWS\system32\logagent.exe
2009-10-13 17:56:19 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-10-13 17:56:16 ----A---- C:\WINDOWS\system32\atl.dll
2009-10-13 17:55:23 ----A---- C:\WINDOWS\system32\jscript.dll
2009-10-13 17:55:18 ----A---- C:\WINDOWS\system32\wkssvc.dll
2009-10-13 17:55:15 ----A---- C:\WINDOWS\system32\quartz.dll
2009-10-13 17:55:06 ----A---- C:\WINDOWS\system32\avifil32.dll
2009-10-13 17:54:54 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2009-10-13 17:54:16 ----A---- C:\WINDOWS\system32\wdigest.dll
2009-10-13 17:54:16 ----A---- C:\WINDOWS\system32\secur32.dll
2009-10-13 17:54:15 ----A---- C:\WINDOWS\system32\schannel.dll
2009-10-13 17:54:13 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-10-13 17:54:11 ----A---- C:\WINDOWS\system32\kerberos.dll
2009-10-13 17:54:04 ----A---- C:\WINDOWS\system32\shell32.dll
2009-10-13 17:53:11 ----A---- C:\WINDOWS\system32\localspl.dll
2009-10-13 17:53:06 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-10-13 17:53:05 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-10-13 17:53:00 ----A---- C:\WINDOWS\system32\tlntsess.exe
2009-10-13 17:52:56 ----A---- C:\WINDOWS\system32\winhttp.dll
2009-10-13 17:52:51 -------- C:\WINDOWS\system32\kernel32.dll
2009-10-13 17:52:39 ----A---- C:\WINDOWS\system32\netapi32.dll
2009-10-13 17:52:08 ----A---- C:\WINDOWS\system32\gdi32.dll
2009-10-13 17:51:37 -------- C:\WINDOWS\system32\services.exe
2009-10-13 17:51:36 ----A---- C:\WINDOWS\system32\sc.exe
2009-10-13 17:51:36 -------- C:\WINDOWS\system32\rpcss.dll
2009-10-13 17:51:35 ----A---- C:\WINDOWS\system32\pdh.dll
2009-10-13 17:51:16 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-10-13 17:50:51 ----A---- C:\WINDOWS\system32\msxml3.dll
2009-10-13 17:50:41 ----A---- C:\WINDOWS\system32\msxml6.dll
2009-10-13 17:50:24 ----A---- C:\WINDOWS\system32\mscms.dll
2009-10-13 17:50:14 ----A---- C:\WINDOWS\system32\mtxclu.dll
2009-10-13 17:50:01 ----A---- C:\WINDOWS\system32\wshext.dll
2009-10-13 17:50:01 ----A---- C:\WINDOWS\system32\wscript.exe
2009-10-13 17:49:59 ----A---- C:\WINDOWS\system32\vbscript.dll
2009-10-13 17:49:50 ----A---- C:\WINDOWS\system32\scrrun.dll
2009-10-13 17:49:49 ----A---- C:\WINDOWS\system32\scrobj.dll
2009-10-13 17:49:47 ----A---- C:\WINDOWS\system32\cscript.exe
2009-10-13 17:49:38 -------- C:\WINDOWS\system32\mswsock.dll
2009-10-13 17:49:37 ----A---- C:\WINDOWS\system32\dnsapi.dll
2009-10-13 17:43:11 -------- C:\WINDOWS\system32\es.dll

======List of files/folders modified in the last 1 months======

2009-11-06 18:49:30 ----A---- C:\WINDOWS\system32\ctfmon.exe
2009-11-06 16:32:10 ----N---- C:\WINDOWS\system.ini
2009-11-03 22:05:40 ----N---- C:\WINDOWS\win.ini
2009-10-13 18:05:37 ----A---- C:\WINDOWS\system32\wzcsvc.dll
2009-10-13 18:05:37 ----A---- C:\WINDOWS\system32\wzcsapi.dll
2009-10-13 18:05:37 ----A---- C:\WINDOWS\system32\pjlmon.dll
2009-10-13 18:05:37 ----A---- C:\WINDOWS\system32\pid.dll
2009-10-13 18:05:37 ----A---- C:\WINDOWS\system32\msyuv.dll
2009-10-13 18:05:37 ----A---- C:\WINDOWS\system32\iyuv_32.dll
2009-10-13 18:05:37 ----A---- C:\WINDOWS\system32\hid.dll
2009-10-13 18:05:37 ----A---- C:\WINDOWS\system32\dmutil.dll
2009-10-13 18:05:37 ----A---- C:\WINDOWS\system32\cnbjmon.dll
2009-10-13 18:05:37 -------- C:\WINDOWS\system32\ntkrnlpa.exe
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\wowfaxui.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\wowfax.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\usrvpa.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\usrvoica.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\usrv80a.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\usrv42a.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\usrsvpia.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\usrshuta.exe
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\usrsdpia.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\usrrtosa.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\usrprbda.exe
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\usrmlnka.exe
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\usrlbva.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\usrfaxa.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\usrdtea.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\usrdpa.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\usrcoina.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\usrcntra.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\tsbyuv.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\streamci.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\sprio800.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\sprio600.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\spnike.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\paqsp.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\mdwmdmsp.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\dvdplay.exe
2009-10-08 13:57:24 ----A---- C:\WINDOWS\system32\uiautomationcore.dll
2009-10-08 13:57:24 ----A---- C:\WINDOWS\system32\oleaccrc.dll
2009-10-08 13:57:00 ----A---- C:\WINDOWS\system32\oleacc.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 GRD;G Data Rootkit Detector Driver; \??\C:\WINDOWS\system32\drivers\GRD.sys []
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 WmiAcpi;Microsoft Windows-Verwaltungsschnittstelle für ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 GDTdiInterceptor;GDTdiInterceptor; \??\C:\WINDOWS\system32\drivers\GDTdiIcpt.sys []
R3 afcdp;afcdp; C:\WINDOWS\system32\DRIVERS\afcdp.sys [2009-11-07 159168]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2009-09-30 1585728]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2009-11-03 161792]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GDMnIcpt;GDMnIcpt; \??\C:\WINDOWS\system32\drivers\MiniIcpt.sys []
R3 GearAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\drivers\GEARAspiWDM.sys [2008-02-22 16168]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HookCentre;HookCentre; \??\C:\WINDOWS\system32\drivers\HookCentre.sys []
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-11-03 5851488]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-11-03 4419584]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-10-13 12288]
R3 SbieDrv;SbieDrv; \??\C:\Programme\Sandboxie\SbieDrv.sys []
R3 SymantecAntiBotDriver;SymantecAntiBotDriver; \??\C:\Programme\Symantec\Norton AntiBot\agent\driver\AntiBotDriver.sys []
R3 SymantecAntiBotFilter;SymantecAntiBotFilter; \??\C:\Programme\Symantec\Norton AntiBot\agent\driver\AntiBotFilter.sys []
R3 SymantecAntiBotShim;SymantecAntiBotShim; \??\C:\Programme\Symantec\Norton AntiBot\agent\driver\AntiBotShim.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2009-11-03 215904]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys []
S3 agcn73ru;agcn73ru; C:\WINDOWS\system32\drivers\agcn73ru.sys []
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-07-26 547904]
S3 catchme;catchme; \??\C:\DOKUME~1\FLO\LOKALE~1\Temp\catchme.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Filtertreiber für Systemwiederherstellung; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe [2009-09-12 660936]
R2 afcdpsrv;Acronis Nonstop Backup service; C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe [2009-11-07 2326920]
R2 AVKProxy;G DATA AntiVirus Proxy; C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe [2009-10-23 1126472]
R2 AVKService;G Data Scheduler; C:\Programme\G Data\AntiVirus\AVK\AVKService.exe [2009-08-08 397896]
R2 AVKWCtl;G Data Dateisystem Wächter; C:\Programme\G Data\AntiVirus\AVK\AVKWCtl.exe [2009-10-21 1241688]
R2 postgresql-8.4;PostgreSQL Server 8.4; D:/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D D:/PostgreSQL/8.4/data -w []
R2 SbieSvc;Sandboxie Service; C:\Programme\Sandboxie\SbieSvc.exe [2009-09-30 65024]
R2 SymantecAntiBotAgent;SymantecAntiBotAgent; C:\Programme\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe [2008-09-08 4910104]
R2 SymantecAntiBotWatcher;SymantecAntiBotWatcher; C:\Programme\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe [2008-09-08 539160]
R3 GDScan;G Data Scanner; C:\Programme\Gemeinsame Dateien\G DATA\GDScan\GDScan.exe [2009-07-27 300616]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\AAWService.exe [2009-11-04 1179232]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
0v3rK!LL
Regular Member
 
Posts: 17
Joined: November 4th, 2009, 3:10 pm

Re: windefence32?! hijacked browser...need help

Unread postby 0v3rK!LL » November 7th, 2009, 5:34 pm

thank you again for your effort.

when rsit tried to run hjt I got an error message and it probably didn't work.

unfortunately I deleted the combofix-folder so I can't provide you with the log it created. should I run combofix another time and post the log?

As far as I can say my system runs normally. no obvious problems...
0v3rK!LL
Regular Member
 
Posts: 17
Joined: November 4th, 2009, 3:10 pm

Re: windefence32?! hijacked browser...need help

Unread postby Dakeyras » November 7th, 2009, 5:39 pm

Hi .:)

thank you again for your effort.
You're welcome!

unfortunately I deleted the combofix-folder so I can't provide you with the log it created. should I run combofix another time and post the log?
OK fair enough.........no do not run ComboFix again unless I advise to do so, thank you.

I will research the logs posted and get back to you.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: windefence32?! hijacked browser...need help

Unread postby Dakeyras » November 7th, 2009, 5:59 pm

Hi .:)

Please make sure your Anti-Virus is enabled as RSIT is reporting it is not:-

======Security center information======

AV: G Data AntiVirus 2010 (disabled)
Next:

I notice you have the Sandboxie application installed, we will need to disable this so it does not hinder the malware removal process.

Disable Sandboxie:

  • Open Notepad.
  • Copy and Paste everything from the Code Box below into Notepad: <-- Start >> Run... type in notepad and select OK
Code: Select all
@Echo Off
SC Stop SbieSvc
SC Config SbieSvc start= disabled
Del%0

  • Go to File >> Save As
  • Save File name as "Disable.bat" <-- Make sure to include the quotes.
  • Change Save as Type to All Files and save the file to your Desktop.
  • It should look like this: Image

Now double click on the desktop Disable.bat to run the batch file. It will self-delete when completed.

Then Reboot(restart) your computer.

Note: We will re-enable this when I give the all clear.

Next:

Please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Ad-Aware <-- This is actually active in system memory and not that effective a application. We will replace this in due course.

To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and select then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • Malwarebytes' Anti-Malware Log.
  • A new RSIT Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: windefence32?! hijacked browser...need help

Unread postby 0v3rK!LL » November 7th, 2009, 10:23 pm

Malwarebytes' Anti-Malware 1.41
Datenbank Version: 3120
Windows 5.1.2600 Service Pack 3

08.11.2009 02:22:04
mbam-log-2009-11-08 (02-22-04).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 99084
Laufzeit: 4 minute(s), 4 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.


------------
btw:

Infizierte = infected
Keine bösartigen Objekte gefunden = No threats found
0v3rK!LL
Regular Member
 
Posts: 17
Joined: November 4th, 2009, 3:10 pm

there was only a log now with RSIT

Unread postby 0v3rK!LL » November 7th, 2009, 10:37 pm

Logfile of random's system information tool 1.06 (written by random/random)
Run by FLO at 2009-11-08 02:33:07
Microsoft Windows XP Professional Service Pack 3
System drive C: has 24 GB (78%) free of 31 GB
Total RAM: 2038 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:33:23, on 08.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\G Data\AntiVirus\AVKTray\AVKTray.exe
C:\Programme\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe
C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
C:\Programme\Sandboxie\SbieCtrl.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Symantec\Norton AntiBot\agent\bin\NABMonitor.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe
C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
C:\Programme\G Data\AntiVirus\AVK\AVKService.exe
C:\Programme\G Data\AntiVirus\AVK\AVKWCtl.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Gemeinsame Dateien\G DATA\GDScan\GDScan.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Dokumente und Einstellungen\FLO\Desktop\RSIT.exe
C:\Programme\trend micro\FLO.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\AntiVirus\Webfilter\AVKWebIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\AntiVirus\Webfilter\AVKWebIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Programme\G Data\AntiVirus\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [NortonAntiBot] "C:\Programme\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [SandboxieControl] "C:\Programme\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-21-1220945662-1580436667-1177238915-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7285374116
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Programme\G Data\AntiVirus\AVK\AVKService.exe
O23 - Service: G Data Dateisystem Wächter (AVKWCtl) - G Data Software AG - C:\Programme\G Data\AntiVirus\AVK\AVKWCtl.exe
O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Programme\Gemeinsame Dateien\G DATA\GDScan\GDScan.exe
O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - D:/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: SymantecAntiBotAgent - Symantec - C:\Programme\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
O23 - Service: SymantecAntiBotWatcher - Symantec - C:\Programme\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe

--
End of file - 5710 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Automatische Problemsuche.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}]
G Data WebFilter - C:\Programme\G Data\AntiVirus\Webfilter\AVKWebIE.dll [2009-09-18 594504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0124123D-61B4-456f-AF86-78C53A0790C5} - G Data WebFilter - C:\Programme\G Data\AntiVirus\Webfilter\AVKWebIE.dll [2009-09-18 594504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-11-03 16342528]
"SynTPStart"=C:\Programme\Synaptics\SynTP\SynTPStart.exe [2009-11-03 102400]
"G DATA AntiVirus Trayapplication"=C:\Programme\G Data\AntiVirus\AVKTray\AVKTray.exe [2009-09-18 924232]
"NortonAntiBot"=C:\Programme\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe [2008-09-08 1378840]
"TrueImageMonitor.exe"=C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe [2009-09-12 5082488]
"Acronis Scheduler2 Service"=C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe [2009-09-12 357800]
"Malwarebytes Anti-Malware (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"=C:\Programme\Sandboxie\SbieCtrl.exe [2009-09-30 387584]
"Skype"=C:\Programme\Skype\Phone\Skype.exe [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2009-11-03 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoRecentDocsNetHood"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Skype\Plugin Manager\skypePM.exe"="C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-11-08 02:05:26 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\Malwarebytes
2009-11-08 02:05:09 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-11-08 02:05:09 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-11-07 21:30:59 ----D---- C:\rsit
2009-11-07 19:54:52 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-11-07 15:38:54 ----D---- C:\Programme\Zone Labs
2009-11-07 15:37:54 ----D---- C:\WINDOWS\Internet Logs
2009-11-07 13:32:48 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
2009-11-07 13:23:16 ----D---- C:\Programme\PokerStrategy
2009-11-07 13:15:46 ----D---- C:\Programme\Gemeinsame Dateien\Acronis
2009-11-07 13:15:45 ----D---- C:\Programme\Acronis
2009-11-07 12:21:08 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\Talkback
2009-11-07 12:20:58 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\Thunderbird
2009-11-07 02:08:09 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2009-11-07 02:08:09 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2009-11-07 02:07:47 ----D---- C:\Programme\Gemeinsame Dateien\DivX Shared
2009-11-07 02:07:47 ----D---- C:\Programme\DivX
2009-11-07 01:10:33 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\Symantec
2009-11-07 01:06:03 ----D---- C:\Programme\Symantec
2009-11-07 00:48:38 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations
2009-11-06 20:30:29 ----A---- C:\WINDOWS\system32\tsccvid.dll
2009-11-06 20:30:27 ----D---- C:\WINDOWS\system32\QuickTime
2009-11-06 20:30:07 ----D---- C:\Programme\Gemeinsame Dateien\TechSmith Shared
2009-11-06 20:30:04 ----D---- C:\Programme\TechSmith
2009-11-06 18:49:30 ----A---- C:\WINDOWS\system32\ctfmon.exe.backup
2009-11-06 17:35:19 ----D---- C:\WINDOWS\system32\appmgmt
2009-11-06 16:19:48 ----RASHD---- C:\cmdcons
2009-11-06 16:18:30 ----A---- C:\WINDOWS\zip.exe
2009-11-06 16:18:30 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-11-06 16:18:30 ----A---- C:\WINDOWS\SWSC.exe
2009-11-06 16:18:30 ----A---- C:\WINDOWS\SWREG.exe
2009-11-06 16:18:30 ----A---- C:\WINDOWS\sed.exe
2009-11-06 16:18:30 ----A---- C:\WINDOWS\PEV.exe
2009-11-06 16:18:30 ----A---- C:\WINDOWS\NIRCMD.exe
2009-11-06 16:18:30 ----A---- C:\WINDOWS\MBR.exe
2009-11-06 16:18:30 ----A---- C:\WINDOWS\grep.exe
2009-11-06 16:12:07 ----D---- C:\WINDOWS\ERDNT
2009-11-06 13:21:51 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\vlc
2009-11-06 13:00:14 ----A---- C:\WINDOWS\system32\msstdfmt.dll
2009-11-06 01:32:24 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2009-11-06 00:39:56 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2009-11-05 23:21:59 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA
2009-11-05 23:21:48 ----D---- C:\Programme\Gemeinsame Dateien\G DATA
2009-11-05 23:21:48 ----D---- C:\Programme\G Data
2009-11-05 17:42:50 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-11-05 17:42:48 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
2009-11-05 07:56:57 ----D---- C:\Programme\MSXML 4.0
2009-11-05 07:53:39 ----D---- C:\WINDOWS\system32\windowspowershell
2009-11-05 07:52:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-11-05 07:52:12 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-11-05 07:51:34 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-11-05 00:33:43 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sunbelt
2009-11-04 20:43:10 ----D---- C:\Programme\Windows Live Safety Center
2009-11-04 18:49:52 ----D---- C:\Programme\Trend Micro
2009-11-04 16:35:42 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
2009-11-04 00:41:43 ----D---- C:\Programme\Panda Security
2009-11-04 00:37:03 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\QuickScan
2009-11-03 23:55:55 ----D---- C:\aircrack-ng-1.0-win
2009-11-03 23:46:15 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\ACD Systems
2009-11-03 23:45:31 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems
2009-11-03 23:45:24 ----D---- C:\Programme\Gemeinsame Dateien\ACD Systems
2009-11-03 23:45:24 ----D---- C:\Programme\ACD Systems
2009-11-03 23:29:51 ----D---- C:\Programme\VideoLAN
2009-11-03 23:23:54 ----D---- C:\Programme\AltBinz
2009-11-03 23:06:43 ----D---- C:\Lyrics
2009-11-03 23:06:42 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\MiniLyrics
2009-11-03 23:06:13 ----D---- C:\Programme\Minilyrics
2009-11-03 22:59:36 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
2009-11-03 22:59:25 ----D---- C:\Programme\Gemeinsame Dateien\Adobe
2009-11-03 22:59:25 ----D---- C:\Programme\Adobe
2009-11-03 22:57:35 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-11-03 22:57:35 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-11-03 22:57:35 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-11-03 22:57:35 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-11-03 22:57:35 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-11-03 22:57:35 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-11-03 22:57:35 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-11-03 22:57:35 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-11-03 22:57:35 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-11-03 22:57:35 ----N---- C:\WINDOWS\system32\px.dll
2009-11-03 22:57:32 ----D---- C:\Programme\Winamp
2009-11-03 22:57:32 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\Winamp
2009-11-03 22:52:03 ----A---- C:\WINDOWS\system32\TURegOpt.exe
2009-11-03 22:52:02 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2009-11-03 22:51:41 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\TuneUp Software
2009-11-03 22:51:32 ----D---- C:\Programme\TuneUp Utilities 2010
2009-11-03 22:51:11 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
2009-11-03 22:51:07 ----SHD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2009-11-03 22:49:09 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\Macromedia
2009-11-03 22:49:09 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\Adobe
2009-11-03 22:45:48 ----D---- C:\Programme\DAEMON Tools Lite
2009-11-03 22:45:26 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\DAEMON Tools Lite
2009-11-03 22:45:23 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
2009-11-03 22:42:25 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\skypePM
2009-11-03 22:41:48 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\Skype
2009-11-03 22:41:28 ----D---- C:\Programme\Gemeinsame Dateien\Skype
2009-11-03 22:41:26 ----RD---- C:\Programme\Skype
2009-11-03 22:41:19 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
2009-11-03 22:36:22 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\Miranda Fusion
2009-11-03 22:36:16 ----D---- C:\Programme\MirandaFusion
2009-11-03 22:18:25 ----D---- C:\WINDOWS\ie8updates
2009-11-03 22:17:58 ----D---- C:\WINDOWS\WBEM
2009-11-03 22:16:23 ----HDC---- C:\WINDOWS\ie8
2009-11-03 22:15:13 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-03 22:09:40 ----D---- C:\WINDOWS\system32\XPSViewer
2009-11-03 22:09:36 ----D---- C:\Programme\MSBuild
2009-11-03 22:09:35 ----D---- C:\WINDOWS\system32\en-US
2009-11-03 22:09:27 ----D---- C:\Programme\Reference Assemblies
2009-11-03 22:09:00 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-11-03 22:09:00 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-11-03 22:08:59 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-11-03 22:08:20 ----RSD---- C:\WINDOWS\assembly
2009-11-03 22:07:50 ----D---- C:\WINDOWS\Microsoft.NET
2009-11-03 22:06:01 ----HDC---- C:\WINDOWS\$NtUninstallKB943729$
2009-11-03 22:05:54 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-11-03 22:05:53 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-11-03 22:05:31 ----D---- C:\Programme\Windows Media Connect 2
2009-11-03 22:03:59 ----D---- C:\WINDOWS\system32\LogFiles
2009-11-03 22:03:54 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-11-03 21:57:33 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage
2009-11-03 21:56:41 ----A---- C:\WINDOWS\system32\wups2.dll
2009-11-03 21:56:41 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2009-11-03 21:56:40 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-11-03 21:56:40 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-11-03 21:56:40 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-11-03 18:53:37 ----D---- C:\Programme\Windows Sidebar
2009-11-03 18:53:34 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton
2009-11-03 18:52:53 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NortonInstaller
2009-11-03 18:48:55 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\Mozilla
2009-11-03 18:48:11 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\WinRAR
2009-11-03 18:47:25 ----RD---- C:\Sandbox
2009-11-03 18:47:04 ----D---- C:\Programme\WinRAR
2009-11-03 18:46:52 ----A---- C:\WINDOWS\Sandboxie.ini
2009-11-03 18:46:43 ----D---- C:\Programme\Sandboxie
2009-11-03 18:45:20 ----D---- C:\Programme\Synaptics
2009-11-03 18:45:20 ----A---- C:\WINDOWS\system32\SynTPCo4.dll
2009-11-03 18:45:20 ----A---- C:\WINDOWS\system32\SynTPAPI.dll
2009-11-03 18:45:20 ----A---- C:\WINDOWS\system32\SynCtrl.dll
2009-11-03 18:45:20 ----A---- C:\WINDOWS\system32\SynCOM.dll
2009-11-03 18:44:19 ----D---- C:\WINDOWS\Options
2009-11-03 18:44:19 ----D---- C:\Programme\Atheros
2009-11-03 18:43:55 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\InstallShield
2009-11-03 18:43:55 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Atheros
2009-11-03 18:33:25 ----A---- C:\WINDOWS\system32\ChCfg.exe
2009-11-03 18:33:07 ----D---- C:\WINDOWS\system32\RTCOM
2009-11-03 18:33:06 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-11-03 18:33:02 ----A---- C:\WINDOWS\SoundMan.exe
2009-11-03 18:33:02 ----A---- C:\WINDOWS\SkyTel.exe
2009-11-03 18:33:02 ----A---- C:\WINDOWS\RtlUpd.exe
2009-11-03 18:33:01 ----A---- C:\WINDOWS\RTLCPL.exe
2009-11-03 18:33:00 ----D---- C:\Programme\Realtek
2009-11-03 18:33:00 ----A---- C:\WINDOWS\RTHDCPL.exe
2009-11-03 18:33:00 ----A---- C:\WINDOWS\MicCal.exe
2009-11-03 18:33:00 ----A---- C:\WINDOWS\alcwzrd.exe
2009-11-03 18:33:00 ----A---- C:\WINDOWS\Alcmtr.exe
2009-11-03 18:32:59 ----HD---- C:\Programme\InstallShield Installation Information
2009-11-03 18:32:58 ----A---- C:\WINDOWS\RtlExUpd.dll
2009-11-03 18:32:58 ----A---- C:\WINDOWS\HideWin.exe
2009-11-03 18:32:56 ----D---- C:\Programme\Gemeinsame Dateien\InstallShield
2009-11-03 18:31:24 ----A---- C:\WINDOWS\system32\igfxres.dll
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igxprd32.dll
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igxpgd32.dll
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igxpdx32.dll
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igxpdv32.dll
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igmedcompkrn.dll
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igklg450.dll
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igklg400.dll
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igfxzoom.exe
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igfxtray.exe
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igfxsrvc.exe
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igfxsrvc.dll
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igfxress.dll
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igfxpph.dll
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igfxpers.exe
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igfxext.exe
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igfxexps.dll
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igfxdo.dll
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igfxdev.dll
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igfxCoIn_v4885.dll
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\igfxcfg.exe
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\ig4icd32.dll
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\ig4dev32.dll
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\hkcmd.exe
2009-11-03 18:29:32 ----A---- C:\WINDOWS\system32\hccutils.dll
2009-11-03 18:29:29 ----D---- C:\WINDOWS\system32\Lang
2009-11-03 18:29:29 ----A---- C:\WINDOWS\system32\igxpun.exe
2009-11-03 18:29:29 ----A---- C:\WINDOWS\system32\difxapi.dll
2009-11-03 18:26:43 ----D---- C:\Programme\Mozilla Thunderbird
2009-11-03 18:24:02 ----D---- C:\Programme\Spybot - Search & Destroy
2009-11-03 18:24:02 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2009-11-03 18:23:22 ----D---- C:\Programme\Mozilla Firefox
2009-11-03 18:21:58 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-11-03 18:21:56 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-03 18:21:56 ----D---- C:\Programme\Intel
2009-11-03 18:21:47 ----D---- C:\Intel
2009-11-03 18:20:45 ----D---- C:\WINDOWS\pss
2009-11-03 18:16:21 ----D---- C:\Programme\xp-AntiSpy
2009-11-03 18:15:07 ----RASH---- C:\boot.ini
2009-11-03 18:13:42 ----SHD---- C:\RECYCLER
2009-11-03 18:13:36 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\Auslogics
2009-11-03 18:13:33 ----D---- C:\Programme\Auslogics
2009-11-03 18:10:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-03 18:10:54 ----RSD---- C:\WINDOWS\Fonts
2009-11-03 18:10:54 ----RD---- C:\WINDOWS\Web
2009-11-03 18:10:54 ----HD---- C:\WINDOWS\inf
2009-11-03 18:10:54 ----D---- C:\WINDOWS\WinSxS
2009-11-03 18:10:54 ----D---- C:\WINDOWS\twain_32
2009-11-03 18:10:54 ----D---- C:\WINDOWS\Temp
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\wins
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\wbem
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\usmt
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\spool
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\ShellExt
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\Setup
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\ras
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\oobe
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\npp
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\mui
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\Macromed
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\inetsrv
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\IME
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\icsxml
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\ias
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\export
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\drivers
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\dhcp
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\de-de
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\de
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\config
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\3com_dmi
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\3076
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\2052
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\1054
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\1042
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\1041
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\1037
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\1033
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\1031
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\1028
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32\1025
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system32
2009-11-03 18:10:54 ----D---- C:\WINDOWS\system
2009-11-03 18:10:54 ----D---- C:\WINDOWS\security
2009-11-03 18:10:54 ----D---- C:\WINDOWS\Resources
2009-11-03 18:10:54 ----D---- C:\WINDOWS\repair
2009-11-03 18:10:54 ----D---- C:\WINDOWS\Provisioning
2009-11-03 18:10:54 ----D---- C:\WINDOWS\PeerNet
2009-11-03 18:10:54 ----D---- C:\WINDOWS\pchealth
2009-11-03 18:10:54 ----D---- C:\WINDOWS\Network Diagnostic
2009-11-03 18:10:54 ----D---- C:\WINDOWS\mui
2009-11-03 18:10:54 ----D---- C:\WINDOWS\msapps
2009-11-03 18:10:54 ----D---- C:\WINDOWS\msagent
2009-11-03 18:10:54 ----D---- C:\WINDOWS\Media
2009-11-03 18:10:54 ----D---- C:\WINDOWS\L2Schemas
2009-11-03 18:10:54 ----D---- C:\WINDOWS\java
2009-11-03 18:10:54 ----D---- C:\WINDOWS\ime
2009-11-03 18:10:54 ----D---- C:\WINDOWS\Help
2009-11-03 18:10:54 ----D---- C:\WINDOWS\ehome
2009-11-03 18:10:54 ----D---- C:\WINDOWS\Driver Cache
2009-11-03 18:10:54 ----D---- C:\WINDOWS\Debug
2009-11-03 18:10:54 ----D---- C:\WINDOWS\Cursors
2009-11-03 18:10:54 ----D---- C:\WINDOWS\Connection Wizard
2009-11-03 18:10:54 ----D---- C:\WINDOWS\Config
2009-11-03 18:10:54 ----D---- C:\WINDOWS\AppPatch
2009-11-03 18:10:54 ----D---- C:\WINDOWS\addins
2009-11-03 18:10:54 ----D---- C:\WINDOWS
2009-11-03 18:00:38 ----D---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\Identities
2009-11-03 18:00:37 ----HD---- C:\Programme\Uninstall Information
2009-11-03 18:00:17 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-11-03 18:00:08 ----SD---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\Microsoft
2009-11-03 18:00:08 ----ASH---- C:\Dokumente und Einstellungen\FLO\Anwendungsdaten\desktop.ini
2009-11-03 17:58:21 ----D---- C:\WINDOWS\SoftwareDistribution
2009-11-03 17:58:19 ----SD---- C:\WINDOWS\system32\Microsoft
2009-11-03 17:58:19 ----D---- C:\WINDOWS\Prefetch
2009-11-03 17:58:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-03 17:26:52 ----D---- C:\WINDOWS\system32\xircom
2009-11-03 17:26:52 ----D---- C:\Programme\xerox
2009-11-03 17:26:52 ----D---- C:\Programme\microsoft frontpage
2009-11-03 17:26:23 ----D---- C:\WINDOWS\system32\PreInstall
2009-11-03 17:26:22 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-11-03 17:26:21 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-03 17:26:08 ----A---- C:\WINDOWS\control.ini
2009-11-03 17:26:08 ----A---- C:\AUTOEXEC.BAT
2009-11-03 17:25:58 ----A---- C:\WINDOWS\OEWABLog.txt
2009-11-03 17:25:53 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-11-03 17:25:05 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-11-03 17:25:05 ----RD---- C:\WINDOWS\Offline Web Pages
2009-11-03 17:25:05 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-11-03 17:25:00 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-11-03 17:24:55 ----HD---- C:\Programme\WindowsUpdate
2009-11-03 17:24:51 ----D---- C:\Programme\Online-Dienste
2009-11-03 17:24:33 ----D---- C:\WINDOWS\system32\DirectX
2009-11-03 17:24:26 ----A---- C:\WINDOWS\system32\atrace.dll
2009-11-03 17:24:23 ----A---- C:\WINDOWS\system32\desktop.ini
2009-11-03 17:24:23 ----A---- C:\WINDOWS\desktop.ini
2009-11-03 17:24:16 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-11-03 17:24:15 ----A---- C:\WINDOWS\system32\acctres.dll
2009-11-03 17:24:14 ----D---- C:\Programme\Gemeinsame Dateien\Dienste
2009-11-03 17:24:11 ----SD---- C:\WINDOWS\Tasks
2009-11-03 17:24:11 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-11-03 17:24:10 ----D---- C:\Programme\Gemeinsame Dateien\MSSoap
2009-11-03 17:24:06 ----D---- C:\WINDOWS\srchasst
2009-11-03 17:24:02 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-11-03 17:24:02 ----A---- C:\WINDOWS\system32\wups.dll
2009-11-03 17:24:02 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-11-03 17:24:02 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-11-03 17:24:02 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-11-03 17:24:02 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-11-03 17:24:01 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-11-03 17:24:01 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-11-03 17:24:01 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-11-03 17:24:01 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2009-11-03 17:24:01 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-11-03 17:24:01 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-11-03 17:24:01 -------- C:\WINDOWS\system32\wuauclt.exe
2009-11-03 17:24:01 -------- C:\WINDOWS\system32\qmgr.dll
2009-11-03 17:23:56 ----D---- C:\Programme\Movie Maker
2009-11-03 17:23:37 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-11-03 17:23:37 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-11-03 17:23:37 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-11-03 17:23:37 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-11-03 17:23:33 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-11-03 17:23:33 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-11-03 17:23:32 ----D---- C:\WINDOWS\system32\Restore
2009-11-03 17:23:32 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-11-03 17:23:32 ----A---- C:\WINDOWS\system32\srclient.dll
2009-11-03 17:23:32 -------- C:\WINDOWS\system32\srsvc.dll
2009-11-03 17:23:31 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-11-03 17:23:31 ----A---- C:\WINDOWS\system32\msconf.dll
2009-11-03 17:23:31 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-11-03 17:23:31 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-11-03 17:23:31 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-11-03 17:23:31 ----A---- C:\WINDOWS\system32\ils.dll
2009-11-03 17:23:28 ----D---- C:\Programme\NetMeeting
2009-11-03 17:23:28 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-11-03 17:23:28 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-11-03 17:23:26 ----A---- C:\WINDOWS\system32\inetres.dll
2009-11-03 17:23:26 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-11-03 17:23:24 ----D---- C:\Programme\Outlook Express
2009-11-03 17:23:24 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-11-03 17:23:24 ----A---- C:\WINDOWS\system32\mstask.dll
2009-11-03 17:23:24 -------- C:\WINDOWS\system32\schedsvc.dll
2009-11-03 17:23:23 ----A---- C:\WINDOWS\system32\isign32.dll
2009-11-03 17:23:23 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-11-03 17:23:23 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-11-03 17:23:23 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-11-03 17:23:17 ----D---- C:\Programme\Gemeinsame Dateien\System
2009-11-03 17:23:12 ----D---- C:\Programme\Internet Explorer
2009-11-03 17:22:32 ----D---- C:\Programme\ComPlus Applications
2009-11-03 17:22:30 ----A---- C:\WINDOWS\vbaddin.ini
2009-11-03 17:22:30 ----A---- C:\WINDOWS\vb.ini
2009-11-03 17:22:24 ----D---- C:\WINDOWS\Registration
2009-11-03 17:22:16 ----D---- C:\Programme\Windows Media Player
2009-11-03 17:22:16 ----D---- C:\Programme\Online Services
2009-11-03 17:22:09 ----D---- C:\Programme\Messenger
2009-11-03 17:22:05 ----D---- C:\Programme\MSN Gaming Zone
2009-11-03 17:22:05 ----A---- C:\WINDOWS\system32\write.exe
2009-11-03 17:21:55 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-11-03 17:21:55 ----A---- C:\WINDOWS\system32\hticons.dll
2009-11-03 17:21:55 ----A---- C:\WINDOWS\system32\avwav.dll
2009-11-03 17:21:55 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-11-03 17:21:55 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-11-03 17:21:54 ----A---- C:\WINDOWS\system32\winchat.exe
2009-11-03 17:21:47 ----A---- C:\WINDOWS\system32\getuname.dll
2009-11-03 17:21:46 ----A---- C:\WINDOWS\system32\winmine.exe
2009-11-03 17:21:46 ----A---- C:\WINDOWS\system32\sol.exe
2009-11-03 17:21:46 ----A---- C:\WINDOWS\system32\charmap.exe
2009-11-03 17:21:46 ----A---- C:\WINDOWS\system32\calc.exe
2009-11-03 17:21:45 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-11-03 17:21:45 ----A---- C:\WINDOWS\system32\tskill.exe
2009-11-03 17:21:45 ----A---- C:\WINDOWS\system32\reset.exe
2009-11-03 17:21:45 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-11-03 17:21:45 ----A---- C:\WINDOWS\system32\freecell.exe
2009-11-03 17:21:44 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-11-03 17:21:44 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-11-03 17:21:44 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-11-03 17:21:44 ----A---- C:\WINDOWS\system32\tscon.exe
2009-11-03 17:21:44 ----A---- C:\WINDOWS\system32\shadow.exe
2009-11-03 17:21:44 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-11-03 17:21:44 ----A---- C:\WINDOWS\system32\regini.exe
2009-11-03 17:21:44 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-11-03 17:21:44 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-11-03 17:21:44 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-11-03 17:21:44 ----A---- C:\WINDOWS\system32\msg.exe
2009-11-03 17:21:43 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-11-03 17:21:43 ----A---- C:\WINDOWS\system32\logoff.exe
2009-11-03 17:21:43 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-11-03 17:21:37 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-11-03 17:21:25 ----D---- C:\Programme\MSN
2009-11-03 17:21:24 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-11-03 17:21:23 ----D---- C:\Programme\Windows NT
2009-11-03 17:21:23 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-11-03 17:21:23 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-11-03 17:21:23 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-11-03 17:21:22 ----A---- C:\WINDOWS\system32\spider.exe
2009-11-03 17:21:22 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-11-03 17:21:22 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-11-03 17:21:21 ----A---- C:\WINDOWS\system32\tsgqec.dll
2009-11-03 17:21:21 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-11-03 17:21:21 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2009-11-03 17:21:20 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-11-03 17:21:20 ----A---- C:\WINDOWS\system32\aaclient.dll
2009-11-03 17:21:19 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-11-03 17:21:19 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-11-03 17:21:19 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-11-03 17:21:19 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-11-03 17:21:19 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-11-03 17:21:19 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-11-03 17:21:19 -------- C:\WINDOWS\system32\termsrv.dll
2009-11-03 17:21:18 ----D---- C:\WINDOWS\system32\MsDtc
2009-11-03 17:21:18 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-11-03 17:21:18 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-11-03 17:21:18 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-11-03 17:21:18 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-11-03 17:21:18 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-11-03 17:21:18 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-11-03 17:21:18 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-11-03 17:21:18 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-11-03 17:21:17 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-11-03 17:21:17 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-11-03 17:21:17 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-11-03 17:21:17 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-11-03 17:21:17 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-11-03 17:21:16 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-11-03 17:21:16 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-11-03 17:21:16 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-11-03 17:21:16 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-11-03 17:21:15 ----D---- C:\WINDOWS\system32\Com
2009-11-03 17:21:15 ----A---- C:\WINDOWS\system32\stclient.dll
2009-11-03 17:21:15 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-11-03 17:21:15 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-11-03 17:21:15 ----A---- C:\WINDOWS\system32\colbact.dll
2009-11-03 17:21:15 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-11-03 17:21:15 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-11-03 17:21:15 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-11-03 17:21:14 ----A---- C:\WINDOWS\system32\comuid.dll
2009-11-03 17:21:14 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-11-03 17:21:14 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-11-03 17:21:14 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-11-03 17:21:13 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-11-03 17:21:06 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-11-03 17:21:06 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-11-03 17:21:06 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-11-03 17:21:06 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-11-03 17:20:13 ----A---- C:\WINDOWS\system32\h323log.txt
2009-11-03 17:18:38 ----A---- C:\WINDOWS\system32\usbui.dll
2009-11-03 17:17:22 ----A---- C:\WINDOWS\imsins.BAK
2009-11-03 17:17:20 ----SHD---- C:\WINDOWS\Installer
2009-11-03 17:17:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-03 17:17:19 ----D---- C:\Programme\Gemeinsame Dateien\ODBC
2009-11-03 17:17:19 ----A---- C:\WINDOWS\ODBCINST.INI
2009-11-03 17:17:15 ----RD---- C:\Programme
2009-11-03 17:17:15 ----D---- C:\Programme\Gemeinsame Dateien\SpeechEngines
2009-11-03 17:17:15 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2009-11-03 17:17:15 ----D---- C:\Programme\Gemeinsame Dateien
2009-11-03 17:17:11 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-11-03 17:17:10 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-11-03 17:17:10 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-11-03 17:17:09 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-11-03 17:17:09 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-11-03 17:17:08 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-11-03 17:17:08 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-11-03 17:17:08 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-11-03 17:17:08 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-11-03 17:17:08 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-11-03 17:17:08 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-11-03 17:17:08 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-11-03 17:17:08 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-11-03 17:17:08 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-11-03 17:17:08 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-11-03 17:17:06 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-11-03 17:17:06 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-11-03 17:17:06 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-11-03 17:17:06 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-11-03 17:17:06 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-11-03 17:17:06 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-11-03 17:17:06 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-11-03 17:17:04 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-11-03 17:17:04 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-11-03 17:17:04 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-11-03 17:17:04 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-11-03 17:17:04 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-11-03 17:17:03 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-11-03 17:17:03 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-11-03 17:17:03 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-11-03 17:17:03 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-11-03 17:17:03 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-11-03 17:17:02 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-11-03 17:17:02 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-11-03 17:17:02 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-11-03 17:17:02 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-11-03 17:17:02 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-11-03 17:17:02 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-11-03 17:17:02 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-11-03 17:17:02 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-11-03 17:16:57 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-11-03 17:16:57 ----A---- C:\WINDOWS\system32\irclass.dll
2009-11-03 17:16:57 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-11-03 17:16:57 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-11-03 17:16:56 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-11-03 17:16:54 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-11-03 17:16:54 ----A---- C:\WINDOWS\system32\batt.dll
2009-11-03 17:16:54 -------- C:\WINDOWS\system32\CONFIG.TMP
2009-11-03 17:16:53 ----A---- C:\WINDOWS\system32\storprop.dll
2009-11-03 17:16:53 ----A---- C:\WINDOWS\NOTEPAD.EXE
2009-11-03 17:16:44 ----ASH---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini
2009-11-03 17:16:38 ----RA---- C:\WINDOWS\SET8.tmp
2009-11-03 17:16:36 ----RA---- C:\WINDOWS\SET4.tmp
2009-11-03 17:16:34 ----RA---- C:\WINDOWS\SET3.tmp
2009-11-03 17:16:30 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-03 17:16:30 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-03 17:16:24 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft
2009-11-03 17:16:00 ----D---- C:\Dokumente und Einstellungen
2009-11-03 17:15:59 ----SHD---- C:\System Volume Information
2009-10-13 18:22:08 ----A---- C:\WINDOWS\system32\nlite.cmd
2009-10-13 17:57:46 ----A---- C:\WINDOWS\system32\wmspdmod.dll
2009-10-13 17:57:44 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-10-13 17:57:39 ----A---- C:\WINDOWS\system32\msasn1.dll
2009-10-13 17:57:37 ----N---- C:\WINDOWS\system32\wininet.dll
2009-10-13 17:57:36 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-10-13 17:57:36 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-10-13 17:57:34 ----N---- C:\WINDOWS\system32\mshtml.dll
2009-10-13 17:57:17 ----A---- C:\WINDOWS\system32\strmdll.dll
2009-10-13 17:57:05 -------- C:\WINDOWS\system32\ntoskrnl.exe
2009-10-13 17:56:49 ----A---- C:\WINDOWS\system32\query.dll
2009-10-13 17:56:40 ----A---- C:\WINDOWS\system32\wmvcore.dll
2009-10-13 17:56:29 ----A---- C:\WINDOWS\system32\wmnetmgr.dll
2009-10-13 17:56:27 ----A---- C:\WINDOWS\system32\logagent.exe
2009-10-13 17:56:19 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-10-13 17:56:16 ----A---- C:\WINDOWS\system32\atl.dll
2009-10-13 17:55:23 ----A---- C:\WINDOWS\system32\jscript.dll
2009-10-13 17:55:18 ----A---- C:\WINDOWS\system32\wkssvc.dll
2009-10-13 17:55:15 ----A---- C:\WINDOWS\system32\quartz.dll
2009-10-13 17:55:06 ----A---- C:\WINDOWS\system32\avifil32.dll
2009-10-13 17:54:54 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2009-10-13 17:54:16 ----A---- C:\WINDOWS\system32\wdigest.dll
2009-10-13 17:54:16 ----A---- C:\WINDOWS\system32\secur32.dll
2009-10-13 17:54:15 ----A---- C:\WINDOWS\system32\schannel.dll
2009-10-13 17:54:13 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-10-13 17:54:11 ----A---- C:\WINDOWS\system32\kerberos.dll
2009-10-13 17:54:04 ----A---- C:\WINDOWS\system32\shell32.dll
2009-10-13 17:53:11 ----A---- C:\WINDOWS\system32\localspl.dll
2009-10-13 17:53:06 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-10-13 17:53:05 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-10-13 17:53:00 ----A---- C:\WINDOWS\system32\tlntsess.exe
2009-10-13 17:52:56 ----A---- C:\WINDOWS\system32\winhttp.dll
2009-10-13 17:52:51 -------- C:\WINDOWS\system32\kernel32.dll
2009-10-13 17:52:39 ----A---- C:\WINDOWS\system32\netapi32.dll
2009-10-13 17:52:08 ----A---- C:\WINDOWS\system32\gdi32.dll
2009-10-13 17:51:37 -------- C:\WINDOWS\system32\services.exe
2009-10-13 17:51:36 ----A---- C:\WINDOWS\system32\sc.exe
2009-10-13 17:51:36 -------- C:\WINDOWS\system32\rpcss.dll
2009-10-13 17:51:35 ----A---- C:\WINDOWS\system32\pdh.dll
2009-10-13 17:51:16 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-10-13 17:50:51 ----A---- C:\WINDOWS\system32\msxml3.dll
2009-10-13 17:50:41 ----A---- C:\WINDOWS\system32\msxml6.dll
2009-10-13 17:50:24 ----A---- C:\WINDOWS\system32\mscms.dll
2009-10-13 17:50:14 ----A---- C:\WINDOWS\system32\mtxclu.dll
2009-10-13 17:50:01 ----A---- C:\WINDOWS\system32\wshext.dll
2009-10-13 17:50:01 ----A---- C:\WINDOWS\system32\wscript.exe
2009-10-13 17:49:59 ----A---- C:\WINDOWS\system32\vbscript.dll
2009-10-13 17:49:50 ----A---- C:\WINDOWS\system32\scrrun.dll
2009-10-13 17:49:49 ----A---- C:\WINDOWS\system32\scrobj.dll
2009-10-13 17:49:47 ----A---- C:\WINDOWS\system32\cscript.exe
2009-10-13 17:49:38 -------- C:\WINDOWS\system32\mswsock.dll
2009-10-13 17:49:37 ----A---- C:\WINDOWS\system32\dnsapi.dll
2009-10-13 17:43:11 -------- C:\WINDOWS\system32\es.dll

======List of files/folders modified in the last 1 months======

2009-11-06 18:49:30 ----A---- C:\WINDOWS\system32\ctfmon.exe
2009-11-06 16:32:10 ----N---- C:\WINDOWS\system.ini
2009-11-03 22:05:40 ----N---- C:\WINDOWS\win.ini
2009-10-13 18:05:37 ----A---- C:\WINDOWS\system32\wzcsvc.dll
2009-10-13 18:05:37 ----A---- C:\WINDOWS\system32\wzcsapi.dll
2009-10-13 18:05:37 ----A---- C:\WINDOWS\system32\pjlmon.dll
2009-10-13 18:05:37 ----A---- C:\WINDOWS\system32\pid.dll
2009-10-13 18:05:37 ----A---- C:\WINDOWS\system32\msyuv.dll
2009-10-13 18:05:37 ----A---- C:\WINDOWS\system32\iyuv_32.dll
2009-10-13 18:05:37 ----A---- C:\WINDOWS\system32\hid.dll
2009-10-13 18:05:37 ----A---- C:\WINDOWS\system32\dmutil.dll
2009-10-13 18:05:37 ----A---- C:\WINDOWS\system32\cnbjmon.dll
2009-10-13 18:05:37 -------- C:\WINDOWS\system32\ntkrnlpa.exe
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\wowfaxui.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\wowfax.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\usrvpa.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\usrvoica.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\usrv80a.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\usrv42a.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\usrsvpia.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\usrshuta.exe
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\usrsdpia.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\usrrtosa.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\usrprbda.exe
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\usrmlnka.exe
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\usrlbva.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\usrfaxa.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\usrdtea.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\usrdpa.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\usrcoina.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\usrcntra.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\tsbyuv.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\streamci.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\sprio800.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\sprio600.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\spnike.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\paqsp.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\mdwmdmsp.dll
2009-10-13 18:04:25 ----A---- C:\WINDOWS\system32\dvdplay.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 GRD;G Data Rootkit Detector Driver; \??\C:\WINDOWS\system32\drivers\GRD.sys []
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 WmiAcpi;Microsoft Windows-Verwaltungsschnittstelle für ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 GDTdiInterceptor;GDTdiInterceptor; \??\C:\WINDOWS\system32\drivers\GDTdiIcpt.sys []
R3 afcdp;afcdp; C:\WINDOWS\system32\DRIVERS\afcdp.sys [2009-11-07 159168]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2009-09-30 1585728]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2009-11-03 161792]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GDMnIcpt;GDMnIcpt; \??\C:\WINDOWS\system32\drivers\MiniIcpt.sys []
R3 GearAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\drivers\GEARAspiWDM.sys [2008-02-22 16168]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HookCentre;HookCentre; \??\C:\WINDOWS\system32\drivers\HookCentre.sys []
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-11-03 5851488]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-11-03 4419584]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-10-13 12288]
R3 SymantecAntiBotDriver;SymantecAntiBotDriver; \??\C:\Programme\Symantec\Norton AntiBot\agent\driver\AntiBotDriver.sys []
R3 SymantecAntiBotFilter;SymantecAntiBotFilter; \??\C:\Programme\Symantec\Norton AntiBot\agent\driver\AntiBotFilter.sys []
R3 SymantecAntiBotShim;SymantecAntiBotShim; \??\C:\Programme\Symantec\Norton AntiBot\agent\driver\AntiBotShim.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2009-11-03 215904]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys []
S3 ajon5qem;ajon5qem; C:\WINDOWS\system32\drivers\ajon5qem.sys []
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-07-26 547904]
S3 catchme;catchme; \??\C:\DOKUME~1\FLO\LOKALE~1\Temp\catchme.sys []
S3 SbieDrv;SbieDrv; \??\C:\Programme\Sandboxie\SbieDrv.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Filtertreiber für Systemwiederherstellung; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe [2009-09-12 660936]
R2 afcdpsrv;Acronis Nonstop Backup service; C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe [2009-11-07 2326920]
R2 AVKProxy;G DATA AntiVirus Proxy; C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe [2009-10-23 1126472]
R2 AVKService;G Data Scheduler; C:\Programme\G Data\AntiVirus\AVK\AVKService.exe [2009-08-08 397896]
R2 AVKWCtl;G Data Dateisystem Wächter; C:\Programme\G Data\AntiVirus\AVK\AVKWCtl.exe [2009-10-21 1241688]
R2 postgresql-8.4;PostgreSQL Server 8.4; D:/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D D:/PostgreSQL/8.4/data -w []
R2 SymantecAntiBotAgent;SymantecAntiBotAgent; C:\Programme\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe [2008-09-08 4910104]
R2 SymantecAntiBotWatcher;SymantecAntiBotWatcher; C:\Programme\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe [2008-09-08 539160]
R3 GDScan;G Data Scanner; C:\Programme\Gemeinsame Dateien\G DATA\GDScan\GDScan.exe [2009-07-27 300616]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SbieSvc;Sandboxie Service; C:\Programme\Sandboxie\SbieSvc.exe [2009-09-30 65024]

-----------------EOF-----------------
0v3rK!LL
Regular Member
 
Posts: 17
Joined: November 4th, 2009, 3:10 pm

Re: windefence32?! hijacked browser...need help

Unread postby Dakeyras » November 8th, 2009, 8:00 am

Hi. :)

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete this File (if present):

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

When completed the above, please post back the following:

  • How is you computer performing now? Any problems encountered and or any further symptoms?
  • ESET Log.
  • A new RSIT Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: windefence32?! hijacked browser...need help

Unread postby 0v3rK!LL » November 8th, 2009, 10:20 am

hi!
thanks!

will do it all now. I was wondering if I also had to disable norton antibot while doing the online scan. and why at all do I have to do these further steps - did you recognize any further suspicious files/entries in my logs or is this a security precaution? will post my logs soon.
0v3rK!LL
Regular Member
 
Posts: 17
Joined: November 4th, 2009, 3:10 pm

Re: windefence32?! hijacked browser...need help

Unread postby Dakeyras » November 8th, 2009, 10:48 am

Hi. :)

I do not think you will need to disable NortonAntiBot.

Malwarebytes' Anti-Malware did remove one infection in the guise of a dat file(actually a generic Data file). Which would have been used by the back-door Trojan infection Bifrose as either a launch vector and or a means to re-infect a system.

The reason for these further steps is so I can ascertain if your computer is still compromised or not.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: windefence32?! hijacked browser...need help

Unread postby 0v3rK!LL » November 8th, 2009, 11:05 am

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=52a6773fe437c248a5a497fa6d2d0576
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-11-08 03:01:09
# local_time=2009-11-08 03:01:09 (+0000, GMT-Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 46460 46460 0 0
# compatibility_mode=4096 16777191 100 0 157644 157644 0 0
# compatibility_mode=8192 67108863 100 0 3827 3827 0 0
# compatibility_mode=9217 16777214 0 9 85716 85716 0 0
# scanned=55615
# found=0
# cleaned=0
# scan_time=2021
0v3rK!LL
Regular Member
 
Posts: 17
Joined: November 4th, 2009, 3:10 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 58 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware