hi,

meine mom hat seit gestern morgen kein zugriff mehr ins internet über jeglichen explorer..

ICQ oder MSN funktioniert alles normal.. jedoch kommt sie über diverse explorer auf keine seite mehr obwohl eine normale internetverbindung besteht..

sie hat einen msi laptop und win vista drauf..

firewall und antivir mal ausgeschaltet und probiert funktioniert aber alles auch nicht..

hab versucht über meinen rechner im internet nach einer lösung zu suchen aber hat mir alles nicht wirklich viel gebracht..

bin selber kein fachmann.. hoffe deshalb auf diesem wege eine lösung zu finden..

vielen dank im vorraus


lg

Hallo und

Probiert mal das aus:

Bitte diese Liste beachten und abarbeiten. Beim Scan mit MalwareBytes auch alle externen Speicher (ext. Platten, USB-Sticks, ... mit anklemmen!! )

Falls Du Probleme mit Malwarebytes hast (startet nicht, Updates laden nicht etc.), das hier beachten > http://www.trojaner-board.de/82699-m...tet-nicht.html

Wichtig für Benutzer mit Windows Vista und Windows 7: Bitte alle Tools per Rechtsklick => Als Admin ausführen!

Falls RSIT nicht startet: im Kompatibilitätsmodus ausführen (Rechtsklick auf RSIT.exe, Reiter Kompatibilität) => Windows XP einstellen und ausführen

Die Logfiles kannst Du zB alle in eine Datei zippen und auf File-Upload.net hochladen und hier verlinken, denn 1. sind manche Logfiles fürs Board nämlich zu groß und 2. kann ich mit einem Klick mir gleich alle auf einmal runterladen.

also hab alles ausgeführt...

malware hat nichts gefunden..

den log von RSIT stell ich rein..

Logfile of random's system information tool 1.06 (written by random/random)
Run by Mona at 2010-04-02 21:15:53
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 5 GB (11%) free of 45 GB
Total RAM: 3070 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:15:57, on 02.04.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
E:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mona.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Help poke] "C:\ProgramData\complicenselicense.n23zb"
O4 - HKCU\..\Run: [comp view eggs idol] "C:\ProgramData\beep once keep.twnlrpb"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7741 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO - C:\Program Files\IEPro\iepro.dll [2009-09-02 777392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC7E636D-39AA-49b6-B511-65413DA137A1}]
IE Developer Toolbar BHO - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll [2007-03-01 623992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-20 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-02 61440]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-09-09 6281760]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2008-06-11 1454080]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2007-09-29 75136]
"MGSysCtrl"=C:\Program Files\System Control Manager\MGSysCtrl.exe [2008-10-09 561152]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]
"Skytel"=C:\Windows\Skytel.exe [2008-09-09 1833504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-03-30 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-10 1233920]
"Help poke"=C:\ProgramData\complicenselicense.n23zb [2010-01-30 106512]
"comp view eggs idol"=C:\ProgramData\beep once keep.twnlrpb [2009-11-14 344080]
"Messenger (Yahoo!)"=C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe [2009-11-10 5244216]
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\IEPro\MiniDM.exe"="C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53a9b722-d157-11de-91ba-806e6f6e6963}]
shell\AutoRun\command - F:\Setup_10FunGames2.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56bcf163-d750-11de-b330-00242161fc87}]
shell\AutoRun\command - E:\pushinst.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ad8b69a-3a57-11df-9beb-00242161fc87}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ad8b6a4-3a57-11df-9beb-00242161fc87}]
shell\AutoRun\command - G:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2010-04-02 21:15:53 ----D---- C:\rsit
2010-04-02 20:16:11 ----D---- C:\Users\Mona\AppData\Roaming\Malwarebytes
2010-04-02 20:16:02 ----D---- C:\ProgramData\Malwarebytes
2010-04-02 20:16:01 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-02 17:44:47 ----D---- C:\ProgramData\Avira
2010-03-31 05:45:43 ----D---- C:\Program Files\Windows Portable Devices
2010-03-31 03:42:07 ----A---- C:\Windows\system32\UIAnimation.dll
2010-03-31 03:42:06 ----A---- C:\Windows\system32\UIRibbonRes.dll
2010-03-31 03:42:06 ----A---- C:\Windows\system32\UIRibbon.dll
2010-03-31 03:41:36 ----A---- C:\Windows\system32\WMPhoto.dll
2010-03-31 03:41:36 ----A---- C:\Windows\system32\cdd.dll
2010-03-31 03:41:34 ----A---- C:\Windows\system32\XpsRasterService.dll
2010-03-31 03:41:34 ----A---- C:\Windows\system32\XpsPrint.dll
2010-03-31 03:41:34 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2010-03-31 03:41:34 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2010-03-31 03:41:34 ----A---- C:\Windows\system32\WindowsCodecs.dll
2010-03-31 03:41:34 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2010-03-31 03:41:34 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2010-03-31 03:41:34 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2010-03-31 03:41:34 ----A---- C:\Windows\system32\dxdiagn.dll
2010-03-31 03:41:34 ----A---- C:\Windows\system32\dxdiag.exe
2010-03-31 03:41:34 ----A---- C:\Windows\system32\d3d10warp.dll
2010-03-31 03:41:34 ----A---- C:\Windows\system32\d2d1.dll
2010-03-31 03:41:33 ----A---- C:\Windows\system32\xpsservices.dll
2010-03-31 03:41:33 ----A---- C:\Windows\system32\OpcServices.dll
2010-03-31 03:41:33 ----A---- C:\Windows\system32\FntCache.dll
2010-03-31 03:41:33 ----A---- C:\Windows\system32\dxgi.dll
2010-03-31 03:41:33 ----A---- C:\Windows\system32\DWrite.dll
2010-03-31 03:41:33 ----A---- C:\Windows\system32\d3d11.dll
2010-03-31 03:41:33 ----A---- C:\Windows\system32\d3d10level9.dll
2010-03-31 03:41:33 ----A---- C:\Windows\system32\d3d10core.dll
2010-03-31 03:41:33 ----A---- C:\Windows\system32\d3d10_1core.dll
2010-03-31 03:41:33 ----A---- C:\Windows\system32\d3d10_1.dll
2010-03-31 03:41:33 ----A---- C:\Windows\system32\d3d10.dll
2010-03-31 03:41:03 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2010-03-31 03:41:03 ----A---- C:\Windows\system32\wpdbusenum.dll
2010-03-31 03:41:03 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2010-03-31 03:41:00 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2010-03-31 03:40:58 ----A---- C:\Windows\system32\wpdshext.dll
2010-03-31 03:40:58 ----A---- C:\Windows\system32\WpdMtpUS.dll
2010-03-31 03:40:58 ----A---- C:\Windows\system32\WpdConns.dll
2010-03-31 03:40:58 ----A---- C:\Windows\system32\wpd_ci.dll
2010-03-31 03:40:57 ----A---- C:\Windows\system32\WPDSp.dll
2010-03-31 03:40:57 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2010-03-31 03:40:57 ----A---- C:\Windows\system32\WpdMtp.dll
2010-03-31 03:40:57 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2010-03-31 03:40:57 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2010-03-31 03:40:57 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2010-03-31 03:40:57 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2010-03-31 03:40:01 ----A---- C:\Windows\system32\UIAutomationCore.dll
2010-03-31 03:40:01 ----A---- C:\Windows\system32\oleaccrc.dll
2010-03-31 03:40:01 ----A---- C:\Windows\system32\oleacc.dll
2010-03-31 02:22:00 ----D---- C:\Program Files\Microsoft Silverlight
2010-03-31 01:45:28 ----A---- C:\Windows\system32\mshtml.dll
2010-03-31 01:45:27 ----A---- C:\Windows\system32\wininet.dll
2010-03-31 01:45:26 ----A---- C:\Windows\system32\urlmon.dll
2010-03-31 01:45:24 ----A---- C:\Windows\system32\ieframe.dll
2010-03-31 01:45:21 ----A---- C:\Windows\system32\mshtmled.dll
2010-03-31 01:45:21 ----A---- C:\Windows\system32\ieui.dll
2010-03-31 01:45:19 ----A---- C:\Windows\system32\iepeers.dll
2010-03-31 01:45:18 ----A---- C:\Windows\system32\ieencode.dll
2010-03-31 01:45:16 ----A---- C:\Windows\system32\ieapfltr.dll
2010-03-31 01:43:46 ----A---- C:\Windows\system32\gameux.dll
2010-03-31 01:43:45 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-03-31 01:43:44 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-03-30 20:36:14 ----D---- C:\Windows\system32\eu-ES
2010-03-30 20:36:14 ----D---- C:\Windows\system32\ca-ES
2010-03-30 20:36:13 ----D---- C:\Windows\system32\vi-VN
2010-03-30 20:32:40 ----D---- C:\Windows\system32\SPReview
2010-03-30 20:25:21 ----A---- C:\Windows\system32\scavenge.dll
2010-03-30 20:25:11 ----A---- C:\Windows\system32\compcln.exe
2010-03-30 20:24:40 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2010-03-30 20:24:40 ----A---- C:\Windows\system32\SearchIndexer.exe
2010-03-30 20:24:40 ----A---- C:\Windows\system32\SearchFilterHost.exe
2010-03-30 20:24:40 ----A---- C:\Windows\system32\sdohlp.dll
2010-03-30 20:24:40 ----A---- C:\Windows\system32\sdclt.exe
2010-03-30 20:24:40 ----A---- C:\Windows\system32\samlib.dll
2010-03-30 20:24:40 ----A---- C:\Windows\system32\rtutils.dll
2010-03-30 20:24:40 ----A---- C:\Windows\system32\rtffilt.dll
2010-03-30 20:24:40 ----A---- C:\Windows\system32\rsaenh.dll
2010-03-30 20:24:39 ----A---- C:\Windows\system32\scrrun.dll
2010-03-30 20:24:39 ----A---- C:\Windows\system32\scksp.dll
2010-03-30 20:24:39 ----A---- C:\Windows\system32\schedsvc.dll
2010-03-30 20:24:39 ----A---- C:\Windows\system32\SCardSvr.dll
2010-03-30 20:24:39 ----A---- C:\Windows\system32\scansetting.dll
2010-03-30 20:24:39 ----A---- C:\Windows\system32\samsrv.dll
2010-03-30 20:24:39 ----A---- C:\Windows\system32\rpcss.dll
2010-03-30 20:24:39 ----A---- C:\Windows\system32\rpchttp.dll
2010-03-30 20:24:39 ----A---- C:\Windows\system32\riched20.dll
2010-03-30 20:24:38 ----A---- C:\Windows\system32\scrobj.dll
2010-03-30 20:24:38 ----A---- C:\Windows\system32\scesrv.dll
2010-03-30 20:24:38 ----A---- C:\Windows\system32\scecli.dll
2010-03-30 20:24:37 ----A---- C:\Windows\system32\perfdisk.dll
2010-03-30 20:24:37 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2010-03-30 20:24:37 ----A---- C:\Windows\system32\pdh.dll
2010-03-30 20:24:36 ----A---- C:\Windows\system32\PNPXAssoc.dll
2010-03-30 20:24:36 ----A---- C:\Windows\system32\PnPutil.exe
2010-03-30 20:24:36 ----A---- C:\Windows\system32\PnPUnattend.exe
2010-03-30 20:24:36 ----A---- C:\Windows\system32\pnidui.dll
2010-03-30 20:24:36 ----A---- C:\Windows\system32\pcaui.dll
2010-03-30 20:24:36 ----A---- C:\Windows\system32\p2psvc.dll
2010-03-30 20:24:36 ----A---- C:\Windows\system32\P2PGraph.dll
2010-03-30 20:24:35 ----A---- C:\Windows\system32\powercpl.dll
2010-03-30 20:24:35 ----A---- C:\Windows\system32\pnpui.dll
2010-03-30 20:24:35 ----A---- C:\Windows\system32\pnpsetup.dll
2010-03-30 20:24:35 ----A---- C:\Windows\system32\PkgMgr.exe
2010-03-30 20:24:35 ----A---- C:\Windows\system32\pidgenx.dll
2010-03-30 20:24:35 ----A---- C:\Windows\system32\photowiz.dll
2010-03-30 20:24:35 ----A---- C:\Windows\system32\nslookup.exe
2010-03-30 20:24:34 ----A---- C:\Windows\system32\offfilt.dll
2010-03-30 20:24:34 ----A---- C:\Windows\system32\ntdll.dll
2010-03-30 20:24:34 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2010-03-30 20:24:34 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2010-03-30 20:24:34 ----A---- C:\Windows\system32\nlhtml.dll
2010-03-30 20:24:33 ----A---- C:\Windows\system32\rastapi.dll
2010-03-30 20:24:33 ----A---- C:\Windows\system32\rasppp.dll
2010-03-30 20:24:33 ----A---- C:\Windows\system32\rasplap.dll
2010-03-30 20:24:33 ----A---- C:\Windows\system32\rasmontr.dll
2010-03-30 20:24:33 ----A---- C:\Windows\system32\rasmans.dll
2010-03-30 20:24:33 ----A---- C:\Windows\system32\rasgcw.dll
2010-03-30 20:24:33 ----A---- C:\Windows\system32\rasdlg.dll
2010-03-30 20:24:33 ----A---- C:\Windows\system32\rasdial.exe
2010-03-30 20:24:33 ----A---- C:\Windows\system32\rasdiag.dll
2010-03-30 20:24:33 ----A---- C:\Windows\system32\raschap.dll
2010-03-30 20:24:33 ----A---- C:\Windows\system32\rasapi32.dll
2010-03-30 20:24:33 ----A---- C:\Windows\system32\osk.exe
2010-03-30 20:24:33 ----A---- C:\Windows\system32\oobefldr.dll
2010-03-30 20:24:33 ----A---- C:\Windows\system32\onex.dll
2010-03-30 20:24:33 ----A---- C:\Windows\system32\olepro32.dll
2010-03-30 20:24:33 ----A---- C:\Windows\system32\oleprn.dll
2010-03-30 20:24:33 ----A---- C:\Windows\system32\oleaut32.dll
2010-03-30 20:24:33 ----A---- C:\Windows\system32\ole32.dll
2010-03-30 20:24:33 ----A---- C:\Windows\system32\odbccp32.dll
2010-03-30 20:24:33 ----A---- C:\Windows\system32\odbcconf.dll
2010-03-30 20:24:33 ----A---- C:\Windows\system32\odbc32.dll
2010-03-30 20:24:33 ----A---- C:\Windows\system32\ocsetup.exe
2010-03-30 20:24:33 ----A---- C:\Windows\system32\occache.dll
2010-03-30 20:24:33 ----A---- C:\Windows\system32\ntprint.dll
2010-03-30 20:24:33 ----A---- C:\Windows\system32\ntmarta.dll
2010-03-30 20:24:32 ----A---- C:\Windows\system32\RelMon.dll
2010-03-30 20:24:32 ----A---- C:\Windows\system32\rekeywiz.exe
2010-03-30 20:24:32 ----A---- C:\Windows\system32\regsvc.dll
2010-03-30 20:24:32 ----A---- C:\Windows\system32\regapi.dll
2010-03-30 20:24:32 ----A---- C:\Windows\system32\reg.exe
2010-03-30 20:24:32 ----A---- C:\Windows\system32\rdpwsx.dll
2010-03-30 20:24:32 ----A---- C:\Windows\system32\rdpencom.dll
2010-03-30 20:24:32 ----A---- C:\Windows\system32\RacEngn.dll
2010-03-30 20:24:32 ----A---- C:\Windows\system32\Query.dll
2010-03-30 20:24:32 ----A---- C:\Windows\system32\qmgr.dll
2010-03-30 20:24:32 ----A---- C:\Windows\system32\qedit.dll
2010-03-30 20:24:32 ----A---- C:\Windows\system32\prnntfy.dll
2010-03-30 20:24:32 ----A---- C:\Windows\system32\printui.dll
2010-03-30 20:24:32 ----A---- C:\Windows\system32\PresentationSettings.exe
2010-03-30 20:24:32 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2010-03-30 20:24:32 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-03-30 20:24:32 ----A---- C:\Windows\system32\PresentationHost.exe
2010-03-30 20:24:31 ----A---- C:\Windows\system32\qdvd.dll
2010-03-30 20:24:31 ----A---- C:\Windows\system32\QAGENTRT.DLL
2010-03-30 20:24:31 ----A---- C:\Windows\system32\puiapi.dll
2010-03-30 20:24:31 ----A---- C:\Windows\system32\psisdecd.dll
2010-03-30 20:24:31 ----A---- C:\Windows\system32\PSHED.DLL
2010-03-30 20:24:31 ----A---- C:\Windows\system32\propsys.dll
2010-03-30 20:24:31 ----A---- C:\Windows\system32\propdefs.dll
2010-03-30 20:24:31 ----A---- C:\Windows\system32\profsvc.dll
2010-03-30 20:24:31 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-03-30 20:24:31 ----A---- C:\Windows\system32\powrprof.dll
2010-03-30 20:24:28 ----A---- C:\Windows\system32\shlwapi.dll
2010-03-30 20:24:28 ----A---- C:\Windows\system32\shell32.dll
2010-03-30 20:24:28 ----A---- C:\Windows\system32\shdocvw.dll
2010-03-30 20:24:28 ----A---- C:\Windows\system32\setupapi.dll
2010-03-30 20:24:28 ----A---- C:\Windows\system32\sethc.exe
2010-03-30 20:24:28 ----A---- C:\Windows\system32\services.exe
2010-03-30 20:24:28 ----A---- C:\Windows\system32\sendmail.dll
2010-03-30 20:24:24 ----A---- C:\Windows\system32\eapphost.dll
2010-03-30 20:24:24 ----A---- C:\Windows\system32\eappgnui.dll
2010-03-30 20:24:23 ----A---- C:\Windows\system32\ExplorerFrame.dll
2010-03-30 20:24:23 ----A---- C:\Windows\system32\evr.dll
2010-03-30 20:24:23 ----A---- C:\Windows\system32\eudcedit.exe
2010-03-30 20:24:23 ----A---- C:\Windows\system32\EhStorAPI.dll
2010-03-30 20:24:23 ----A---- C:\Windows\system32\eappcfg.dll
2010-03-30 20:24:23 ----A---- C:\Windows\system32\eapp3hst.dll
2010-03-30 20:24:23 ----A---- C:\Windows\system32\dwm.exe
2010-03-30 20:24:23 ----A---- C:\Windows\system32\dsprop.dll
2010-03-30 20:24:23 ----A---- C:\Windows\system32\dsound.dll
2010-03-30 20:24:22 ----A---- C:\Windows\system32\f3ahvoas.dll
2010-03-30 20:24:22 ----A---- C:\Windows\system32\extmgr.dll
2010-03-30 20:24:22 ----A---- C:\Windows\system32\esent.dll
2010-03-30 20:24:22 ----A---- C:\Windows\system32\es.dll
2010-03-30 20:24:22 ----A---- C:\Windows\system32\EncDec.dll
2010-03-30 20:24:22 ----A---- C:\Windows\system32\emdmgmt.dll
2010-03-30 20:24:22 ----A---- C:\Windows\system32\EhStorShell.dll
2010-03-30 20:24:22 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2010-03-30 20:24:22 ----A---- C:\Windows\system32\EhStorAuthn.dll
2010-03-30 20:24:22 ----A---- C:\Windows\system32\diskraid.exe
2010-03-30 20:24:22 ----A---- C:\Windows\system32\diskpart.exe
2010-03-30 20:24:22 ----A---- C:\Windows\system32\dimsroam.dll
2010-03-30 20:24:22 ----A---- C:\Windows\system32\diagperf.dll
2010-03-30 20:24:22 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2010-03-30 20:24:22 ----A---- C:\Windows\system32\dfsr.exe
2010-03-30 20:24:22 ----A---- C:\Windows\system32\dfshim.dll
2010-03-30 20:24:22 ----A---- C:\Windows\explorer.exe
2010-03-30 20:24:21 ----A---- C:\Windows\system32\hbaapi.dll
2010-03-30 20:24:21 ----A---- C:\Windows\system32\gpresult.exe
2010-03-30 20:24:21 ----A---- C:\Windows\system32\drvstore.dll
2010-03-30 20:24:21 ----A---- C:\Windows\system32\drvinst.exe
2010-03-30 20:24:21 ----A---- C:\Windows\system32\drmv2clt.dll
2010-03-30 20:24:21 ----A---- C:\Windows\system32\drmmgrtn.dll
2010-03-30 20:24:21 ----A---- C:\Windows\system32\dpapimig.exe
2010-03-30 20:24:21 ----A---- C:\Windows\system32\dot3svc.dll
2010-03-30 20:24:21 ----A---- C:\Windows\system32\dot3msm.dll
2010-03-30 20:24:21 ----A---- C:\Windows\system32\dot3cfg.dll
2010-03-30 20:24:21 ----A---- C:\Windows\system32\dnsrslvr.dll
2010-03-30 20:24:21 ----A---- C:\Windows\system32\dnsapi.dll
2010-03-30 20:24:21 ----A---- C:\Windows\system32\dmusic.dll
2010-03-30 20:24:21 ----A---- C:\Windows\system32\dmsynth.dll
2010-03-30 20:24:21 ----A---- C:\Windows\system32\dhcpcsvc.dll
2010-03-30 20:24:21 ----A---- C:\Windows\system32\devmgr.dll
2010-03-30 20:24:20 ----A---- C:\Windows\system32\iasnap.dll
2010-03-30 20:24:20 ----A---- C:\Windows\system32\IasMigReader.exe
2010-03-30 20:24:20 ----A---- C:\Windows\system32\IasMigPlugin.dll
2010-03-30 20:24:20 ----A---- C:\Windows\system32\iashlpr.dll
2010-03-30 20:24:20 ----A---- C:\Windows\system32\iasdatastore.dll
2010-03-30 20:24:20 ----A---- C:\Windows\system32\iasads.dll
2010-03-30 20:24:20 ----A---- C:\Windows\system32\iasacct.dll
2010-03-30 20:24:20 ----A---- C:\Windows\system32\hidserv.dll
2010-03-30 20:24:20 ----A---- C:\Windows\system32\hdwwiz.exe
2010-03-30 20:24:20 ----A---- C:\Windows\system32\gpupdate.exe
2010-03-30 20:24:20 ----A---- C:\Windows\system32\gpsvc.dll
2010-03-30 20:24:20 ----A---- C:\Windows\system32\fontext.dll
2010-03-30 20:24:19 ----A---- C:\Windows\system32\findstr.exe
2010-03-30 20:24:19 ----A---- C:\Windows\system32\fc.exe
2010-03-30 20:24:19 ----A---- C:\Windows\system32\Faultrep.dll
2010-03-30 20:24:18 ----A---- C:\Windows\system32\gpedit.dll
2010-03-30 20:24:18 ----A---- C:\Windows\system32\gpapi.dll
2010-03-30 20:24:18 ----A---- C:\Windows\system32\gdi32.dll
2010-03-30 20:24:18 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2010-03-30 20:24:18 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2010-03-30 20:24:18 ----A---- C:\Windows\system32\fundisc.dll
2010-03-30 20:24:18 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2010-03-30 20:24:18 ----A---- C:\Windows\system32\ftp.exe
2010-03-30 20:24:18 ----A---- C:\Windows\system32\feclient.dll
2010-03-30 20:24:18 ----A---- C:\Windows\system32\fdWSD.dll
2010-03-30 20:24:18 ----A---- C:\Windows\system32\fdWCN.dll
2010-03-30 20:24:18 ----A---- C:\Windows\system32\fdSSDP.dll
2010-03-30 20:24:18 ----A---- C:\Windows\system32\fdProxy.dll
2010-03-30 20:24:18 ----A---- C:\Windows\system32\fdeploy.dll
2010-03-30 20:24:18 ----A---- C:\Windows\system32\fdBthProxy.dll
2010-03-30 20:24:18 ----A---- C:\Windows\system32\fdBth.dll
2010-03-30 20:24:18 ----A---- C:\Windows\system32\audiosrv.dll
2010-03-30 20:24:17 ----A---- C:\Windows\system32\AuxiliaryDisplayServices.dll
2010-03-30 20:24:17 ----A---- C:\Windows\system32\AuxiliaryDisplayDriverLib.dll
2010-03-30 20:24:17 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2010-03-30 20:24:17 ----A---- C:\Windows\system32\autoplay.dll
2010-03-30 20:24:17 ----A---- C:\Windows\system32\autofmt.exe
2010-03-30 20:24:17 ----A---- C:\Windows\system32\autoconv.exe
2010-03-30 20:24:17 ----A---- C:\Windows\system32\autochk.exe
2010-03-30 20:24:17 ----A---- C:\Windows\system32\authz.dll
2010-03-30 20:24:17 ----A---- C:\Windows\system32\authui.dll
2010-03-30 20:24:17 ----A---- C:\Windows\system32\AudioSes.dll
2010-03-30 20:24:17 ----A---- C:\Windows\system32\audiodg.exe
2010-03-30 20:24:16 ----A---- C:\Windows\system32\bthci.dll
2010-03-30 20:24:16 ----A---- C:\Windows\system32\browseui.dll
2010-03-30 20:24:16 ----A---- C:\Windows\system32\brcpl.dll
2010-03-30 20:24:16 ----A---- C:\Windows\system32\blackbox.dll
2010-03-30 20:24:16 ----A---- C:\Windows\system32\bitsigd.dll
2010-03-30 20:24:16 ----A---- C:\Windows\system32\BFE.DLL
2010-03-30 20:24:16 ----A---- C:\Windows\system32\bcrypt.dll
2010-03-30 20:24:16 ----A---- C:\Windows\system32\basecsp.dll
2010-03-30 20:24:16 ----A---- C:\Windows\system32\azroles.dll
2010-03-30 20:24:16 ----A---- C:\Windows\system32\accessibilitycpl.dll
2010-03-30 20:24:15 ----A---- C:\Windows\system32\crypt32.dll
2010-03-30 20:24:15 ----A---- C:\Windows\system32\credui.dll
2010-03-30 20:24:15 ----A---- C:\Windows\system32\conime.exe
2010-03-30 20:24:15 ----A---- C:\Windows\system32\comuid.dll
2010-03-30 20:24:15 ----A---- C:\Windows\system32\comsvcs.dll
2010-03-30 20:24:15 ----A---- C:\Windows\system32\apphelp.dll
2010-03-30 20:24:15 ----A---- C:\Windows\system32\apds.dll
2010-03-30 20:24:15 ----A---- C:\Windows\system32\advapi32.dll
2010-03-30 20:24:15 ----A---- C:\Windows\system32\adtschema.dll
2010-03-30 20:24:15 ----A---- C:\Windows\system32\adsmsext.dll
2010-03-30 20:24:15 ----A---- C:\Windows\system32\adsldpc.dll
2010-03-30 20:24:14 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2010-03-30 20:24:14 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2010-03-30 20:24:14 ----A---- C:\Windows\system32\DevicePairing.dll
2010-03-30 20:24:14 ----A---- C:\Windows\system32\DeviceEject.exe
2010-03-30 20:24:14 ----A---- C:\Windows\system32\dbgeng.dll
2010-03-30 20:24:14 ----A---- C:\Windows\system32\davclnt.dll
2010-03-30 20:24:14 ----A---- C:\Windows\system32\dataclen.dll
2010-03-30 20:24:14 ----A---- C:\Windows\system32\d3d9.dll
2010-03-30 20:24:14 ----A---- C:\Windows\system32\csrstub.exe
2010-03-30 20:24:14 ----A---- C:\Windows\system32\cscdll.dll
2010-03-30 20:24:14 ----A---- C:\Windows\system32\cscapi.dll
2010-03-30 20:24:14 ----A---- C:\Windows\system32\cryptui.dll
2010-03-30 20:24:14 ----A---- C:\Windows\system32\cryptsvc.dll
2010-03-30 20:24:14 ----A---- C:\Windows\system32\connect.dll
2010-03-30 20:24:14 ----A---- C:\Windows\system32\comdlg32.dll
2010-03-30 20:24:14 ----A---- C:\Windows\system32\cmmon32.exe
2010-03-30 20:24:14 ----A---- C:\Windows\system32\cmdial32.dll
2010-03-30 20:24:13 ----A---- C:\Windows\system32\cscript.exe
2010-03-30 20:24:13 ----A---- C:\Windows\system32\cipher.exe
2010-03-30 20:24:13 ----A---- C:\Windows\system32\ci.dll
2010-03-30 20:24:13 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2010-03-30 20:24:13 ----A---- C:\Windows\system32\chsbrkr.dll
2010-03-30 20:24:13 ----A---- C:\Windows\system32\certmgr.dll
2010-03-30 20:24:13 ----A---- C:\Windows\system32\CertEnrollUI.dll
2010-03-30 20:24:13 ----A---- C:\Windows\system32\CertEnroll.dll
2010-03-30 20:24:13 ----A---- C:\Windows\system32\certcli.dll
2010-03-30 20:24:13 ----A---- C:\Windows\system32\cbsra.exe
2010-03-30 20:24:13 ----A---- C:\Windows\system32\bthudtask.exe
2010-03-30 20:24:13 ----A---- C:\Windows\system32\bthserv.dll
2010-03-30 20:24:12 ----A---- C:\Windows\system32\msihnd.dll
2010-03-30 20:24:12 ----A---- C:\Windows\system32\msiexec.exe
2010-03-30 20:24:12 ----A---- C:\Windows\system32\msftedit.dll
2010-03-30 20:24:12 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-03-30 20:24:12 ----A---- C:\Windows\system32\msfeeds.dll
2010-03-30 20:24:12 ----A---- C:\Windows\system32\msexcl40.dll
2010-03-30 20:24:12 ----A---- C:\Windows\system32\msexch40.dll
2010-03-30 20:24:12 ----A---- C:\Windows\system32\msdtctm.dll
2010-03-30 20:24:12 ----A---- C:\Windows\system32\chtbrkr.dll
2010-03-30 20:24:12 ----A---- C:\Windows\system32\certutil.exe
2010-03-30 20:24:12 ----A---- C:\Windows\system32\certreq.exe
2010-03-30 20:24:12 ----A---- C:\Windows\system32\certprop.dll
2010-03-30 20:24:11 ----A---- C:\Windows\system32\msi.dll
2010-03-30 20:24:10 ----A---- C:\Windows\system32\msimsg.dll
2010-03-30 20:24:10 ----A---- C:\Windows\system32\msdtcprx.dll
2010-03-30 20:24:10 ----A---- C:\Windows\system32\msctfui.dll
2010-03-30 20:24:10 ----A---- C:\Windows\system32\msctfp.dll
2010-03-30 20:24:10 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2010-03-30 20:24:10 ----A---- C:\Windows\system32\msctf.dll
2010-03-30 20:24:10 ----A---- C:\Windows\system32\MPSSVC.dll
2010-03-30 20:24:10 ----A---- C:\Windows\system32\mprapi.dll
2010-03-30 20:24:10 ----A---- C:\Windows\system32\mpr.dll
2010-03-30 20:24:10 ----A---- C:\Windows\system32\modemui.dll
2010-03-30 20:24:10 ----A---- C:\Windows\system32\MMDevAPI.dll
2010-03-30 20:24:09 ----A---- C:\Windows\system32\mscories.dll
2010-03-30 20:24:09 ----A---- C:\Windows\system32\mscorier.dll
2010-03-30 20:24:09 ----A---- C:\Windows\system32\mscoree.dll
2010-03-30 20:24:09 ----A---- C:\Windows\system32\mscms.dll
2010-03-30 20:24:09 ----A---- C:\Windows\system32\mscandui.dll
2010-03-30 20:24:08 ----A---- C:\Windows\system32\NetProjW.dll
2010-03-30 20:24:08 ----A---- C:\Windows\system32\netplwiz.dll
2010-03-30 20:24:08 ----A---- C:\Windows\system32\netlogon.dll
2010-03-30 20:24:08 ----A---- C:\Windows\system32\netcenter.dll
2010-03-30 20:24:08 ----A---- C:\Windows\system32\netapi32.dll
2010-03-30 20:24:08 ----A---- C:\Windows\system32\ncryptui.dll
2010-03-30 20:24:08 ----A---- C:\Windows\system32\ncrypt.dll
2010-03-30 20:24:08 ----A---- C:\Windows\system32\mtxclu.dll
2010-03-30 20:24:01 ----A---- C:\Windows\system32\NcdProp.dll
2010-03-30 20:24:01 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2010-03-30 20:23:59 ----A---- C:\Windows\system32\netshell.dll
2010-03-30 20:23:58 ----A---- C:\Windows\system32\newdev.exe
2010-03-30 20:23:58 ----A---- C:\Windows\system32\newdev.dll
2010-03-30 20:23:57 ----A---- C:\Windows\system32\networkexplorer.dll
2010-03-30 20:23:56 ----A---- C:\Windows\system32\networkmap.dll
2010-03-30 20:23:56 ----A---- C:\Windows\system32\networkitemfactory.dll
2010-03-30 20:23:55 ----A---- C:\Windows\system32\msscntrs.dll
2010-03-30 20:23:55 ----A---- C:\Windows\system32\msscb.dll
2010-03-30 20:23:55 ----A---- C:\Windows\system32\msrepl40.dll
2010-03-30 20:23:55 ----A---- C:\Windows\system32\msrd3x40.dll
2010-03-30 20:23:55 ----A---- C:\Windows\system32\msrd2x40.dll
2010-03-30 20:23:55 ----A---- C:\Windows\system32\msrating.dll
2010-03-30 20:23:55 ----A---- C:\Windows\system32\mspbde40.dll
2010-03-30 20:23:55 ----A---- C:\Windows\system32\msnetobj.dll
2010-03-30 20:23:55 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
2010-03-30 20:23:55 ----A---- C:\Windows\system32\msltus40.dll
2010-03-30 20:23:54 ----A---- C:\Windows\system32\msjint40.dll
2010-03-30 20:23:54 ----A---- C:\Windows\system32\msinfo32.exe
2010-03-30 20:23:54 ----A---- C:\Windows\system32\msimtf.dll
2010-03-30 20:23:53 ----A---- C:\Windows\system32\msxbde40.dll
2010-03-30 20:23:53 ----A---- C:\Windows\system32\mswstr10.dll
2010-03-30 20:23:53 ----A---- C:\Windows\system32\mswsock.dll
2010-03-30 20:23:53 ----A---- C:\Windows\system32\mswdat10.dll
2010-03-30 20:23:53 ----A---- C:\Windows\system32\MSVidCtl.dll
2010-03-30 20:23:53 ----A---- C:\Windows\system32\msvcrt.dll
2010-03-30 20:23:53 ----A---- C:\Windows\system32\msvcp60.dll
2010-03-30 20:23:53 ----A---- C:\Windows\system32\msutb.dll
2010-03-30 20:23:53 ----A---- C:\Windows\system32\mstsc.exe
2010-03-30 20:23:53 ----A---- C:\Windows\system32\mstlsapi.dll
2010-03-30 20:23:53 ----A---- C:\Windows\system32\mstime.dll
2010-03-30 20:23:53 ----A---- C:\Windows\system32\mstext40.dll
2010-03-30 20:23:53 ----A---- C:\Windows\system32\mssvp.dll
2010-03-30 20:23:53 ----A---- C:\Windows\system32\msstrc.dll
2010-03-30 20:23:53 ----A---- C:\Windows\system32\mssrch.dll
2010-03-30 20:23:53 ----A---- C:\Windows\system32\mssprxy.dll
2010-03-30 20:23:53 ----A---- C:\Windows\system32\mssphtb.dll
2010-03-30 20:23:53 ----A---- C:\Windows\system32\mssph.dll
2010-03-30 20:23:53 ----A---- C:\Windows\system32\mssitlb.dll
2010-03-30 20:23:53 ----A---- C:\Windows\system32\msshsq.dll
2010-03-30 20:23:53 ----A---- C:\Windows\system32\msshooks.dll
2010-03-30 20:23:53 ----A---- C:\Windows\system32\msscp.dll
2010-03-30 20:23:53 ----A---- C:\Windows\system32\msjtes40.dll
2010-03-30 20:23:53 ----A---- C:\Windows\system32\msjter40.dll
2010-03-30 20:23:53 ----A---- C:\Windows\system32\msjetoledb40.dll
2010-03-30 20:23:53 ----A---- C:\Windows\system32\msjet40.dll
2010-03-30 20:23:53 ----A---- C:\Windows\system32\msisip.dll
2010-03-30 20:23:53 ----A---- C:\Windows\system32\inetcomm.dll
2010-03-30 20:23:52 ----A---- C:\Windows\system32\iscsilog.dll
2010-03-30 20:23:52 ----A---- C:\Windows\system32\ipsmsnap.dll
2010-03-30 20:23:52 ----A---- C:\Windows\system32\IPSECSVC.DLL
2010-03-30 20:23:52 ----A---- C:\Windows\system32\InkEd.dll
2010-03-30 20:23:52 ----A---- C:\Windows\system32\infocardapi.dll
2010-03-30 20:23:52 ----A---- C:\Windows\system32\inetppui.dll
2010-03-30 20:23:52 ----A---- C:\Windows\system32\inetpp.dll
2010-03-30 20:23:52 ----A---- C:\Windows\system32\imm32.dll
2010-03-30 20:23:51 ----A---- C:\Windows\system32\ipsecsnp.dll
2010-03-30 20:23:51 ----A---- C:\Windows\system32\iphlpsvc.dll
2010-03-30 20:23:51 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2010-03-30 20:23:51 ----A---- C:\Windows\system32\ipconfig.exe
2010-03-30 20:23:51 ----A---- C:\Windows\system32\input.dll
2010-03-30 20:23:51 ----A---- C:\Windows\system32\ifmon.dll
2010-03-30 20:23:51 ----A---- C:\Windows\system32\iertutil.dll
2010-03-30 20:23:51 ----A---- C:\Windows\system32\icardres.dll
2010-03-30 20:23:51 ----A---- C:\Windows\system32\icardagt.exe
2010-03-30 20:23:51 ----A---- C:\Windows\system32\iassvcs.dll
2010-03-30 20:23:51 ----A---- C:\Windows\system32\iassdo.dll
2010-03-30 20:23:51 ----A---- C:\Windows\system32\iassam.dll
2010-03-30 20:23:51 ----A---- C:\Windows\system32\iasrecst.dll
2010-03-30 20:23:51 ----A---- C:\Windows\system32\iasrad.dll
2010-03-30 20:23:51 ----A---- C:\Windows\system32\iaspolcy.dll
2010-03-30 20:23:50 ----A---- C:\Windows\system32\IMJP10K.DLL
2010-03-30 20:23:50 ----A---- C:\Windows\system32\imapi2fs.dll
2010-03-30 20:23:50 ----A---- C:\Windows\system32\imapi2.dll
2010-03-30 20:23:50 ----A---- C:\Windows\system32\imapi.dll
2010-03-30 20:23:50 ----A---- C:\Windows\system32\IKEEXT.DLL
2010-03-30 20:23:50 ----A---- C:\Windows\system32\iedkcs32.dll
2010-03-30 20:23:50 ----A---- C:\Windows\system32\ieaksie.dll
2010-03-30 20:23:49 ----A---- C:\Windows\system32\mimefilt.dll
2010-03-30 20:23:49 ----A---- C:\Windows\system32\milcore.dll
2010-03-30 20:23:49 ----A---- C:\Windows\system32\mfplat.dll
2010-03-30 20:23:49 ----A---- C:\Windows\system32\mfc42u.dll
2010-03-30 20:23:49 ----A---- C:\Windows\system32\mfc42.dll
2010-03-30 20:23:48 ----A---- C:\Windows\system32\mmcndmgr.dll
2010-03-30 20:23:48 ----A---- C:\Windows\system32\mmcico.dll
2010-03-30 20:23:48 ----A---- C:\Windows\system32\mmci.dll
2010-03-30 20:23:48 ----A---- C:\Windows\system32\mmc.exe
2010-03-30 20:23:48 ----A---- C:\Windows\system32\midimap.dll
2010-03-30 20:23:48 ----A---- C:\Windows\system32\korwbrkr.dll
2010-03-30 20:23:47 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2010-03-30 20:23:47 ----A---- C:\Windows\system32\mblctr.exe
2010-03-30 20:23:47 ----A---- C:\Windows\system32\l2nacp.dll
2010-03-30 20:23:47 ----A---- C:\Windows\system32\kernel32.dll
2010-03-30 20:23:47 ----A---- C:\Windows\system32\kdusb.dll
2010-03-30 20:23:47 ----A---- C:\Windows\system32\kdcom.dll
2010-03-30 20:23:47 ----A---- C:\Windows\system32\kd1394.dll
2010-03-30 20:23:46 ----A---- C:\Windows\system32\shsetup.dll
2010-03-30 20:23:46 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2010-03-30 20:23:46 ----A---- C:\Windows\system32\mcmde.dll
2010-03-30 20:23:46 ----A---- C:\Windows\system32\Magnify.exe
2010-03-30 20:23:46 ----A---- C:\Windows\system32\logman.exe
2010-03-30 20:23:46 ----A---- C:\Windows\system32\logagent.exe
2010-03-30 20:23:45 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2010-03-30 20:23:45 ----A---- C:\Windows\system32\whealogr.dll
2010-03-30 20:23:45 ----A---- C:\Windows\system32\wevtutil.exe
2010-03-30 20:23:45 ----A---- C:\Windows\system32\wevtsvc.dll
2010-03-30 20:23:45 ----A---- C:\Windows\system32\wercon.exe
2010-03-30 20:23:45 ----A---- C:\Windows\system32\wer.dll
2010-03-30 20:23:45 ----A---- C:\Windows\system32\WebClnt.dll
2010-03-30 20:23:45 ----A---- C:\Windows\system32\webcheck.dll
2010-03-30 20:23:45 ----A---- C:\Windows\system32\wdscore.dll
2010-03-30 20:23:45 ----A---- C:\Windows\system32\wdc.dll
2010-03-30 20:23:44 ----A---- C:\Windows\system32\win32spl.dll
2010-03-30 20:23:44 ----A---- C:\Windows\system32\wiaaut.dll
2010-03-30 20:23:44 ----A---- C:\Windows\system32\wevtapi.dll
2010-03-30 20:23:44 ----A---- C:\Windows\system32\wersvc.dll
2010-03-30 20:23:44 ----A---- C:\Windows\system32\WerFaultSecure.exe
2010-03-30 20:23:44 ----A---- C:\Windows\system32\WerFault.exe
2010-03-30 20:23:43 ----A---- C:\Windows\system32\wiaservc.dll
2010-03-30 20:23:43 ----A---- C:\Windows\system32\version.dll
2010-03-30 20:23:43 ----A---- C:\Windows\system32\vdsutil.dll
2010-03-30 20:23:43 ----A---- C:\Windows\system32\vdsdyn.dll
2010-03-30 20:23:43 ----A---- C:\Windows\system32\vds.exe
2010-03-30 20:23:43 ----A---- C:\Windows\system32\vdmdbg.dll
2010-03-30 20:23:43 ----A---- C:\Windows\system32\vbscript.dll
2010-03-30 20:23:43 ----A---- C:\Windows\system32\uxsms.dll
2010-03-30 20:23:43 ----A---- C:\Windows\system32\Utilman.exe
2010-03-30 20:23:43 ----A---- C:\Windows\system32\usp10.dll
2010-03-30 20:23:43 ----A---- C:\Windows\system32\userenv.dll
2010-03-30 20:23:43 ----A---- C:\Windows\system32\usercpl.dll
2010-03-30 20:23:43 ----A---- C:\Windows\system32\user32.dll
2010-03-30 20:23:42 ----A---- C:\Windows\system32\wscisvif.dll
2010-03-30 20:23:42 ----A---- C:\Windows\system32\WscEapPr.dll
2010-03-30 20:23:42 ----A---- C:\Windows\system32\wscapi.dll
2010-03-30 20:23:42 ----A---- C:\Windows\system32\wcnwiz2.dll
2010-03-30 20:23:42 ----A---- C:\Windows\system32\wcnwiz.dll
2010-03-30 20:23:42 ----A---- C:\Windows\system32\WcnNetsh.dll
2010-03-30 20:23:42 ----A---- C:\Windows\system32\wcncsvc.dll
2010-03-30 20:23:42 ----A---- C:\Windows\system32\w32time.dll
2010-03-30 20:23:42 ----A---- C:\Windows\system32\VSSVC.exe
2010-03-30 20:23:42 ----A---- C:\Windows\system32\vssapi.dll
2010-03-30 20:23:41 ----A---- C:\Windows\system32\WSDMon.dll
2010-03-30 20:23:41 ----A---- C:\Windows\system32\wsdchngr.dll
2010-03-30 20:23:41 ----A---- C:\Windows\system32\wscsvc.dll
2010-03-30 20:23:41 ----A---- C:\Windows\system32\wscript.exe
2010-03-30 20:23:41 ----A---- C:\Windows\system32\wscntfy.dll
2010-03-30 20:23:41 ----A---- C:\Windows\system32\wow32.dll
2010-03-30 20:23:41 ----A---- C:\Windows\system32\WMVXENCD.DLL
2010-03-30 20:23:41 ----A---- C:\Windows\system32\WMVSDECD.DLL
2010-03-30 20:23:41 ----A---- C:\Windows\system32\WMVENCOD.DLL
2010-03-30 20:23:40 ----A---- C:\Windows\system32\xmlfilter.dll
2010-03-30 20:23:40 ----A---- C:\Windows\system32\wusa.exe
2010-03-30 20:23:40 ----A---- C:\Windows\system32\wshext.dll
2010-03-30 20:23:40 ----A---- C:\Windows\system32\wshbth.dll
2010-03-30 20:23:40 ----A---- C:\Windows\system32\wsepno.dll
2010-03-30 20:23:40 ----A---- C:\Windows\system32\wpcsvc.dll
2010-03-30 20:23:40 ----A---- C:\Windows\system32\wpccpl.dll
2010-03-30 20:23:40 ----A---- C:\Windows\system32\wpcao.dll
2010-03-30 20:23:39 ----A---- C:\Windows\system32\wsnmp32.dll
2010-03-30 20:23:39 ----A---- C:\Windows\system32\WsmSvc.dll
2010-03-30 20:23:39 ----A---- C:\Windows\system32\wlgpclnt.dll
2010-03-30 20:23:39 ----A---- C:\Windows\system32\Wldap32.dll
2010-03-30 20:23:39 ----A---- C:\Windows\system32\wlanui.dll
2010-03-30 20:23:39 ----A---- C:\Windows\system32\wlanpref.dll
2010-03-30 20:23:39 ----A---- C:\Windows\system32\wlangpui.dll
2010-03-30 20:23:39 ----A---- C:\Windows\system32\wisptis.exe
2010-03-30 20:23:39 ----A---- C:\Windows\system32\winsrv.dll
2010-03-30 20:23:39 ----A---- C:\Windows\system32\WinSCard.dll
2010-03-30 20:23:39 ----A---- C:\Windows\system32\WinSAT.exe
2010-03-30 20:23:39 ----A---- C:\Windows\system32\winrnr.dll
2010-03-30 20:23:39 ----A---- C:\Windows\system32\winresume.exe
2010-03-30 20:23:39 ----A---- C:\Windows\system32\winmm.dll
2010-03-30 20:23:39 ----A---- C:\Windows\system32\winlogon.exe
2010-03-30 20:23:39 ----A---- C:\Windows\system32\winload.exe
2010-03-30 20:23:38 ----A---- C:\Windows\system32\wmpmde.dll
2010-03-30 20:23:38 ----A---- C:\Windows\system32\wmpeffects.dll
2010-03-30 20:23:38 ----A---- C:\Windows\system32\WMNetMgr.dll
2010-03-30 20:23:37 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-03-30 20:23:37 ----A---- C:\Windows\system32\wmdrmsdk.dll
2010-03-30 20:23:37 ----A---- C:\Windows\system32\Storprop.dll
2010-03-30 20:23:37 ----A---- C:\Windows\system32\stobject.dll
2010-03-30 20:23:36 ----A---- C:\Windows\system32\sud.dll
2010-03-30 20:23:36 ----A---- C:\Windows\system32\srcore.dll
2010-03-30 20:23:36 ----A---- C:\Windows\system32\srchadmin.dll
2010-03-30 20:23:35 ----A---- C:\Windows\system32\srvsvc.dll
2010-03-30 20:23:34 ----A---- C:\Windows\system32\sysmain.dll
2010-03-30 20:23:34 ----A---- C:\Windows\system32\sysclass.dll
2010-03-30 20:23:34 ----A---- C:\Windows\system32\SyncCenter.dll
2010-03-30 20:23:34 ----A---- C:\Windows\system32\swprv.dll
2010-03-30 20:23:33 ----A---- C:\Windows\system32\smss.exe
2010-03-30 20:23:33 ----A---- C:\Windows\system32\SmiEngine.dll
2010-03-30 20:23:33 ----A---- C:\Windows\system32\SMBHelperClass.dll
2010-03-30 20:23:33 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2010-03-30 20:23:33 ----A---- C:\Windows\system32\slwmi.dll
2010-03-30 20:23:31 ----A---- C:\Windows\system32\slcc.dll
2010-03-30 20:23:31 ----A---- C:\Windows\system32\SLC.dll
2010-03-30 20:23:31 ----A---- C:\Windows\system32\shwebsvc.dll
2010-03-30 20:23:31 ----A---- C:\Windows\system32\shsvcs.dll
2010-03-30 20:23:27 ----A---- C:\Windows\system32\spoolss.dll
2010-03-30 20:23:27 ----A---- C:\Windows\system32\spinstall.exe
2010-03-30 20:23:27 ----A---- C:\Windows\system32\slwga.dll
2010-03-30 20:23:27 ----A---- C:\Windows\system32\SLUINotify.dll
2010-03-30 20:23:27 ----A---- C:\Windows\system32\SLUI.exe
2010-03-30 20:23:27 ----A---- C:\Windows\system32\SLsvc.exe
2010-03-30 20:23:27 ----A---- C:\Windows\system32\slmgr.vbs
2010-03-30 20:23:27 ----A---- C:\Windows\system32\SLLUA.exe
2010-03-30 20:23:27 ----A---- C:\Windows\system32\SLCommDlg.dll
2010-03-30 20:23:27 ----A---- C:\Windows\system32\slcinst.dll
2010-03-30 20:23:27 ----A---- C:\Windows\system32\SLCExt.dll
2010-03-30 20:23:26 ----A---- C:\Windows\system32\sqlsrv32.dll
2010-03-30 20:23:26 ----A---- C:\Windows\system32\spwizui.dll
2010-03-30 20:23:26 ----A---- C:\Windows\system32\spwinsat.dll
2010-03-30 20:23:26 ----A---- C:\Windows\system32\spreview.exe
2010-03-30 20:23:26 ----A---- C:\Windows\system32\spp.dll
2010-03-30 20:23:26 ----A---- C:\Windows\system32\spoolsv.exe
2010-03-30 20:23:26 ----A---- C:\Windows\system32\sperror.dll
2010-03-30 20:23:26 ----A---- C:\Windows\system32\spcmsg.dll
2010-03-30 20:23:25 ----A---- C:\Windows\system32\TsWpfWrp.exe
2010-03-30 20:23:25 ----A---- C:\Windows\system32\TSTheme.exe
2010-03-30 20:23:25 ----A---- C:\Windows\system32\softkbd.dll
2010-03-30 20:23:25 ----A---- C:\Windows\system32\SnippingTool.exe
2010-03-30 20:23:25 ----A---- C:\Windows\system32\SndVol.exe
2010-03-30 20:23:24 ----A---- C:\Windows\system32\tscupgrd.exe
2010-03-30 20:23:23 ----A---- C:\Windows\system32\zipfldr.dll
2010-03-30 20:23:23 ----A---- C:\Windows\system32\untfs.dll
2010-03-30 20:23:23 ----A---- C:\Windows\system32\uDWM.dll
2010-03-30 20:23:22 ----A---- C:\Windows\system32\umpnpmgr.dll
2010-03-30 20:23:22 ----A---- C:\Windows\system32\ulib.dll
2010-03-30 20:23:22 ----A---- C:\Windows\system32\systemcpl.dll
2010-03-30 20:23:20 ----A---- C:\Windows\system32\tquery.dll
2010-03-30 20:23:19 ----A---- C:\Windows\system32\themeui.dll
2010-03-30 20:23:19 ----A---- C:\Windows\system32\themecpl.dll
2010-03-30 20:23:19 ----A---- C:\Windows\system32\thawbrkr.dll
2010-03-30 20:23:19 ----A---- C:\Windows\system32\termsrv.dll
2010-03-30 20:23:19 ----A---- C:\Windows\system32\tcpmon.dll
2010-03-30 20:23:19 ----A---- C:\Windows\system32\tcpipcfg.dll
2010-03-30 20:23:19 ----A---- C:\Windows\system32\taskeng.exe
2010-03-30 20:23:19 ----A---- C:\Windows\system32\taskcomp.dll
2010-03-30 20:23:19 ----A---- C:\Windows\system32\tapisrv.dll
2010-03-30 20:21:20 ----D---- C:\Windows\system32\EventProviders
2010-03-26 04:00:31 ----A---- C:\Windows\system32\browserchoice.exe
2010-03-26 00:08:37 ----D---- C:\Windows\Minidump
2010-03-19 11:37:42 ----D---- C:\Program Files\Trend Micro
2010-03-14 16:21:19 ----D---- C:\Program Files\phenomedia
2010-03-10 11:59:51 ----A---- C:\Windows\system32\nshhttp.dll
2010-03-10 11:59:47 ----A---- C:\Windows\system32\httpapi.dll

======List of files/folders modified in the last 1 months======

2010-04-02 21:15:57 ----D---- C:\Windows\Prefetch
2010-04-02 21:15:56 ----D---- C:\Windows\Temp
2010-04-02 20:16:22 ----D---- C:\Windows\System32
2010-04-02 20:16:22 ----D---- C:\Windows\inf
2010-04-02 20:16:22 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-04-02 20:16:03 ----D---- C:\Windows\system32\drivers
2010-04-02 20:16:02 ----HD---- C:\ProgramData
2010-04-02 20:16:01 ----RD---- C:\Program Files
2010-04-02 17:54:18 ----SHD---- C:\System Volume Information
2010-04-02 17:48:59 ----D---- C:\Windows\system32\Msdtc
2010-04-02 17:48:56 ----D---- C:\Windows\system32\wbem
2010-04-02 17:48:56 ----D---- C:\Windows
2010-04-02 17:48:20 ----D---- C:\Windows\system32\config
2010-04-02 17:48:13 ----D---- C:\Windows\Tasks
2010-04-02 17:48:13 ----D---- C:\Windows\system32\spool
2010-04-02 17:48:13 ----D---- C:\Windows\system32\catroot2
2010-04-02 17:48:12 ----D---- C:\Windows\registration
2010-04-02 17:48:12 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-04-02 17:43:49 ----SHD---- C:\Windows\Installer
2010-04-02 17:43:49 ----D---- C:\Program Files\Symantec
2010-04-01 12:48:05 ----D---- C:\Program Files\Mozilla Firefox
2010-03-31 11:04:31 ----D---- C:\Windows\Microsoft.NET
2010-03-31 11:04:18 ----RSD---- C:\Windows\assembly
2010-03-31 10:38:03 ----D---- C:\Windows\rescache
2010-03-31 10:23:53 ----D---- C:\Windows\system32\Tasks
2010-03-31 05:45:44 ----D---- C:\Windows\system32\de-DE
2010-03-31 05:45:41 ----D---- C:\Windows\system32\zh-TW
2010-03-31 05:45:41 ----D---- C:\Windows\system32\zh-HK
2010-03-31 05:45:41 ----D---- C:\Windows\system32\zh-CN
2010-03-31 05:45:41 ----D---- C:\Windows\system32\uk-UA
2010-03-31 05:45:41 ----D---- C:\Windows\system32\tr-TR
2010-03-31 05:45:41 ----D---- C:\Windows\system32\th-TH
2010-03-31 05:45:41 ----D---- C:\Windows\system32\sv-SE
2010-03-31 05:45:41 ----D---- C:\Windows\system32\sr-Latn-CS
2010-03-31 05:45:41 ----D---- C:\Windows\system32\sl-SI
2010-03-31 05:45:41 ----D---- C:\Windows\system32\sk-SK
2010-03-31 05:45:41 ----D---- C:\Windows\system32\ru-RU
2010-03-31 05:45:41 ----D---- C:\Windows\system32\ro-RO
2010-03-31 05:45:41 ----D---- C:\Windows\system32\pt-PT
2010-03-31 05:45:41 ----D---- C:\Windows\system32\pt-BR
2010-03-31 05:45:41 ----D---- C:\Windows\system32\pl-PL
2010-03-31 05:45:41 ----D---- C:\Windows\system32\nl-NL
2010-03-31 05:45:41 ----D---- C:\Windows\system32\nb-NO
2010-03-31 05:45:41 ----D---- C:\Windows\system32\lv-LV
2010-03-31 05:45:41 ----D---- C:\Windows\system32\lt-LT
2010-03-31 05:45:41 ----D---- C:\Windows\system32\ko-KR
2010-03-31 05:45:41 ----D---- C:\Windows\system32\ja-JP
2010-03-31 05:45:41 ----D---- C:\Windows\system32\it-IT
2010-03-31 05:45:41 ----D---- C:\Windows\system32\hu-HU
2010-03-31 05:45:41 ----D---- C:\Windows\system32\hr-HR
2010-03-31 05:45:41 ----D---- C:\Windows\system32\he-IL
2010-03-31 05:45:41 ----D---- C:\Windows\system32\fr-FR
2010-03-31 05:45:41 ----D---- C:\Windows\system32\fi-FI
2010-03-31 05:45:41 ----D---- C:\Windows\system32\et-EE
2010-03-31 05:45:41 ----D---- C:\Windows\system32\es-ES
2010-03-31 05:45:41 ----D---- C:\Windows\system32\en-US
2010-03-31 05:45:41 ----D---- C:\Windows\system32\el-GR
2010-03-31 05:45:41 ----D---- C:\Windows\system32\da-DK
2010-03-31 05:45:41 ----D---- C:\Windows\system32\cs-CZ
2010-03-31 05:45:41 ----D---- C:\Windows\system32\bg-BG
2010-03-31 05:45:41 ----D---- C:\Windows\system32\ar-SA
2010-03-31 05:45:38 ----D---- C:\Windows\AppPatch
2010-03-31 03:42:18 ----D---- C:\Windows\winsxs
2010-03-31 03:42:17 ----D---- C:\Windows\system32\catroot
2010-03-30 20:42:35 ----SHD---- C:\Boot
2010-03-30 20:39:41 ----D---- C:\Program Files\Yahoo!
2010-03-30 20:37:23 ----D---- C:\Program Files\Windows Mail
2010-03-30 20:37:23 ----D---- C:\Program Files\Windows Calendar
2010-03-30 20:37:23 ----D---- C:\Program Files\Movie Maker
2010-03-30 20:37:22 ----D---- C:\Program Files\Windows Sidebar
2010-03-30 20:37:22 ----D---- C:\Program Files\Windows Media Player
2010-03-30 20:37:22 ----D---- C:\Program Files\Internet Explorer
2010-03-30 20:37:21 ----D---- C:\Program Files\Windows Journal
2010-03-30 20:37:21 ----D---- C:\Program Files\Windows Collaboration
2010-03-30 20:37:20 ----D---- C:\Program Files\Common Files\System
2010-03-30 20:37:19 ----D---- C:\Program Files\Windows Photo Gallery
2010-03-30 20:37:16 ----D---- C:\Windows\servicing
2010-03-30 20:37:16 ----D---- C:\Program Files\Windows Defender
2010-03-30 20:37:15 ----D---- C:\Windows\ehome
2010-03-30 20:37:03 ----D---- C:\Windows\IME
2010-03-30 20:37:02 ----D---- C:\Windows\system32\XPSViewer
2010-03-30 20:36:59 ----D---- C:\Windows\system32\oobe
2010-03-30 20:36:59 ----D---- C:\Windows\system32\migration
2010-03-30 20:36:56 ----D---- C:\Windows\system32\AdvancedInstallers
2010-03-30 20:36:55 ----D---- C:\Windows\system32\SLUI
2010-03-30 20:36:55 ----D---- C:\Windows\system32\setup
2010-03-30 20:36:54 ----D---- C:\Windows\system32\manifeststore
2010-03-30 20:36:51 ----D---- C:\Windows\system32\migwiz
2010-03-30 20:36:21 ----RSD---- C:\Windows\Fonts
2010-03-30 20:36:13 ----D---- C:\Windows\system32\Boot
2010-03-30 20:35:02 ----D---- C:\Windows\system32\RTCOM
2010-03-30 18:35:21 ----D---- C:\ProgramData\Symantec
2010-03-30 18:29:13 ----D---- C:\Program Files\Norton Internet Security
2010-03-30 18:29:13 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-03-30 18:21:05 ----D---- C:\Program Files\Common Files
2010-03-14 16:21:19 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-10 12:02:17 ----D---- C:\ProgramData\Microsoft Help
2010-03-07 02:55:48 ----D---- C:\Users\Mona\AppData\Roaming\ICQ

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2009-02-19 24112]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2009-02-19 184496]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2008-05-14 64000]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-06-09 1177600]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-09-08 3929600]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-09-09 2167128]
R3 MGHwCtrl;MGHwCtrl; \??\C:\Windows\system32\drivers\MGHwCtrl.sys [2006-12-22 19456]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-05-22 62464]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSGB6.sys [2008-05-02 48128]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2008-06-11 1097856]
R3 StillCam;Treiber für serielle Digitalkamera; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-21 9216]
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2009-02-19 13616]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-11-17 124464]
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2009-02-19 96560]
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2009-02-19 22320]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2008-03-25 41472]
R3 usbvideo;USB-Videoger?t (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-02-29 1202560]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista; C:\Windows\system32\DRIVERS\netr28.sys [2008-05-19 380416]
S3 RTL8187Se;Realtek RTL8187SE Wireless LAN PCIE Network Adapter; C:\Windows\system32\DRIVERS\RTL8187Se.sys [2008-08-22 333824]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2008-04-24 131712]
S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2007-11-29 36608]
S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2008-03-19 74112]
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612]
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2008-01-23 54144]
S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2008-06-27 41728]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-09-08 704512]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 NishService;SCM Driver Daemon; C:\Program Files\System Control Manager\edd.exe [2007-08-24 61440]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2008-05-23 120168]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------




internet ist immer noch nicht da.. bzw browser laufen nit.. was nun?


lg

Einige Einträge in HijackThis seh ich da. mach mal bitte ein Log mit CF, das nimmt uns einiges an Arbeit ab:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

• Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

• Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

• Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

• Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
  Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

• Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

ComboFix 10-04-01.02 - Mona 02.04.2010 22:05:10.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1256.961.1031.18.3070.1713 [GMT 2:00]
Running from: E:\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1459114649-2746478589-3421930745-500

.
((((((((((((((((((((((((( Files Created from 2010-03-02 to 2010-04-02 )))))))))))))))))))))))))))))))
.

2010-04-02 20:10 . 2010-04-02 20:10 -------- d-----w- c:\users\Mona\AppData\Local\temp
2010-04-02 20:10 . 2010-04-02 20:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-02 19:15 . 2010-04-02 19:15 -------- d-----w- C:\rsit
2010-04-02 18:16 . 2010-04-02 18:16 -------- d-----w- c:\users\Mona\AppData\Roaming\Malwarebytes
2010-04-02 18:16 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-02 18:16 . 2010-04-02 18:16 -------- d-----w- c:\programdata\Malwarebytes
2010-04-02 18:16 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-02 18:16 . 2010-04-02 18:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-02 15:44 . 2010-04-02 15:44 -------- d-----w- c:\programdata\Avira
2010-03-31 03:45 . 2010-03-31 03:45 -------- d-----w- c:\program files\Windows Portable Devices
2010-03-31 01:42 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-03-31 01:42 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-03-31 01:42 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-03-31 01:40 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2010-03-31 00:22 . 2010-04-01 10:19 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-30 23:45 . 2010-03-09 15:42 834048 ----a-w- c:\windows\system32\wininet.dll
2010-03-30 23:45 . 2010-03-09 16:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-30 23:43 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-03-30 23:43 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-03-30 23:43 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-03-30 18:36 . 2010-03-30 18:37 -------- d-----w- c:\windows\system32\ca-ES
2010-03-30 18:36 . 2010-03-30 18:36 -------- d-----w- c:\windows\system32\eu-ES
2010-03-30 18:36 . 2010-03-30 18:36 -------- d-----w- c:\windows\system32\vi-VN
2010-03-30 18:32 . 2010-03-30 18:32 -------- d-----w- c:\windows\system32\SPReview
2010-03-30 18:25 . 2009-04-10 21:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2010-03-30 18:25 . 2009-04-10 21:27 57856 ----a-w- c:\windows\system32\compcln.exe
2010-03-30 18:23 . 2009-04-10 21:28 3174400 ----a-w- c:\windows\system32\netshell.dll
2010-03-30 18:21 . 2010-03-30 18:21 -------- d-----w- c:\windows\system32\EventProviders
2010-03-26 02:00 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-19 09:37 . 2010-03-19 09:37 -------- d-----w- c:\program files\Trend Micro
2010-03-14 14:21 . 2010-03-14 14:21 -------- d-----w- c:\program files\phenomedia
2010-03-10 09:59 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-10 09:59 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-10 09:59 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-02 20:03 . 2009-01-20 22:50 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-02 20:03 . 2009-01-20 22:50 -------- d-----w- c:\programdata\Symantec
2010-04-02 18:16 . 2009-01-20 20:29 607742 ----a-w- c:\windows\system32\perfh007.dat
2010-04-02 18:16 . 2009-01-20 20:29 122410 ----a-w- c:\windows\system32\perfc007.dat
2010-04-02 15:48 . 2010-02-17 15:45 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-03-31 03:45 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-03-31 03:45 . 2010-03-31 03:45 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-03-31 03:45 . 2010-03-31 03:45 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-03-30 18:39 . 2009-11-14 23:08 -------- d-----w- c:\program files\Yahoo!
2010-03-30 18:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-03-30 18:37 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-30 18:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-03-30 18:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-03-30 18:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-03-30 18:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-03-30 18:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-03-14 23:06 . 2010-03-14 23:06 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-03-14 14:21 . 2009-01-20 21:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-10 10:02 . 2009-01-20 23:10 -------- d-----w- c:\programdata\Microsoft Help
2010-03-07 00:55 . 2009-12-13 00:45 -------- d-----w- c:\users\Mona\AppData\Roaming\ICQ
2010-02-25 18:14 . 2009-11-14 11:13 59464 ----a-w- c:\users\Mona\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 09:16 . 2009-11-15 14:55 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 22:53 . 2009-11-14 12:50 -------- d-----w- c:\programdata\Messenger Plus!
2010-02-17 15:48 . 2010-02-17 15:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-17 00:13 . 2010-02-17 00:13 -------- d-----w- c:\users\Mona\AppData\Roaming\TuneUp Software
2010-02-17 00:12 . 2010-02-17 00:12 -------- d-----w- c:\programdata\TuneUp Software
2010-02-17 00:12 . 2010-02-17 00:12 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-02-12 00:18 . 2010-02-12 00:18 -------- d-----w- c:\program files\CCleaner
2010-02-07 15:22 . 2010-02-07 15:19 -------- d-----w- c:\programdata\Atheros
2010-02-07 15:21 . 2010-02-07 15:20 -------- d-----w- c:\program files\Atheros
2010-02-07 15:20 . 2010-02-07 15:20 -------- d-----w- c:\program files\Cisco
2010-02-07 15:19 . 2010-02-07 15:19 -------- d-----w- c:\users\Mona\AppData\Roaming\InstallShield
2010-01-25 12:00 . 2010-02-24 11:06 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 11:05 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 11:05 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 11:06 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 11:05 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 11:06 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 11:06 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 11:06 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 11:06 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-24 11:06 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-06 15:38 . 2010-03-30 23:43 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-03-30 23:43 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-03-30 23:43 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-03-30 23:43 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Help poke"="c:\programdata\complicenselicense.n23zb" [X]
"comp view eggs idol"="c:\programdata\beep once keep.twnlrpb" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2009-11-10 5244216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-09-09 6281760]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-06-11 1454080]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-29 75136]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2008-10-09 561152]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Skytel"="Skytel.exe" [2008-09-09 1833504]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-15 2979144]
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-10-29 11551744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):7b,10,0c,d0,38,d0,ca,01

R2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [2007-08-23 61440]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2008-05-19 380416]
S3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [2006-12-22 19456]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2008-05-02 48128]


--- Other Services/Drivers In Memory ---

*Deregistered* - SymIM

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.de/
mStart Page = hxxp://de.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Mona\AppData\Roaming\Mozilla\Firefox\Profiles\qjt63dzv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://de.search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-04-02 22:10
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Messenger (Yahoo!) = "c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet??\

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-04-02 22:13:34
ComboFix-quarantined-files.txt 2010-04-02 20:13

Pre-Run: 5.303.443.456 Bytes frei
Post-Run: 5.214.785.536 Bytes frei

- - End Of File - - F7E3A1485588A151B162A72777FFD940




das ist der log.. und nun?

Das ist nicht das CF Log

doch o.O hatte es eben mal ausversehen drin gehabt.. hab es aber direkt ausgetauscht...

???????? und nun? o.O

Ja vorher war es das RSIT-Log..

Zitat:

ComboFix 10-04-01.02 - Mona 02.04.2010 22:05:10.1.2 - x86
Running from: E:\ComboFix.exe

Du solltest CF in cofi umbenennen oder war das zu übersehen?!

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. (Deine XXX mit dem richtigen Namen wieder ersetzen!!)

Code: Alles auswählenAufklappen

ATTFilter

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Help poke"=-
"comp view eggs idol"=-

Files::
c:\programdata\complicenselicense.n23zb
c:\programdata\beep once keep.twnlrpb
         

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!