ComboFix 09-01-18.01 - x 2009-01-19 2:57:06.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.767.469 [GMT 1:00] ausgeführt von:: f:\dokumente und einstellungen\x\Desktop\ComboFix.exe AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) * Neuer Wiederherstellungspunkt wurde erstellt Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !! . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . f:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr0.dat f:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr1.dat f:\windows\system32\alisesag.ini f:\windows\system32\atisuval.ini f:\windows\system32\rkxzax.dll f:\windows\system32\tajopava.dll f:\windows\system32\vetajume.dll f:\windows\system32\wbsaez.dll f:\windows\system32\wefojuho.dll f:\windows\system32\yakupuge.dll f:\windows\system32\zkvetg.dll f:\windows\Tasks\scaxdbyf.job f:\windows\Temp\tmp3.tmp ----- BITS: Eventuell infizierte Webseiten ----- hxxp://77.74.48.105 . ((((((((((((((((((((((( Dateien erstellt von 2008-12-19 bis 2009-01-19 )))))))))))))))))))))))))))))) . 2009-01-19 02:15 . 2009-01-19 02:15 d-------- f:\programme\Malwarebytes' Anti-Malware 2009-01-19 02:15 . 2009-01-14 16:11 38,496 --a------ f:\windows\system32\drivers\mbamswissarmy.sys 2009-01-19 02:15 . 2009-01-14 16:11 15,504 --a------ f:\windows\system32\drivers\mbam.sys 2009-01-19 02:13 . 2009-01-19 02:13 2,737,808 --a------ f:\windows\system32\mbam-setup.exe 2009-01-18 09:53 . 2009-01-18 09:53 d-------- f:\programme\Trend Micro 2009-01-18 09:51 . 2009-01-18 09:51 812,344 --a------ f:\windows\system32\HJTInstall202.exe 2009-01-18 09:10 . 2009-01-18 09:10 d-------- f:\windows\system32\Kaspersky Lab 2009-01-18 09:10 . 2009-01-18 09:10 d-------- f:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab 2009-01-18 08:44 . 2009-01-18 08:44 d-------- F:\!KillBox 2009-01-18 08:27 . 2009-01-18 08:27 93,696 --a------ f:\windows\system32\KillBox.exe 2009-01-18 07:23 . 2009-01-18 07:23 7,680 --ahs---- f:\windows\Thumbs.db 2009-01-18 06:23 . 2009-01-18 06:23 d-------- f:\dokumente und einstellungen\All Users\Anwendungsdaten\MSN6 2009-01-17 07:38 . 2009-01-17 07:39 9,802,176 --a------ F:\Vuze_4.0.0.4b_windows.exe 2009-01-16 06:41 . 2009-01-17 10:47 d-------- f:\programme\Trojan Remover 2009-01-16 06:41 . 2009-01-17 10:47 d-------- f:\dokumente und einstellungen\x\Anwendungsdaten\Simply Super Software 2009-01-16 06:41 . 2006-05-25 14:52 162,304 --a------ f:\windows\system32\ztvunrar36.dll 2009-01-16 06:41 . 2003-02-02 19:06 153,088 --a------ f:\windows\system32\unrar3.dll 2009-01-16 06:41 . 2005-08-26 00:50 77,312 --a------ f:\windows\system32\ztvunace26.dll 2009-01-16 06:41 . 2002-03-06 00:00 75,264 --a------ f:\windows\system32\unacev2.dll 2009-01-16 06:41 . 2006-06-19 12:01 69,632 --a------ f:\windows\system32\ztvcabinet.dll 2009-01-15 22:17 . 2009-01-15 22:17 132 --a------ f:\windows\system32\ikhcore.cfg 2009-01-13 14:33 . 2009-01-18 17:58 d-------- f:\programme\Metin2_Germany 2009-01-13 13:13 . 2009-01-13 14:33 531,311,510 --a------ F:\Metin2_DE_20080811.exe 2009-01-13 13:12 . 2009-01-13 13:12 342,274 --a------ F:\Downloader_Metin2_DE.exe 2009-01-12 04:36 . 2008-11-24 14:01 499,712 --a------ f:\windows\system32\msvcp71.dll 2009-01-12 04:35 . 2009-01-12 04:35 4,566,456 --a------ F:\Shockwave_Installer_Slim.exe 2009-01-07 18:44 . 2009-01-07 18:44 d-------- f:\dokumente und einstellungen\All Users\Anwendungsdaten\Bluetooth 2009-01-07 18:39 . 2009-01-07 18:39 d-------- f:\programme\IVT Corporation 2009-01-02 22:35 . 2009-01-02 22:35 23,600 --a------ f:\windows\system32\drivers\TVICHW32.SYS 2009-01-02 17:32 . 2004-08-03 23:08 31,616 --a------ f:\windows\system32\drivers\usbccgp.sys 2009-01-02 17:32 . 2004-08-03 23:08 31,616 --a--c--- f:\windows\system32\dllcache\usbccgp.sys 2009-01-02 17:32 . 2004-08-04 00:57 21,504 --a------ f:\windows\system32\hidserv.dll 2009-01-02 17:32 . 2004-08-04 00:57 21,504 --a--c--- f:\windows\system32\dllcache\hidserv.dll 2009-01-02 17:32 . 2004-08-04 00:46 14,848 --a------ f:\windows\system32\drivers\kbdhid.sys 2009-01-02 17:32 . 2004-08-04 00:46 14,848 --a--c--- f:\windows\system32\dllcache\kbdhid.sys 2009-01-02 17:32 . 2001-08-17 14:02 9,600 --a------ f:\windows\system32\drivers\hidusb.sys 2009-01-02 17:32 . 2001-08-17 14:02 9,600 --a--c--- f:\windows\system32\dllcache\hidusb.sys 2009-01-01 19:07 . 2009-01-01 19:07 151 --a------ f:\windows\PhotoSnapViewer.INI 2008-12-28 05:26 . 2009-01-10 03:58 268 --ah----- F:\sqmdata19.sqm 2008-12-28 05:26 . 2009-01-10 03:58 244 --ah----- F:\sqmnoopt19.sqm 2008-12-28 03:55 . 2009-01-10 03:47 268 --ah----- F:\sqmdata18.sqm 2008-12-28 03:55 . 2009-01-10 03:47 244 --ah----- F:\sqmnoopt18.sqm 2008-12-27 10:47 . 2009-01-10 03:43 268 --ah----- F:\sqmdata17.sqm 2008-12-27 10:47 . 2009-01-10 03:43 244 --ah----- F:\sqmnoopt17.sqm 2008-12-26 09:39 . 2009-01-08 16:09 268 --ah----- F:\sqmdata16.sqm 2008-12-26 09:39 . 2009-01-08 16:09 244 --ah----- F:\sqmnoopt16.sqm 2008-12-25 09:41 . 2009-01-08 03:44 268 --ah----- F:\sqmdata15.sqm 2008-12-25 09:41 . 2009-01-08 03:44 244 --ah----- F:\sqmnoopt15.sqm 2008-12-24 10:23 . 2009-01-17 09:54 268 --ah----- F:\sqmdata14.sqm 2008-12-24 10:23 . 2009-01-17 09:54 244 --ah----- F:\sqmnoopt14.sqm 2008-12-24 09:47 . 2009-01-17 09:48 268 --ah----- F:\sqmdata13.sqm 2008-12-24 09:47 . 2009-01-17 09:48 244 --ah----- F:\sqmnoopt13.sqm 2008-12-23 09:42 . 2009-01-17 03:49 268 --ah----- F:\sqmdata12.sqm 2008-12-23 09:42 . 2009-01-17 03:49 244 --ah----- F:\sqmnoopt12.sqm 2008-12-22 12:42 . 2009-01-16 18:14 268 --ah----- F:\sqmdata11.sqm 2008-12-22 12:42 . 2009-01-16 18:14 244 --ah----- F:\sqmnoopt11.sqm 2008-12-22 12:12 . 2009-01-16 07:09 268 --ah----- F:\sqmdata10.sqm 2008-12-22 12:12 . 2009-01-16 07:09 244 --ah----- F:\sqmnoopt10.sqm 2008-12-22 08:25 . 2009-01-16 06:59 268 --ah----- F:\sqmdata09.sqm 2008-12-22 08:25 . 2009-01-16 06:59 244 --ah----- F:\sqmnoopt09.sqm 2008-12-21 07:38 . 2009-01-16 03:13 268 --ah----- F:\sqmdata08.sqm 2008-12-21 07:38 . 2009-01-16 03:13 244 --ah----- F:\sqmnoopt08.sqm 2008-12-20 09:57 . 2009-01-15 14:16 268 --ah----- F:\sqmdata07.sqm 2008-12-20 09:57 . 2009-01-15 14:16 244 --ah----- F:\sqmnoopt07.sqm 2008-12-19 18:54 . 2008-12-19 18:53 410,984 --a------ f:\windows\system32\deploytk.dll 2008-12-19 18:54 . 2008-12-19 18:53 73,728 --a------ f:\windows\system32\javacpl.cpl 2008-12-19 18:53 . 2008-12-19 18:53 d-------- f:\programme\Java 2008-12-19 18:47 . 2008-12-19 18:47 607,640 --a------ F:\xpiinstall-6u11-fcs-bin-b90-windows-i586-25_nov_2008.exe 2008-12-19 08:40 . 2009-01-14 23:05 268 --ah----- F:\sqmdata06.sqm 2008-12-19 08:40 . 2009-01-14 23:05 244 --ah----- F:\sqmnoopt06.sqm 2008-12-19 00:21 . 2009-01-14 21:06 268 --ah----- F:\sqmdata05.sqm 2008-12-19 00:21 . 2009-01-14 21:06 244 --ah----- F:\sqmnoopt05.sqm . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-19 01:46 --------- d-----w f:\dokumente und einstellungen\x\Anwendungsdaten\Azureus 2009-01-18 18:10 --------- d-----w f:\programme\DivX 2009-01-18 18:09 --------- d-----w f:\dokumente und einstellungen\x\Anwendungsdaten\teamspeak2 2009-01-17 18:39 --------- d-----w f:\dokumente und einstellungen\x\Anwendungsdaten\UpdateStar 2009-01-17 10:32 --------- d-----w f:\programme\Windows Live Toolbar 2009-01-17 09:04 --------- d-----w f:\programme\Windows Live 2009-01-17 07:11 --------- d---a-w f:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP 2009-01-17 06:40 --------- d-----w f:\programme\Vuze 2008-12-12 08:26 --------- d-----w f:\programme\Google 2008-12-11 11:57 333,184 ----a-w f:\windows\system32\drivers\srv.sys 2008-12-11 06:53 --------- d-----w f:\programme\Teamspeak2_RC2 2008-12-11 06:51 5,862,994 ----a-w F:\ts2_client_rc2_2032.exe 2008-12-09 03:55 --------- d--h--w f:\programme\InstallShield Installation Information 2008-12-09 03:48 --------- d-----w f:\programme\Interface 2008-12-09 03:46 --------- d-----w f:\dokumente und einstellungen\x\Anwendungsdaten\InstallShield 2008-12-09 01:48 443,474,821 ----a-w F:\NavyField_FullClient_v1_131_German.exe 2008-12-06 08:05 --------- d-----w f:\programme\Zylom Games 2008-12-05 07:17 --------- d-----w f:\dokumente und einstellungen\x\Anwendungsdaten\Ahead 2008-12-04 10:16 --------- d-----w f:\dokumente und einstellungen\x\Anwendungsdaten\vlc 2008-12-03 16:43 --------- d-----w f:\dokumente und einstellungen\All Users\Anwendungsdaten\Zylom 2008-12-03 03:50 --------- d-----w f:\programme\Nero 2008-12-03 03:50 --------- d-----w f:\programme\Gemeinsame Dateien\Ahead 2008-12-03 03:35 --------- d-----w f:\programme\Gemeinsame Dateien\AVSMedia 2008-12-03 03:35 --------- d-----w f:\programme\AVS4YOU 2008-12-01 19:10 --------- dcsh--w f:\programme\Gemeinsame Dateien\WindowsLiveInstaller 2008-12-01 19:08 --------- d-----w f:\dokumente und einstellungen\All Users\Anwendungsdaten\WLInstaller 2008-11-29 22:03 --------- d-----w f:\dokumente und einstellungen\x\Anwendungsdaten\uTorrent 2008-11-29 20:55 --------- d-----w f:\dokumente und einstellungen\x\Anwendungsdaten\AVS4YOU 2008-11-29 20:55 --------- d-----w f:\dokumente und einstellungen\All Users\Anwendungsdaten\AVS4YOU 2008-11-28 20:59 --------- d-----w f:\dokumente und einstellungen\x\Anwendungsdaten\Malwarebytes 2008-11-28 20:58 --------- d-----w f:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2008-11-27 16:11 --------- d-----w f:\dokumente und einstellungen\x\Anwendungsdaten\dvdcss 2008-11-27 03:03 --------- d-----w f:\dokumente und einstellungen\x\Anwendungsdaten\BitSpirit 2008-11-27 02:18 --------- d-----w f:\dokumente und einstellungen\x\Anwendungsdaten\DivX 2008-11-26 01:57 --------- d-----w f:\dokumente und einstellungen\x\Anwendungsdaten\Babylon 2008-11-25 02:40 --------- d-----w f:\dokumente und einstellungen\All Users\Anwendungsdaten\Azureus 2008-11-25 02:38 --------- d-----w f:\programme\Gemeinsame Dateien\i4j_jres 2008-11-24 20:24 --------- d-----w f:\programme\CCleaner 2008-11-24 17:41 --------- d-----w f:\programme\Avira 2008-11-24 17:41 --------- d-----w f:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira 2008-11-24 01:16 --------- d-----w f:\programme\Gemeinsame Dateien\Dienste 2008-11-21 16:52 --------- d-----w f:\programme\Windows Media Connect 2 2008-10-27 16:50 98,304 ----a-w f:\windows\system32\CmdLineExt.dll 2008-10-24 11:10 453,632 ----a-w f:\windows\system32\dllcache\mrxsmb.sys 2008-10-23 12:59 283,648 ----a-w f:\windows\system32\gdi32.dll 2007-11-27 21:40 2,404,880 ----a-w f:\programme\WLinstaller.exe 2007-11-23 22:12 6,325,272 ----a-w f:\programme\Firefox Setup 2.0.0.6.exe 2007-09-06 19:20 237,568 ----a-w f:\programme\ENFUNSUpdater.exe . ((((((((((((((((((((((((((((( snapshot@2008-11-28_21.20.58.01 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-12 23:11:08 15,584 ----a-w f:\windows\$hf_mig$\KB901190\spmsg.dll + 2005-10-12 23:11:08 217,312 ----a-w f:\windows\$hf_mig$\KB901190\spuninst.exe + 2005-10-12 23:11:04 22,752 ----a-w f:\windows\$hf_mig$\KB901190\update\spcustom.dll + 2005-10-12 23:11:11 725,728 ----a-w f:\windows\$hf_mig$\KB901190\update\update.exe + 2005-10-12 23:11:17 377,568 ----a-w f:\windows\$hf_mig$\KB901190\update\updspapi.dll + 2008-10-03 10:00:23 247,326 ----a-w f:\windows\$hf_mig$\KB954600\SP2QFE\strmdll.dll + 2008-10-03 10:03:04 247,326 ----a-w f:\windows\$hf_mig$\KB954600\SP3GDR\strmdll.dll + 2008-10-03 09:49:54 247,326 ----a-w f:\windows\$hf_mig$\KB954600\SP3QFE\strmdll.dll + 2007-11-30 12:39:14 18,808 ----a-w f:\windows\$hf_mig$\KB954600\spmsg.dll + 2007-11-30 12:39:14 234,872 ----a-w f:\windows\$hf_mig$\KB954600\spuninst.exe + 2007-11-30 12:39:14 26,488 ----a-w f:\windows\$hf_mig$\KB954600\update\spcustom.dll + 2007-11-30 11:18:35 765,304 ----a-w f:\windows\$hf_mig$\KB954600\update\update.exe + 2007-11-30 11:18:35 388,984 ----a-w f:\windows\$hf_mig$\KB954600\update\updspapi.dll + 2008-10-22 09:47:25 62,976 ----a-w f:\windows\$hf_mig$\KB955839\SP2QFE\tzchange.exe + 2008-10-23 10:06:59 62,976 ----a-w f:\windows\$hf_mig$\KB955839\SP3GDR\tzchange.exe + 2008-10-23 10:17:49 62,976 ----a-w f:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe + 2007-11-30 12:39:14 18,808 ----a-w f:\windows\$hf_mig$\KB955839\spmsg.dll + 2007-11-30 12:39:14 234,872 ----a-w f:\windows\$hf_mig$\KB955839\spuninst.exe + 2007-11-30 12:39:14 26,488 ----a-w f:\windows\$hf_mig$\KB955839\update\spcustom.dll + 2007-11-30 12:39:14 765,304 ----a-w f:\windows\$hf_mig$\KB955839\update\update.exe + 2007-11-30 12:39:15 388,984 ----a-w f:\windows\$hf_mig$\KB955839\update\updspapi.dll + 2008-10-23 12:51:07 284,160 ----a-w f:\windows\$hf_mig$\KB956802\SP2QFE\gdi32.dll + 2008-10-23 12:36:55 286,720 ----a-w f:\windows\$hf_mig$\KB956802\SP3GDR\gdi32.dll + 2008-10-23 12:43:02 286,720 ----a-w f:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll + 2008-07-08 13:00:44 18,808 ----a-w f:\windows\$hf_mig$\KB956802\spmsg.dll + 2008-07-08 13:00:44 234,872 ----a-w f:\windows\$hf_mig$\KB956802\spuninst.exe + 2008-07-08 13:00:44 26,488 ----a-w f:\windows\$hf_mig$\KB956802\update\spcustom.dll + 2008-07-09 07:37:08 765,304 ----a-w f:\windows\$hf_mig$\KB956802\update\update.exe + 2008-07-09 07:37:16 388,984 ----a-w f:\windows\$hf_mig$\KB956802\update\updspapi.dll + 2008-10-16 10:22:40 1,024,000 ----a-w f:\windows\$hf_mig$\KB958215\SP2QFE\browseui.dll + 2008-10-16 10:22:32 152,064 ----a-w f:\windows\$hf_mig$\KB958215\SP2QFE\cdfview.dll + 2008-10-16 10:22:33 1,056,256 ----a-w f:\windows\$hf_mig$\KB958215\SP2QFE\danim.dll + 2008-10-16 10:22:33 357,888 ----a-w f:\windows\$hf_mig$\KB958215\SP2QFE\dxtmsft.dll + 2008-10-16 10:22:33 205,312 ----a-w f:\windows\$hf_mig$\KB958215\SP2QFE\dxtrans.dll + 2008-10-16 10:22:33 55,808 ----a-w f:\windows\$hf_mig$\KB958215\SP2QFE\extmgr.dll + 2008-10-15 14:18:21 18,432 ----a-w f:\windows\$hf_mig$\KB958215\SP2QFE\iedw.exe + 2008-10-16 10:22:34 251,904 ----a-w f:\windows\$hf_mig$\KB958215\SP2QFE\iepeers.dll + 2008-10-16 10:22:34 96,768 ----a-w f:\windows\$hf_mig$\KB958215\SP2QFE\inseng.dll + 2008-10-16 10:22:38 16,384 ----a-w f:\windows\$hf_mig$\KB958215\SP2QFE\jsproxy.dll + 2008-10-16 10:22:44 3,088,384 ----a-w f:\windows\$hf_mig$\KB958215\SP2QFE\mshtml.dll + 2008-10-16 10:22:38 449,024 ----a-w f:\windows\$hf_mig$\KB958215\SP2QFE\mshtmled.dll + 2008-10-16 10:22:34 146,432 ----a-w f:\windows\$hf_mig$\KB958215\SP2QFE\msrating.dll + 2008-10-16 10:22:35 532,480 ----a-w f:\windows\$hf_mig$\KB958215\SP2QFE\mstime.dll + 2008-10-16 10:22:35 39,424 ----a-w f:\windows\$hf_mig$\KB958215\SP2QFE\pngfilt.dll + 2008-10-16 10:22:37 1,499,136 ----a-w f:\windows\$hf_mig$\KB958215\SP2QFE\shdocvw.dll + 2008-10-16 10:22:39 474,624 ----a-w f:\windows\$hf_mig$\KB958215\SP2QFE\shlwapi.dll + 2008-10-15 19:05:28 374,272 ----a-w f:\windows\$hf_mig$\KB958215\SP2QFE\spru0407.dll + 2008-10-16 10:22:41 621,056 ----a-w f:\windows\$hf_mig$\KB958215\SP2QFE\urlmon.dll + 2008-10-16 10:22:38 673,280 ----a-w f:\windows\$hf_mig$\KB958215\SP2QFE\wininet.dll + 2008-10-16 01:00:26 3,088,896 ----a-w f:\windows\$hf_mig$\KB958215\SP3GDR\mshtml.dll + 2008-10-16 01:00:25 1,499,136 ----a-w f:\windows\$hf_mig$\KB958215\SP3GDR\shdocvw.dll + 2008-10-16 01:00:26 620,544 ----a-w f:\windows\$hf_mig$\KB958215\SP3GDR\urlmon.dll + 2008-10-16 01:00:25 671,744 ----a-w f:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll + 2008-10-16 05:33:14 3,088,896 ----a-w f:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll + 2008-10-16 01:03:12 1,499,136 ----a-w f:\windows\$hf_mig$\KB958215\SP3QFE\shdocvw.dll + 2008-10-16 01:03:12 621,056 ----a-w f:\windows\$hf_mig$\KB958215\SP3QFE\urlmon.dll + 2008-10-16 01:03:12 672,768 ----a-w f:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll + 2007-11-30 12:39:14 18,808 ----a-w f:\windows\$hf_mig$\KB958215\spmsg.dll + 2007-11-30 12:39:14 234,872 ----a-w f:\windows\$hf_mig$\KB958215\spuninst.exe + 2007-11-30 12:39:14 26,488 ----a-w f:\windows\$hf_mig$\KB958215\update\spcustom.dll + 2007-11-30 12:39:08 765,304 ----a-w f:\windows\$hf_mig$\KB958215\update\update.exe + 2008-07-09 07:37:16 388,984 ----a-w f:\windows\$hf_mig$\KB958215\update\updspapi.dll + 2005-10-12 23:11:08 217,312 -c----w f:\windows\$NtUninstallKB901190$\spuninst\spuninst.exe + 2005-10-12 23:11:17 377,568 -c----w f:\windows\$NtUninstallKB901190$\spuninst\updspapi.dll + 2006-10-18 20:03:58 100,864 -c----w f:\windows\$NtUninstallKB952069_WM9$\logagent.exe + 2007-07-27 06:16:50 234,872 -c----w f:\windows\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe + 2007-07-27 08:41:48 382,840 -c----w f:\windows\$NtUninstallKB952069_WM9$\spuninst\updspapi.dll + 2006-10-18 21:47:20 937,984 -c----w f:\windows\$NtUninstallKB952069_WM9$\wmnetmgr.dll + 2006-10-18 21:47:22 2,450,944 -c----w f:\windows\$NtUninstallKB952069_WM9$\wmvcore.dll + 2007-11-30 12:39:14 234,872 -c----w f:\windows\$NtUninstallKB954600$\spuninst\spuninst.exe + 2007-11-30 11:18:35 388,984 -c----w f:\windows\$NtUninstallKB954600$\spuninst\updspapi.dll + 2004-08-03 23:57:36 246,302 -c----w f:\windows\$NtUninstallKB954600$\strmdll.dll + 2007-11-30 12:39:14 234,872 -c----w f:\windows\$NtUninstallKB955839$\spuninst\spuninst.exe + 2007-11-30 12:39:15 388,984 -c----w f:\windows\$NtUninstallKB955839$\spuninst\updspapi.dll + 2008-07-14 11:09:18 62,976 -c----w f:\windows\$NtUninstallKB955839$\tzchange.exe + 2005-12-29 02:54:37 280,064 -c----w f:\windows\$NtUninstallKB956802$\gdi32.dll + 2008-07-08 13:00:44 234,872 -c----w f:\windows\$NtUninstallKB956802$\spuninst\spuninst.exe + 2008-07-09 07:37:16 388,984 -c----w f:\windows\$NtUninstallKB956802$\spuninst\updspapi.dll + 2008-08-20 05:35:26 1,023,488 -c----w f:\windows\$NtUninstallKB958215$\browseui.dll + 2008-08-20 05:35:24 152,064 -c----w f:\windows\$NtUninstallKB958215$\cdfview.dll + 2008-08-20 05:35:24 1,056,256 -c----w f:\windows\$NtUninstallKB958215$\danim.dll + 2008-08-20 05:35:24 357,888 -c----w f:\windows\$NtUninstallKB958215$\dxtmsft.dll + 2008-08-20 05:35:24 205,312 -c----w f:\windows\$NtUninstallKB958215$\dxtrans.dll + 2008-08-20 05:35:24 55,808 -c----w f:\windows\$NtUninstallKB958215$\extmgr.dll + 2008-08-19 09:30:39 18,432 -c----w f:\windows\$NtUninstallKB958215$\iedw.exe + 2008-08-20 05:35:24 251,392 -c----w f:\windows\$NtUninstallKB958215$\iepeers.dll + 2008-08-20 05:35:24 96,768 -c----w f:\windows\$NtUninstallKB958215$\inseng.dll + 2008-08-20 05:35:26 16,384 -c----w f:\windows\$NtUninstallKB958215$\jsproxy.dll + 2008-08-20 05:35:28 3,081,216 -c----w f:\windows\$NtUninstallKB958215$\mshtml.dll + 2008-08-20 05:35:26 449,024 -c----w f:\windows\$NtUninstallKB958215$\mshtmled.dll + 2008-08-20 05:35:24 146,432 -c----w f:\windows\$NtUninstallKB958215$\msrating.dll + 2008-08-20 05:35:25 532,480 -c----w f:\windows\$NtUninstallKB958215$\mstime.dll + 2008-08-20 05:35:25 39,424 -c----w f:\windows\$NtUninstallKB958215$\pngfilt.dll + 2008-08-20 05:35:25 1,494,528 -c----w f:\windows\$NtUninstallKB958215$\shdocvw.dll + 2008-08-20 05:35:26 474,624 -c----w f:\windows\$NtUninstallKB958215$\shlwapi.dll + 2007-11-30 12:39:14 234,872 -c----w f:\windows\$NtUninstallKB958215$\spuninst\spuninst.exe + 2008-07-09 07:37:16 388,984 -c----w f:\windows\$NtUninstallKB958215$\spuninst\updspapi.dll + 2008-08-20 05:35:27 617,984 -c----w f:\windows\$NtUninstallKB958215$\urlmon.dll + 2008-08-20 05:35:26 665,088 -c----w f:\windows\$NtUninstallKB958215$\wininet.dll + 2008-08-19 09:51:39 374,272 -c----w f:\windows\$NtUninstallKB958215$\xpsp3res.dll + 2001-07-10 12:58:30 94,208 ----a-w f:\windows\Downloaded Program Files\gwCID.dll + 2002-08-29 12:00:00 175,104 ----a-w f:\windows\ime\chsime\applets\PINTLCSA.DLL + 2002-08-29 12:00:00 53,760 ----a-w f:\windows\ime\chsime\applets\PINTLCSD.DLL + 2002-08-29 12:00:00 97,792 ----a-w f:\windows\ime\CHTIME\Applets\CHTMBX.DLL + 2002-08-29 12:00:00 56,320 ----a-w f:\windows\ime\CHTIME\Applets\CHTSKDIC.DLL + 2002-08-29 12:00:00 173,568 ----a-w f:\windows\ime\CHTIME\Applets\CHTSKF.DLL + 2004-08-03 21:32:36 426,041 ----a-w f:\windows\ime\imjp8_1\applets\voicepad.dll + 2004-08-03 21:32:36 86,073 ----a-w f:\windows\ime\imjp8_1\applets\voicesub.dll + 2004-08-03 21:31:40 57,399 ----a-w f:\windows\ime\imjp8_1\cplexe.exe + 2004-08-03 21:31:52 368,696 ----a-w f:\windows\ime\imjp8_1\imjpcic.dll + 2004-08-03 21:31:52 716,856 ----a-w f:\windows\ime\imjp8_1\imjpcus.dll + 2004-08-03 21:31:54 81,976 ----a-w f:\windows\ime\imjp8_1\imjpdct.dll + 2004-08-03 21:31:54 307,257 ----a-w f:\windows\ime\imjp8_1\imjpdct.exe + 2004-08-03 21:31:56 155,705 ----a-w f:\windows\ime\imjp8_1\imjpdsvr.exe + 2004-08-03 21:31:58 196,665 ----a-w f:\windows\ime\imjp8_1\imjpinst.exe + 2004-08-03 21:32:00 208,952 ----a-w f:\windows\ime\imjp8_1\imjpmig.exe + 2004-08-03 21:32:12 233,527 ----a-w f:\windows\ime\imjp8_1\imjprw.exe + 2004-08-03 21:32:16 262,200 ----a-w f:\windows\ime\imjp8_1\imjputy.exe + 2004-08-03 21:32:16 274,489 ----a-w f:\windows\ime\imjp8_1\imjputyc.dll + 2004-08-03 22:04:34 86,016 ----a-w f:\windows\ime\imkr6_1\applets\imekrmbx.dll + 2004-08-03 22:04:38 106,496 ----a-w f:\windows\ime\imkr6_1\imekrcic.dll + 2002-08-29 12:00:00 102,456 ----a-w f:\windows\ime\shared\imlang.dll + 2002-08-29 12:00:00 15,872 ----a-w f:\windows\ime\shared\res\PADRS404.DLL + 2002-08-29 12:00:00 15,360 ----a-w f:\windows\ime\shared\res\padrs804.dll + 2008-12-01 19:12:15 29,926 ----a-r f:\windows\Installer\{2B091530-69AA-442E-AB09-39ED06B58220}\MsblIco.Exe + 2008-12-03 03:52:23 29,926 ----a-r f:\windows\Installer\{4781569D-5404-1F26-4B2B-6DF444441031}\ARPPRODUCTICON.exe + 2009-01-07 17:42:01 3,638 ----a-r f:\windows\Installer\{8F85CC2C-4B26-4CF6-B835-DC59BCEDD287}\ARPPRODUCTICON.exe + 2009-01-07 17:42:01 45,056 ----a-r f:\windows\Installer\{8F85CC2C-4B26-4CF6-B835-DC59BCEDD287}\BlueSoleilShortcut_A4441B3FD7624BD9B8E935C7D26B381D.exe + 2009-01-07 17:42:01 45,056 ----a-r f:\windows\Installer\{8F85CC2C-4B26-4CF6-B835-DC59BCEDD287}\BsolDesktopShortcut_5F4A9C5DDE4741A284DAEED5CA08428B.exe + 2009-01-07 17:42:01 45,056 ----a-r f:\windows\Installer\{8F85CC2C-4B26-4CF6-B835-DC59BCEDD287}\BsolStartupShortcut_5F4A9C5DDE4741A284DAEED5CA08428B.exe + 2009-01-07 17:42:01 8,854 ----a-r f:\windows\Installer\{8F85CC2C-4B26-4CF6-B835-DC59BCEDD287}\Uninstall_BlueSoleil_DA0C16B5026041ACAA4BA0D7EA548378.exe - 2000-08-31 07:00:00 28,672 ----a-w f:\windows\NIRCMD.exe + 2000-08-31 07:00:00 29,696 ----a-w f:\windows\NIRCMD.exe + 2008-11-24 13:35:00 114,688 ----a-w f:\windows\system32\Adobe\Director\np32dsw.dll + 2008-11-24 13:43:36 202,168 ----a-w f:\windows\system32\Adobe\Director\SwDir.dll + 2008-11-24 13:35:38 499,712 ----a-w f:\windows\system32\Adobe\Shockwave 11\Control.dll + 2008-11-24 13:16:06 1,798,144 ----a-w f:\windows\system32\Adobe\Shockwave 11\dirapi.dll + 2008-11-24 13:35:40 9,216 ----a-w f:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll + 2008-11-24 13:07:38 703,488 ----a-w f:\windows\system32\Adobe\Shockwave 11\gi.dll + 2008-11-24 13:07:38 1,145,896 ----a-w f:\windows\system32\Adobe\Shockwave 11\gt.exe + 2008-11-24 13:07:38 52,288 ----a-w f:\windows\system32\Adobe\Shockwave 11\gtapi.dll + 2008-11-24 13:12:14 892,928 ----a-w f:\windows\system32\Adobe\Shockwave 11\iml32.dll + 2008-11-24 13:34:18 266,240 ----a-w f:\windows\system32\Adobe\Shockwave 11\Plugin.dll + 2008-11-24 13:36:12 446,464 ----a-w f:\windows\system32\Adobe\Shockwave 11\Proj.dll + 2008-11-24 13:43:16 460,216 ----a-w f:\windows\system32\Adobe\Shockwave 11\SwHelper_1103471.exe + 2008-11-24 13:34:04 114,688 ----a-w f:\windows\system32\Adobe\Shockwave 11\SwInit.exe + 2008-11-24 13:34:02 94,208 ----a-w f:\windows\system32\Adobe\Shockwave 11\SwMenu.dll + 2008-11-24 13:07:38 58,736 ----a-w f:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL + 1999-06-25 09:55:30 149,504 ----a-w f:\windows\system32\Adobe\Shockwave 11\UNWISE.EXE + 2008-02-29 04:14:04 223,744 ----a-w f:\windows\system32\b4fm.dll + 2001-06-27 11:31:00 39,611 ----a-w f:\windows\system32\biosid.exe - 2008-08-20 05:35:26 1,023,488 ----a-w f:\windows\system32\browseui.dll + 2008-10-16 10:37:12 1,023,488 ----a-w f:\windows\system32\browseui.dll + 2007-12-27 14:37:56 57,425 ----a-w f:\windows\system32\btfunc.dll + 2007-06-24 20:56:30 15,368 ----a-w f:\windows\system32\btinstall.dll - 2008-08-20 05:35:24 152,064 ----a-w f:\windows\system32\cdfview.dll + 2008-10-16 10:37:10 152,064 ----a-w f:\windows\system32\cdfview.dll - 2008-08-20 05:35:24 1,056,256 ----a-w f:\windows\system32\danim.dll + 2008-10-16 10:37:10 1,056,256 ----a-w f:\windows\system32\danim.dll - 2008-08-20 05:35:26 1,023,488 ----a-w f:\windows\system32\dllcache\browseui.dll + 2008-10-16 10:37:12 1,023,488 -c--a-w f:\windows\system32\dllcache\browseui.dll + 2004-08-03 22:10:36 18,944 -c--a-w f:\windows\system32\dllcache\bthusb.sys - 2008-08-20 05:35:24 152,064 ----a-w f:\windows\system32\dllcache\cdfview.dll + 2008-10-16 10:37:10 152,064 -c--a-w f:\windows\system32\dllcache\cdfview.dll - 2008-08-20 05:35:24 1,056,256 ----a-w f:\windows\system32\dllcache\danim.dll + 2008-10-16 10:37:10 1,056,256 -c--a-w f:\windows\system32\dllcache\danim.dll - 2006-06-26 17:40:34 148,480 ----a-w f:\windows\system32\dllcache\dnsapi.dll + 2008-06-20 17:39:48 148,992 -c--a-w f:\windows\system32\dllcache\dnsapi.dll + 2004-08-03 22:08:00 60,288 -c--a-w f:\windows\system32\dllcache\drmk.sys - 2008-08-20 05:35:24 357,888 ----a-w f:\windows\system32\dllcache\dxtmsft.dll + 2008-10-16 10:37:10 357,888 -c--a-w f:\windows\system32\dllcache\dxtmsft.dll - 2008-08-20 05:35:24 205,312 ----a-w f:\windows\system32\dllcache\dxtrans.dll + 2008-10-16 10:37:11 205,312 -c--a-w f:\windows\system32\dllcache\dxtrans.dll - 2008-08-20 05:35:24 55,808 ----a-w f:\windows\system32\dllcache\extmgr.dll + 2008-10-16 10:37:11 55,808 -c--a-w f:\windows\system32\dllcache\extmgr.dll + 2004-08-03 23:57:56 193,024 -c--a-w f:\windows\system32\dllcache\fsquirt.exe + 2008-10-23 12:59:11 283,648 -c----w f:\windows\system32\dllcache\gdi32.dll - 2008-08-19 09:30:39 18,432 ----a-w f:\windows\system32\dllcache\iedw.exe + 2008-10-15 09:45:01 18,432 -c--a-w f:\windows\system32\dllcache\iedw.exe - 2008-08-20 05:35:24 251,392 ----a-w f:\windows\system32\dllcache\iepeers.dll + 2008-10-16 10:37:11 251,392 -c--a-w f:\windows\system32\dllcache\iepeers.dll - 2002-08-29 12:00:00 59,392 -c--a-w f:\windows\system32\dllcache\imscinst.exe + 2004-08-03 21:31:50 59,392 -c--a-w f:\windows\system32\dllcache\imscinst.exe - 2008-08-20 05:35:24 96,768 ----a-w f:\windows\system32\dllcache\inseng.dll + 2008-10-16 10:37:11 96,768 -c--a-w f:\windows\system32\dllcache\inseng.dll - 2008-08-20 05:35:26 16,384 ----a-w f:\windows\system32\dllcache\jsproxy.dll + 2008-10-16 10:37:12 16,384 -c--a-w f:\windows\system32\dllcache\jsproxy.dll + 2001-08-17 13:55:56 6,144 -c--a-w f:\windows\system32\dllcache\kbd101b.dll + 2001-08-17 13:55:56 6,144 -c--a-w f:\windows\system32\dllcache\kbd101c.dll + 2001-08-17 13:55:56 5,632 -c--a-w f:\windows\system32\dllcache\kbd103.dll + 2001-08-17 13:55:56 6,144 -c--a-w f:\windows\system32\dllcache\kbd106.dll + 2001-08-18 03:53:46 8,704 -c--a-w f:\windows\system32\dllcache\kbdjpn.dll + 2001-08-18 03:53:46 8,192 -c--a-w f:\windows\system32\dllcache\kbdkor.dll + 2004-08-03 22:15:22 140,928 -c--a-w f:\windows\system32\dllcache\ks.sys + 2004-08-03 23:57:24 4,096 -c--a-w f:\windows\system32\dllcache\ksuser.dll + 2008-06-18 00:09:22 100,864 -c----w f:\windows\system32\dllcache\logagent.exe - 2008-08-20 05:35:28 3,081,216 ----a-w f:\windows\system32\dllcache\mshtml.dll + 2008-12-12 17:33:24 3,081,216 -c--a-w f:\windows\system32\dllcache\mshtml.dll - 2008-08-20 05:35:26 449,024 ----a-w f:\windows\system32\dllcache\mshtmled.dll + 2008-10-16 10:37:12 449,024 -c--a-w f:\windows\system32\dllcache\mshtmled.dll - 2008-08-20 05:35:24 146,432 ----a-w f:\windows\system32\dllcache\msrating.dll + 2008-10-16 10:37:11 146,432 -c--a-w f:\windows\system32\dllcache\msrating.dll - 2008-08-20 05:35:25 532,480 ----a-w f:\windows\system32\dllcache\mstime.dll + 2008-10-16 10:37:11 532,480 -c--a-w f:\windows\system32\dllcache\mstime.dll + 2008-06-20 17:39:48 247,296 -c----w f:\windows\system32\dllcache\mswsock.dll - 2008-08-20 05:35:25 39,424 ----a-w f:\windows\system32\dllcache\pngfilt.dll + 2008-10-16 10:37:11 39,424 -c--a-w f:\windows\system32\dllcache\pngfilt.dll + 2004-08-03 22:15:50 145,792 -c--a-w f:\windows\system32\dllcache\portcls.sys - 2008-08-20 05:35:25 1,494,528 ----a-w f:\windows\system32\dllcache\shdocvw.dll + 2008-10-16 10:37:11 1,494,528 -c--a-w f:\windows\system32\dllcache\shdocvw.dll - 2008-08-20 05:35:26 474,624 ----a-w f:\windows\system32\dllcache\shlwapi.dll + 2008-10-16 10:37:12 474,624 -c--a-w f:\windows\system32\dllcache\shlwapi.dll - 2008-08-28 10:04:17 333,056 ----a-w f:\windows\system32\dllcache\srv.sys + 2008-12-11 11:57:21 333,184 -c--a-w f:\windows\system32\dllcache\srv.sys + 2004-08-03 22:08:04 48,640 -c--a-w f:\windows\system32\dllcache\stream.sys + 2008-10-03 10:15:49 247,326 -c----w f:\windows\system32\dllcache\strmdll.dll - 2008-11-24 04:07:17 359,808 ----a-w f:\windows\system32\dllcache\tcpip.sys + 2008-06-20 10:45:13 360,320 -c--a-w f:\windows\system32\dllcache\tcpip.sys - 2006-08-16 09:37:30 225,664 ----a-w f:\windows\system32\dllcache\tcpip6.sys + 2008-06-20 09:52:06 225,920 -c--a-w f:\windows\system32\dllcache\tcpip6.sys - 2002-08-29 12:00:00 44,032 -c--a-w f:\windows\system32\dllcache\tintlphr.exe + 2004-08-03 21:32:16 44,032 -c--a-w f:\windows\system32\dllcache\tintlphr.exe - 2002-08-29 12:00:00 455,168 -c--a-w f:\windows\system32\dllcache\tintsetp.exe + 2004-08-03 21:32:16 455,168 -c--a-w f:\windows\system32\dllcache\tintsetp.exe - 2008-08-20 05:35:27 617,984 ----a-w f:\windows\system32\dllcache\urlmon.dll + 2008-10-16 10:37:12 617,984 -c--a-w f:\windows\system32\dllcache\urlmon.dll - 2008-08-20 05:35:26 665,088 ----a-w f:\windows\system32\dllcache\wininet.dll + 2008-10-16 10:37:11 665,088 -c--a-w f:\windows\system32\dllcache\wininet.dll + 2008-06-18 04:03:08 938,496 -c----w f:\windows\system32\dllcache\WMNetmgr.dll + 2008-06-18 04:03:14 2,458,112 -c----w f:\windows\system32\dllcache\WMVCore.dll - 2006-06-26 17:40:34 148,480 ----a-w f:\windows\system32\dnsapi.dll + 2008-06-20 17:39:48 148,992 ----a-w f:\windows\system32\dnsapi.dll + 2004-09-21 17:18:36 148,830 ----a-w f:\windows\system32\drivers\bcbthub.sys + 2007-06-24 20:56:34 34,312 ----a-w f:\windows\system32\drivers\blueletaudio.sys + 2007-06-24 20:56:40 27,656 ----a-w f:\windows\system32\drivers\BlueletSCOAudio.sys + 2007-06-24 20:56:54 38,920 ----a-w f:\windows\system32\drivers\btcusb.sys + 2007-03-05 19:56:18 35,600 ----a-w f:\windows\system32\drivers\BTHidMgr.sys + 2007-03-05 19:59:04 18,320 ----a-w f:\windows\system32\drivers\btnetdrv.sys + 2006-11-22 12:41:18 22,416 ----a-w f:\windows\system32\drivers\BTNetFilter.sys + 2004-09-21 17:18:36 116,021 ----a-w f:\windows\system32\drivers\fw203x.sys + 2005-09-25 18:11:20 5,888 ----a-w f:\windows\system32\drivers\imagedrv.sys + 2005-09-25 18:11:20 127,488 ----a-w f:\windows\system32\drivers\imagesrv.sys + 2003-04-29 00:31:18 51,169 ----a-w f:\windows\system32\drivers\OXSER.SYS + 2007-01-12 19:22:10 40,960 ----a-w f:\windows\system32\drivers\SCTray.exe + 2004-02-11 12:29:34 48,076 ----a-w f:\windows\system32\drivers\Sio9502k.sys + 2002-09-18 06:11:02 77,824 ----a-w f:\windows\system32\drivers\SioUi2k.dll + 2004-03-23 09:26:22 48,556 ----a-w f:\windows\system32\drivers\SktBt2k.sys - 2008-11-24 04:07:17 359,808 ----a-w f:\windows\system32\drivers\tcpip.sys + 2008-06-20 10:45:13 360,320 ----a-w f:\windows\system32\drivers\tcpip.sys - 2006-08-16 09:37:30 225,664 ----a-w f:\windows\system32\drivers\tcpip6.sys + 2008-06-20 09:52:06 225,920 ----a-w f:\windows\system32\drivers\tcpip6.sys + 2007-03-05 19:55:12 20,880 ----a-w f:\windows\system32\drivers\vbtenum.sys + 2007-03-05 19:52:18 34,448 ----a-w f:\windows\system32\drivers\VComm.sys + 2007-03-05 19:53:18 44,304 ----a-w f:\windows\system32\drivers\VcommMgr.sys + 2007-03-05 19:57:14 19,472 ----a-w f:\windows\system32\drivers\VHIDMini.sys + 2003-07-04 01:58:34 63,488 ----a-w f:\windows\system32\drivers\wssbtr1f.sys - 2008-08-20 05:35:24 357,888 ----a-w f:\windows\system32\dxtmsft.dll + 2008-10-16 10:37:10 357,888 ----a-w f:\windows\system32\dxtmsft.dll - 2008-08-20 05:35:24 205,312 ----a-w f:\windows\system32\dxtrans.dll + 2008-10-16 10:37:11 205,312 ----a-w f:\windows\system32\dxtrans.dll - 2008-08-20 05:35:24 55,808 ----a-w f:\windows\system32\extmgr.dll + 2008-10-16 10:37:11 55,808 ----a-w f:\windows\system32\extmgr.dll - 2008-08-20 05:35:24 251,392 ----a-w f:\windows\system32\iepeers.dll + 2008-10-16 10:37:11 251,392 ----a-w f:\windows\system32\iepeers.dll + 2005-09-25 18:11:20 1,568,768 ----a-w f:\windows\system32\imagX7.dll + 2005-09-25 18:11:20 476,320 ----a-w f:\windows\system32\imagXpr7.dll + 2005-09-25 18:11:20 262,144 ----a-w f:\windows\system32\imagXR7.dll + 2005-09-25 18:11:20 471,040 ----a-w f:\windows\system32\imagXRA7.dll + 2004-08-03 21:31:54 198,656 ----a-w f:\windows\system32\IME\CINTLGNT\CINTIME.DLL + 2004-08-03 21:31:56 480,256 ----a-w f:\windows\system32\IME\CINTLGNT\CINTSETP.EXE + 2004-08-03 21:31:50 59,392 ----a-w f:\windows\system32\IME\PINTLGNT\IMSCINST.EXE + 2002-08-29 12:00:00 70,144 ----a-w f:\windows\system32\IME\PINTLGNT\PINTLPHR.EXE + 2002-08-29 12:00:00 67,584 ----a-w f:\windows\system32\IME\PINTLGNT\PMIGRATE.DLL + 2004-08-03 21:32:16 44,032 ----a-w f:\windows\system32\IME\TINTLGNT\TINTLPHR.EXE + 2004-08-03 21:32:16 455,168 ----a-w f:\windows\system32\IME\TINTLGNT\TINTSETP.EXE + 2002-08-29 12:00:00 10,240 ----a-w f:\windows\system32\IME\TINTLGNT\TMIGRATE.DLL + 2004-08-03 21:31:50 811,064 ----a-w f:\windows\system32\imjp81k.dll - 2008-08-20 05:35:24 96,768 ----a-w f:\windows\system32\inseng.dll + 2008-10-16 10:37:11 96,768 ----a-w f:\windows\system32\inseng.dll + 2008-12-19 17:53:45 144,792 ----a-w f:\windows\system32\java.exe + 2008-12-19 17:53:45 144,792 ----a-w f:\windows\system32\javaw.exe + 2008-12-19 17:53:45 148,888 ----a-w f:\windows\system32\javaws.exe - 2008-08-20 05:35:26 16,384 ----a-w f:\windows\system32\jsproxy.dll + 2008-10-16 10:37:12 16,384 ----a-w f:\windows\system32\jsproxy.dll + 2005-05-24 11:27:16 213,048 ----a-w f:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll + 2007-10-21 20:40:14 94,208 ----a-w f:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe + 2007-10-21 20:40:16 950,272 ----a-w f:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll + 2001-08-17 13:55:56 6,144 ----a-w f:\windows\system32\kbd101b.dll + 2001-08-17 13:55:56 6,144 ----a-w f:\windows\system32\kbd101c.dll + 2001-08-17 13:55:56 5,632 ----a-w f:\windows\system32\kbd103.dll + 2001-08-17 13:55:56 6,144 ----a-w f:\windows\system32\kbd106.dll + 2001-08-18 03:53:46 8,704 ----a-w f:\windows\system32\kbdjpn.dll + 2001-08-18 03:53:46 8,192 ----a-w f:\windows\system32\kbdkor.dll - 2006-10-18 20:03:58 100,864 ----a-w f:\windows\system32\logagent.exe + 2008-06-18 00:09:22 100,864 ----a-w f:\windows\system32\logagent.exe + 2008-12-04 00:03:22 53,248 ----a-w f:\windows\system32\Macromed\Common\SwSupport.dll + 2008-12-03 23:59:26 581,632 ----a-w f:\windows\system32\Macromed\Shockwave 10\Control.dll + 2008-12-03 23:59:30 1,490,944 ----a-w f:\windows\system32\Macromed\Shockwave 10\dirapiX.dll + 2008-12-03 23:59:26 24,576 ----a-w f:\windows\system32\Macromed\Shockwave 10\DynaPlayer.dll + 2008-12-03 23:59:30 606,208 ----a-w f:\windows\system32\Macromed\Shockwave 10\iml32X.dll + 2008-12-03 23:59:26 339,968 ----a-w f:\windows\system32\Macromed\Shockwave 10\Plugin.dll + 2008-12-03 23:59:26 475,136 ----a-w f:\windows\system32\Macromed\Shockwave 10\PluginPing.dll + 2008-12-03 23:59:26 180,224 ----a-w f:\windows\system32\Macromed\Shockwave 10\Proj.dll + 2008-12-03 23:59:26 77,824 ----a-w f:\windows\system32\Macromed\Shockwave 10\SwInit.exe + 2008-12-03 23:59:26 86,016 ----a-w f:\windows\system32\Macromed\Shockwave 10\SwMenuX.dll + 2008-12-03 23:59:26 98,304 ----a-w f:\windows\system32\Macromed\Shockwave 10\SwOnce.dll + 2002-01-05 15:48:16 974,848 ----a-w f:\windows\system32\mfc70.dll - 2008-08-20 05:35:28 3,081,216 ----a-w f:\windows\system32\mshtml.dll + 2008-12-12 17:33:24 3,081,216 ----a-w f:\windows\system32\mshtml.dll - 2008-08-20 05:35:26 449,024 ----a-w f:\windows\system32\mshtmled.dll + 2008-10-16 10:37:12 449,024 ----a-w f:\windows\system32\mshtmled.dll - 2008-08-20 05:35:24 146,432 ----a-w f:\windows\system32\msrating.dll + 2008-10-16 10:37:11 146,432 ----a-w f:\windows\system32\msrating.dll - 2008-08-20 05:35:25 532,480 ----a-w f:\windows\system32\mstime.dll + 2008-10-16 10:37:11 532,480 ----a-w f:\windows\system32\mstime.dll + 2002-01-05 14:40:18 487,424 ----a-w f:\windows\system32\msvcp70.dll + 2002-01-05 02:37:26 344,064 ----a-w f:\windows\system32\msvcr70.dll + 2003-02-21 05:42:22 348,160 ----a-w f:\windows\system32\msvcr71.dll - 2004-08-03 23:57:30 247,296 ----a-w f:\windows\system32\mswsock.dll + 2008-06-20 17:39:48 247,296 ----a-w f:\windows\system32\mswsock.dll + 2003-05-21 12:50:38 24,576 ----a-w f:\windows\system32\msxml3a.dll + 2005-09-25 18:11:20 155,648 ----a-w f:\windows\system32\NeroCheck.exe + 2005-09-25 18:11:20 90,184 ----a-w f:\windows\system32\NeroCo.dll - 2008-11-22 16:08:09 49,856 ----a-w f:\windows\system32\perfc007.dat + 2009-01-14 21:32:24 49,856 ----a-w f:\windows\system32\perfc007.dat - 2008-11-22 16:08:09 35,738 ----a-w f:\windows\system32\perfc009.dat + 2009-01-14 21:32:24 35,738 ----a-w f:\windows\system32\perfc009.dat - 2008-11-22 16:08:09 319,870 ----a-w f:\windows\system32\perfh007.dat + 2009-01-14 21:32:24 319,870 ----a-w f:\windows\system32\perfh007.dat - 2008-11-22 16:08:09 295,296 ----a-w f:\windows\system32\perfh009.dat + 2009-01-14 21:32:24 295,296 ----a-w f:\windows\system32\perfh009.dat - 2008-08-20 05:35:25 39,424 ----a-w f:\windows\system32\pngfilt.dll + 2008-10-16 10:37:11 39,424 ----a-w f:\windows\system32\pngfilt.dll - 2008-08-20 05:35:25 1,494,528 ----a-w f:\windows\system32\shdocvw.dll + 2008-10-16 10:37:11 1,494,528 ----a-w f:\windows\system32\shdocvw.dll - 2008-08-20 05:35:26 474,624 ----a-w f:\windows\system32\shlwapi.dll + 2008-10-16 10:37:12 474,624 ----a-w f:\windows\system32\shlwapi.dll + 2007-02-07 15:38:00 1,717,848 ----a-w f:\windows\system32\Skype4COM.dll - 2004-08-03 23:57:36 246,302 ----a-w f:\windows\system32\strmdll.dll + 2008-10-03 10:15:49 247,326 ----a-w f:\windows\system32\strmdll.dll + 2005-09-25 18:11:20 364,544 ----a-w f:\windows\system32\TwnLib4.dll - 2008-07-14 11:09:18 62,976 ----a-w f:\windows\system32\tzchange.exe + 2008-10-22 09:47:07 62,976 ----a-w f:\windows\system32\tzchange.exe + 2004-08-03 22:04:12 76,288 ----a-w f:\windows\system32\uniime.dll - 2008-08-20 05:35:27 617,984 ----a-w f:\windows\system32\urlmon.dll + 2008-10-16 10:37:12 617,984 ----a-w f:\windows\system32\urlmon.dll - 2008-08-20 05:35:26 665,088 ----a-w f:\windows\system32\wininet.dll + 2008-10-16 10:37:11 665,088 ----a-w f:\windows\system32\wininet.dll - 2006-10-18 21:47:20 937,984 ----a-w f:\windows\system32\WMNetMgr.dll + 2008-06-18 04:03:08 938,496 ----a-w f:\windows\system32\WMNetmgr.dll - 2006-10-18 21:47:22 2,450,944 ----a-w f:\windows\system32\wmvcore.dll + 2008-06-18 04:03:14 2,458,112 ----a-w f:\windows\system32\WMVCore.dll - 2008-08-19 09:51:39 374,272 ----a-w f:\windows\system32\xpsp3res.dll + 2008-10-15 19:05:28 374,272 ----a-w f:\windows\system32\xpsp3res.dll + 2009-01-19 01:48:11 16,384 ----atw f:\windows\temp\Perflib_Perfdata_410.dat + 2006-12-01 21:56:00 96,256 ----a-w f:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll + 2006-12-01 23:25:52 1,101,824 ----a-w f:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll + 2006-12-01 23:25:56 1,093,120 ----a-w f:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll + 2006-12-01 23:25:58 69,632 ----a-w f:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll + 2006-12-01 23:26:00 57,856 ----a-w f:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll + 2006-12-01 23:08:00 40,960 ----a-w f:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll + 2006-12-01 23:08:00 45,056 ----a-w f:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll + 2006-12-01 23:08:00 65,536 ----a-w f:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll + 2006-12-01 23:08:00 57,344 ----a-w f:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll + 2006-12-01 23:08:00 61,440 ----a-w f:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll + 2006-12-01 23:08:00 61,440 ----a-w f:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll + 2006-12-01 23:08:00 61,440 ----a-w f:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll + 2006-12-01 23:08:00 49,152 ----a-w f:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll + 2006-12-01 23:08:00 49,152 ----a-w f:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll + 2006-12-01 23:46:44 65,536 ----a-w f:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll . -- Snapshot auf jetziges Datum zurückgesetzt -- . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdateStar"="f:\dokumente und einstellungen\x\Anwendungsdaten\UpdateStar\UpdateStar.exe" [2009-01-16 4370672] "ctfmon.exe"="f:\windows\system32\ctfmon.exe" [2004-08-04 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="f:\programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" [2005-09-25 94208] "BitComet"="f:\programme\BitComet\BitComet.exe" [BU] "Google Update"="f:\dokumente und einstellungen\x\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" [2008-12-10 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="f:\windows\System32\NvCpl.dll" [2003-10-06 5058560] "Adobe Reader Speed Launcher"="f:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "avgnt"="f:\programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "NeroFilterCheck"="f:\windows\system32\NeroCheck.exe" [2005-09-25 155648] "SunJavaUpdateSched"="f:\programme\Java\jre6\bin\jusched.exe" [2008-12-19 136600] "nwiz"="nwiz.exe" [2003-10-06 f:\windows\system32\nwiz.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 f:\windows\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="f:\windows\System32\CTFMON.EXE" [2004-08-04 15360] "NvMediaCenter"="f:\windows\System32\NVMCTRAY.DLL" [2003-10-06 49152] f:\dokumente und einstellungen\x\Startmen\Programme\Autostart\ OpenOffice.org 3.0.lnk - f:\programme\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= hgfhtz.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\af518c90cca962c9] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "f:\\Programme\\Mozilla Firefox\\firefox.exe"= "f:\\Programme\\Vuze\\Azureus.exe"= "f:\\Programme\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "f:\\Programme\\Java\\jre6\\bin\\java.exe"= "f:\\Programme\\Metin2_Germany\\metin2.bin"= "f:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "f:\\Programme\\messenger\\msmsgs.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "50814:TCP"= 50814:TCP:*:Disabled:vuze "11500:TCP"= 11500:TCP:*:Disabled:mimos vuze "24188:TCP"= 24188:TCP:*:Disabled:BitComet 24188 TCP "24188:UDP"= 24188:UDP:*:Disabled:BitComet 24188 UDP R4 Start BT in service;Start BT in service;f:\programme\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-12-27 51816] S3 ati2mpaa;ati2mpaa;f:\windows\system32\drivers\ati2mpaa.sys [2005-04-01 281984] S3 atirage;atirage;f:\windows\system32\drivers\atiragem.sys [2007-11-23 70784] S3 musbehco;musbehco;\??\f:\dokume~1\x\LOKALE~1\Temp\musbehco.sys --> f:\dokume~1\x\LOKALE~1\Temp\musbehco.sys [?] S3 ZSMC302;VIMICRO USB PC Camera;f:\windows\system32\Drivers\usbVM31b.sys --> f:\windows\system32\Drivers\usbVM31b.sys [?] S4 af518c90cca962c9;Microsoft DDE+ server;f:\windows\system32\.af518c90cca962c9\af518c90cca962c9.exe --> f:\windows\system32\.af518c90cca962c9\af518c90cca962c9.exe [?] . Inhalt des "geplante Tasks" Ordners 2009-01-19 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1935655697-725345543-1003.job - f:\dokumente und einstellungen\x\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2008-12-10 07:01] . - - - - Entfernte verwaiste Registrierungseinträge - - - - WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file) HKCU-Run-ICQ - f:\programme\ICQ6.5\ICQ.exe HKCU-Run-MsnMsgr - f:\programme\Windows Live\Messenger\MsnMsgr.Exe . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://start.icq.com/ uInternet Connection Wizard,ShellNext = iexplore Trusted Zone: *.popuppers.com O16 -: DirectAnimation Java Classes - file://f:\windows\Java\classes\dajava.cab f:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd O16 -: Microsoft XML Parser for Java - file://f:\windows\Java\classes\xmldso.cab f:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd FF - ProfilePath - f:\dokumente und einstellungen\x\Anwendungsdaten\Mozilla\Firefox\Profiles\t9khtugn.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2013740&SearchSource=3&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/ FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q= FF - component: f:\dokumente und einstellungen\x\Anwendungsdaten\Mozilla\Firefox\Profiles\t9khtugn.default\extensions\{50a5e962-af40-4f95-adb6-00fb627a715c}\components\FFAlert.dll FF - component: f:\dokumente und einstellungen\x\Anwendungsdaten\Mozilla\Firefox\Profiles\t9khtugn.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll FF - component: f:\dokumente und einstellungen\x\Anwendungsdaten\Mozilla\Firefox\Profiles\t9khtugn.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll FF - plugin: f:\dokumente und einstellungen\x\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.2.133.33\npGoogleOneClick7.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-19 02:59:23 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-796845957-1935655697-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'winlogon.exe'(700) f:\windows\system32\Ati2evxx.dll . Zeit der Fertigstellung: 2009-01-19 3:03:06 ComboFix-quarantined-files.txt 2009-01-19 02:02:38 Vor Suchlauf: 12 Verzeichnis(se), 21.191.901.184 Bytes frei Nach Suchlauf: 12 Verzeichnis(se), 21,207,011,328 Bytes frei 629 --- E O F --- 2009-01-14 20:02:54