Hello people,
Since today I have a issue of redirects when I want use google com , it sends to me a different website which shows ads. It happens with different browsers as well. Luckily for me google co uk functions :smile:. But I like to remove the virus which I don't know how it infiltrated my computer.
DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 7.0.6000.17103 BrowserJavaVersion: 1.6.0_37
Run by Basel at 23:00:06 on 2012-11-07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1031.18.2047.1246 [GMT 0:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\IObit\IObit Malware Fighter\IMFsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Giraffic\Veoh_GirafficWatchdog.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\Ralink\Common\RaRegistry.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Programme\Giraffic\Veoh_Giraffic.exe
C:\Programme\AVAST Software\Avast\avastUI.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Dokumente und Einstellungen\Basel\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe
C:\Dokumente und Einstellungen\Basel\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Programme\HTC\HTC Sync 3.0\adb.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k Akamai
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uWindow Title = >>> 'Full Speed' Enabled <<<
uProxyOverride = local;<local>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\programme\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\programme\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\programme\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\programme\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\programme\gemeinsame dateien\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: SnapFlash Class: {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - c:\programme\gemeinsame dateien\justdo\Jd2002.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\dokumente und einstellungen\basel\anwendungsdaten\flashgetbho\FlashGetBHO3.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\programme\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\programme\avast software\avast\aswWebRepIE.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Tok-Cirrhatus] <no file>
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_4_402_287_Plugin.exe -update plugin
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avast] "c:\programme\avast software\avast\avastUI.exe" /nogui
mRun: [nwiz] c:\programme\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Adobe ARM] "c:\programme\gemeinsame dateien\adobe\arm\1.0\AdobeARM.exe"
mRun: [StartCCC] "c:\programme\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\programme\gemeinsame dateien\java\java update\jusched.exe"
mRun: [HTC Sync Loader] "c:\programme\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:177
mPolicies-Explorer: NoDriveAutoRun = dword:64
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Download all by FlashGet3 - c:\dokumente und einstellungen\basel\anwendungsdaten\flashgetbho\GetAllUrl.htm
IE: Download by FlashGet3 - c:\dokumente und einstellungen\basel\anwendungsdaten\flashgetbho\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Save Flash with Flash Catcher - c:\programme\gemeinsame dateien\justdo\IECatcher.DLL/FlashCatcher.htm
IE: Save video on Savevid.com - c:\programme\savevid\redirect.htm
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\programme\microsoft office\office14\ONBttnIE.dll
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\programme\paltalk messenger\Paltalk.exe
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\programme\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - c:\programme\gemeinsame dateien\justdo\IECatcher.DLL/FlashCatcher.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.16.0.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{C37647F9-BF0E-46F6-A3E8-9B68C112A0EF} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\programme\gemeinsame dateien\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\programme\gemeinsame dateien\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\programme\microsoft office\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\dokumente und einstellungen\basel\anwendungsdaten\mozilla\firefox\profiles\z2hzr459.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?hl=en&q=
FF - prefs.js: browser.search.selectedEngine - Google.com (in English)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?hl=en&q=
FF - component: c:\dokumente und einstellungen\basel\anwendungsdaten\mozilla\firefox\profiles\z2hzr459.default\extensions\{db9127a2-3381-41ec-82b3-1b6ed4c6f29a}\components\FlashgetXpi.dll
FF - plugin: c:\dokumente und einstellungen\all users\anwendungsdaten\nexoneu\ngm\npNxGameeu.dll
FF - plugin: c:\dokumente und einstellungen\basel\anwendungsdaten\mozilla\firefox\profiles\z2hzr459.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\programme\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\programme\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\programme\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\programme\gemeinsame dateien\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\programme\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\programme\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\programme\iahgames\playfast\npiahpd.dll
FF - plugin: c:\programme\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programme\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\programme\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\programme\mozilla firefox\plugins\npdap.dll
FF - plugin: c:\programme\mozilla firefox\plugins\nppdf32.dll
FF - plugin: c:\programme\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\programme\research in motion limited\blackberry app world browser plugin\npappworld.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - ExtSQL: 2012-09-12 16:23; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-18 18:59; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
============= SERVICES / DRIVERS ===============
.
R0 FGXSCSI;FGXSCSI;c:\windows\system32\drivers\fgxscsi.sys [2012-4-2 71680]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-5-30 14776]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-8-6 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-8-6 337880]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-5-28 242240]
R1 XPROTECTOR;XPROTECTOR;c:\windows\system32\drivers\Oreans.sys [2012-3-25 41888]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-8-6 20696]
R2 avast! Antivirus;avast! Antivirus;c:\programme\avast software\avast\AvastSvc.exe [2011-8-6 44768]
R2 Giraffic;Veoh Giraffic Video Accelerator;c:\programme\giraffic\veoh_girafficwatchdog.exe --service --> c:\programme\giraffic\Veoh_GirafficWatchdog.exe --service [?]
R2 IMFservice;IMF Service;c:\programme\iobit\iobit malware fighter\IMFsrv.exe [2011-7-2 821080]
R2 PassThru Service;Internet Pass-Through Service;c:\programme\htc\internet pass-through\PassThruSvr.exe [2012-4-13 88576]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\programme\ralink\common\RaRegistry.exe [2011-1-26 185632]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [2011-1-26 19072]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-3-12 100368]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-1-27 1617408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\programme\skype\updater\Updater.exe [2012-7-13 160944]
S3 AMBFilt;AMBFilt;c:\windows\system32\drivers\Ambfilt.sys [2011-1-27 1656960]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2012-1-8 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-12-8 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-12-8 8576]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-10-8 15576]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-10-8 10200]
S3 qrkis;Tether Miniport;c:\windows\system32\drivers\qrkis.sys [2012-6-6 45608]
S3 RegFilter;RegFilter;c:\programme\iobit\iobit malware fighter\drivers\wxp_x86\RegFilter.sys [2011-7-2 30368]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2011-1-26 779136]
S3 UrlFilter;UrlFilter;c:\programme\iobit\iobit malware fighter\drivers\wxp_x86\UrlFilter.sys [2011-7-2 16080]
S3 vproiah;vproiah;c:\windows\system32\drivers\vproiah.sys [2011-8-7 16128]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\programme\iobit\game booster\driver\WinRing0.sys [2012-5-30 14416]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 FileMonitor;FileMonitor;c:\programme\iobit\iobit malware fighter\drivers\wxp_x86\FileMonitor.sys [2011-7-2 239472]
.
=============== Created Last 30 ================
.
2012-11-06 13:08:58 -------- d-----w- c:\dokumente und einstellungen\basel\anwendungsdaten\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
2012-11-06 12:36:00 -------- d-----w- C:\Android
2012-11-03 19:56:19 -------- d-----w- C:\ruu_log
2012-11-02 22:18:46 -------- d-----w- c:\dokumente und einstellungen\basel\.android
2012-11-02 22:18:15 -------- d-----w- c:\dokumente und einstellungen\basel\lokale einstellungen\anwendungsdaten\Android
2012-10-29 17:05:22 -------- d-----w- c:\programme\CPUID
2012-10-26 11:05:22 -------- d-----w- c:\dokumente und einstellungen\basel\lokale einstellungen\anwendungsdaten\Help
2012-10-23 17:46:52 -------- d-----r- c:\programme\Skype
2012-10-16 12:34:53 -------- d-----w- c:\dokumente und einstellungen\basel\anwendungsdaten\Auslogics
2012-10-16 12:34:14 -------- d-----w- c:\programme\Auslogics
.
==================== Find3M ====================
.
2012-11-07 15:52:10 151552 ----a-w- c:\windows\KMSEmulator.exe
2012-10-10 22:13:32 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-10 22:13:31 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-07 14:35:13 139424 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-10-07 14:35:06 282104 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-10-07 14:35:06 282104 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-10-06 13:23:28 282104 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-10-03 11:50:12 23944 ----a-w- c:\windows\system32\dopdfmn7.dll
2012-10-03 11:50:12 20872 ----a-w- c:\windows\system32\dopdfmi7.dll
2012-09-24 14:32:24 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 14:32:20 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 12:51:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-15 20:58:55 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-09-12 11:23:47 138056 ----a-w- c:\dokumente und einstellungen\basel\anwendungsdaten\PnkBstrK.sys
2012-09-12 11:22:46 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2012-08-20 13:48:46 2872000 ----a-w- c:\windows\system32\pwNative.exe
2012-08-20 13:48:44 15576 ------w- c:\windows\system32\pwdrvio.sys
2012-08-20 13:48:44 10200 ------w- c:\windows\system32\pwdspio.sys
2012-08-09 11:29:00 524073192 ---ha-w- c:\programme\FantasyTennis_Setup.exe
2012-02-18 22:48:45 1509711248 ----a-w- c:\programme\Combatarms_VER_US_2.1201.05.exe
2011-10-10 20:25:18 2963272 ----a-w- c:\programme\Launcher.exe
2011-10-10 20:25:18 190280 ----a-w- c:\programme\PatchExpLib.dll
2011-08-12 20:22:14 2597888 ----a-w- c:\programme\MLBDugoutHeroes.exe
2011-08-12 16:51:24 722245840 ----a-w- c:\programme\MLB_DugoutHeroes_101214(1051_1).exe
2011-03-24 19:19:20 18340336 ----a-w- c:\programme\pal_install_r83706.exe
2011-03-24 19:18:24 1291624 ----a-w- c:\programme\wlsetup-web.exe
2010-07-01 00:03:00 293151 ----a-w- c:\programme\GameGuard.des
2010-05-04 14:55:28 167936 ----a-w- c:\programme\lua5.1.dll
2009-07-08 20:06:54 3851784 ----a-w- c:\programme\d3dx9_39.dll
2009-07-08 20:06:54 3426072 ----a-w- c:\programme\d3dx9_32.dll
2009-07-08 20:06:54 2388176 ----a-w- c:\programme\d3dx9_30.dll
2009-07-08 20:03:48 1712128 ----a-w- c:\programme\gdiplus.dll
2009-07-08 20:03:48 127488 ----a-w- c:\programme\dsetup.dll
2009-05-15 16:58:36 54272 ----a-w- c:\programme\vcomp90.dll
2009-01-22 10:17:46 122880 ----a-w- c:\programme\Selfupdate.exe
2008-09-03 13:23:48 410888 ----a-w- c:\programme\AutoRun.exe
2008-09-03 13:23:47 414984 ----a-w- c:\programme\EASetup.exe
2008-09-03 13:23:13 6350088 ------w- c:\programme\FIFA09.exe
2008-08-20 15:51:41 348160 ------w- c:\programme\msvcr71.dll
2007-10-30 17:06:30 5120 ----a-w- c:\programme\Slugger.sys
2008-04-14 06:52:20 1384479 --sh--r- c:\windows\system32\msvbvm60.dll
.
============= FINISH: 23:00:44.31 ===============
Since today I have a issue of redirects when I want use google com , it sends to me a different website which shows ads. It happens with different browsers as well. Luckily for me google co uk functions :smile:. But I like to remove the virus which I don't know how it infiltrated my computer.
DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 7.0.6000.17103 BrowserJavaVersion: 1.6.0_37
Run by Basel at 23:00:06 on 2012-11-07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1031.18.2047.1246 [GMT 0:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\IObit\IObit Malware Fighter\IMFsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Giraffic\Veoh_GirafficWatchdog.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\Ralink\Common\RaRegistry.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Programme\Giraffic\Veoh_Giraffic.exe
C:\Programme\AVAST Software\Avast\avastUI.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Dokumente und Einstellungen\Basel\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe
C:\Dokumente und Einstellungen\Basel\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Programme\HTC\HTC Sync 3.0\adb.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k Akamai
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uWindow Title = >>> 'Full Speed' Enabled <<<
uProxyOverride = local;<local>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\programme\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\programme\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\programme\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\programme\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\programme\gemeinsame dateien\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: SnapFlash Class: {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - c:\programme\gemeinsame dateien\justdo\Jd2002.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\dokumente und einstellungen\basel\anwendungsdaten\flashgetbho\FlashGetBHO3.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\programme\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\programme\avast software\avast\aswWebRepIE.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Tok-Cirrhatus] <no file>
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_4_402_287_Plugin.exe -update plugin
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avast] "c:\programme\avast software\avast\avastUI.exe" /nogui
mRun: [nwiz] c:\programme\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Adobe ARM] "c:\programme\gemeinsame dateien\adobe\arm\1.0\AdobeARM.exe"
mRun: [StartCCC] "c:\programme\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\programme\gemeinsame dateien\java\java update\jusched.exe"
mRun: [HTC Sync Loader] "c:\programme\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:177
mPolicies-Explorer: NoDriveAutoRun = dword:64
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Download all by FlashGet3 - c:\dokumente und einstellungen\basel\anwendungsdaten\flashgetbho\GetAllUrl.htm
IE: Download by FlashGet3 - c:\dokumente und einstellungen\basel\anwendungsdaten\flashgetbho\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Save Flash with Flash Catcher - c:\programme\gemeinsame dateien\justdo\IECatcher.DLL/FlashCatcher.htm
IE: Save video on Savevid.com - c:\programme\savevid\redirect.htm
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\programme\microsoft office\office14\ONBttnIE.dll
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\programme\paltalk messenger\Paltalk.exe
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\programme\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - c:\programme\gemeinsame dateien\justdo\IECatcher.DLL/FlashCatcher.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.16.0.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{C37647F9-BF0E-46F6-A3E8-9B68C112A0EF} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\programme\gemeinsame dateien\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\programme\gemeinsame dateien\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\programme\microsoft office\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\dokumente und einstellungen\basel\anwendungsdaten\mozilla\firefox\profiles\z2hzr459.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?hl=en&q=
FF - prefs.js: browser.search.selectedEngine - Google.com (in English)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?hl=en&q=
FF - component: c:\dokumente und einstellungen\basel\anwendungsdaten\mozilla\firefox\profiles\z2hzr459.default\extensions\{db9127a2-3381-41ec-82b3-1b6ed4c6f29a}\components\FlashgetXpi.dll
FF - plugin: c:\dokumente und einstellungen\all users\anwendungsdaten\nexoneu\ngm\npNxGameeu.dll
FF - plugin: c:\dokumente und einstellungen\basel\anwendungsdaten\mozilla\firefox\profiles\z2hzr459.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\programme\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\programme\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\programme\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\programme\gemeinsame dateien\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\programme\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\programme\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\programme\iahgames\playfast\npiahpd.dll
FF - plugin: c:\programme\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programme\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\programme\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\programme\mozilla firefox\plugins\npdap.dll
FF - plugin: c:\programme\mozilla firefox\plugins\nppdf32.dll
FF - plugin: c:\programme\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\programme\research in motion limited\blackberry app world browser plugin\npappworld.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - ExtSQL: 2012-09-12 16:23; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-18 18:59; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
============= SERVICES / DRIVERS ===============
.
R0 FGXSCSI;FGXSCSI;c:\windows\system32\drivers\fgxscsi.sys [2012-4-2 71680]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-5-30 14776]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-8-6 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-8-6 337880]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-5-28 242240]
R1 XPROTECTOR;XPROTECTOR;c:\windows\system32\drivers\Oreans.sys [2012-3-25 41888]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-8-6 20696]
R2 avast! Antivirus;avast! Antivirus;c:\programme\avast software\avast\AvastSvc.exe [2011-8-6 44768]
R2 Giraffic;Veoh Giraffic Video Accelerator;c:\programme\giraffic\veoh_girafficwatchdog.exe --service --> c:\programme\giraffic\Veoh_GirafficWatchdog.exe --service [?]
R2 IMFservice;IMF Service;c:\programme\iobit\iobit malware fighter\IMFsrv.exe [2011-7-2 821080]
R2 PassThru Service;Internet Pass-Through Service;c:\programme\htc\internet pass-through\PassThruSvr.exe [2012-4-13 88576]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\programme\ralink\common\RaRegistry.exe [2011-1-26 185632]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [2011-1-26 19072]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-3-12 100368]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-1-27 1617408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\programme\skype\updater\Updater.exe [2012-7-13 160944]
S3 AMBFilt;AMBFilt;c:\windows\system32\drivers\Ambfilt.sys [2011-1-27 1656960]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2012-1-8 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-12-8 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-12-8 8576]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-10-8 15576]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-10-8 10200]
S3 qrkis;Tether Miniport;c:\windows\system32\drivers\qrkis.sys [2012-6-6 45608]
S3 RegFilter;RegFilter;c:\programme\iobit\iobit malware fighter\drivers\wxp_x86\RegFilter.sys [2011-7-2 30368]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2011-1-26 779136]
S3 UrlFilter;UrlFilter;c:\programme\iobit\iobit malware fighter\drivers\wxp_x86\UrlFilter.sys [2011-7-2 16080]
S3 vproiah;vproiah;c:\windows\system32\drivers\vproiah.sys [2011-8-7 16128]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\programme\iobit\game booster\driver\WinRing0.sys [2012-5-30 14416]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 FileMonitor;FileMonitor;c:\programme\iobit\iobit malware fighter\drivers\wxp_x86\FileMonitor.sys [2011-7-2 239472]
.
=============== Created Last 30 ================
.
2012-11-06 13:08:58 -------- d-----w- c:\dokumente und einstellungen\basel\anwendungsdaten\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
2012-11-06 12:36:00 -------- d-----w- C:\Android
2012-11-03 19:56:19 -------- d-----w- C:\ruu_log
2012-11-02 22:18:46 -------- d-----w- c:\dokumente und einstellungen\basel\.android
2012-11-02 22:18:15 -------- d-----w- c:\dokumente und einstellungen\basel\lokale einstellungen\anwendungsdaten\Android
2012-10-29 17:05:22 -------- d-----w- c:\programme\CPUID
2012-10-26 11:05:22 -------- d-----w- c:\dokumente und einstellungen\basel\lokale einstellungen\anwendungsdaten\Help
2012-10-23 17:46:52 -------- d-----r- c:\programme\Skype
2012-10-16 12:34:53 -------- d-----w- c:\dokumente und einstellungen\basel\anwendungsdaten\Auslogics
2012-10-16 12:34:14 -------- d-----w- c:\programme\Auslogics
.
==================== Find3M ====================
.
2012-11-07 15:52:10 151552 ----a-w- c:\windows\KMSEmulator.exe
2012-10-10 22:13:32 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-10 22:13:31 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-07 14:35:13 139424 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-10-07 14:35:06 282104 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-10-07 14:35:06 282104 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-10-06 13:23:28 282104 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-10-03 11:50:12 23944 ----a-w- c:\windows\system32\dopdfmn7.dll
2012-10-03 11:50:12 20872 ----a-w- c:\windows\system32\dopdfmi7.dll
2012-09-24 14:32:24 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 14:32:20 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 12:51:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-15 20:58:55 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-09-12 11:23:47 138056 ----a-w- c:\dokumente und einstellungen\basel\anwendungsdaten\PnkBstrK.sys
2012-09-12 11:22:46 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2012-08-20 13:48:46 2872000 ----a-w- c:\windows\system32\pwNative.exe
2012-08-20 13:48:44 15576 ------w- c:\windows\system32\pwdrvio.sys
2012-08-20 13:48:44 10200 ------w- c:\windows\system32\pwdspio.sys
2012-08-09 11:29:00 524073192 ---ha-w- c:\programme\FantasyTennis_Setup.exe
2012-02-18 22:48:45 1509711248 ----a-w- c:\programme\Combatarms_VER_US_2.1201.05.exe
2011-10-10 20:25:18 2963272 ----a-w- c:\programme\Launcher.exe
2011-10-10 20:25:18 190280 ----a-w- c:\programme\PatchExpLib.dll
2011-08-12 20:22:14 2597888 ----a-w- c:\programme\MLBDugoutHeroes.exe
2011-08-12 16:51:24 722245840 ----a-w- c:\programme\MLB_DugoutHeroes_101214(1051_1).exe
2011-03-24 19:19:20 18340336 ----a-w- c:\programme\pal_install_r83706.exe
2011-03-24 19:18:24 1291624 ----a-w- c:\programme\wlsetup-web.exe
2010-07-01 00:03:00 293151 ----a-w- c:\programme\GameGuard.des
2010-05-04 14:55:28 167936 ----a-w- c:\programme\lua5.1.dll
2009-07-08 20:06:54 3851784 ----a-w- c:\programme\d3dx9_39.dll
2009-07-08 20:06:54 3426072 ----a-w- c:\programme\d3dx9_32.dll
2009-07-08 20:06:54 2388176 ----a-w- c:\programme\d3dx9_30.dll
2009-07-08 20:03:48 1712128 ----a-w- c:\programme\gdiplus.dll
2009-07-08 20:03:48 127488 ----a-w- c:\programme\dsetup.dll
2009-05-15 16:58:36 54272 ----a-w- c:\programme\vcomp90.dll
2009-01-22 10:17:46 122880 ----a-w- c:\programme\Selfupdate.exe
2008-09-03 13:23:48 410888 ----a-w- c:\programme\AutoRun.exe
2008-09-03 13:23:47 414984 ----a-w- c:\programme\EASetup.exe
2008-09-03 13:23:13 6350088 ------w- c:\programme\FIFA09.exe
2008-08-20 15:51:41 348160 ------w- c:\programme\msvcr71.dll
2007-10-30 17:06:30 5120 ----a-w- c:\programme\Slugger.sys
2008-04-14 06:52:20 1384479 --sh--r- c:\windows\system32\msvbvm60.dll
.
============= FINISH: 23:00:44.31 ===============