Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.12.2011, 13:11   #1
Santi
 
Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP? - Standard

Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP?



Hallo, irgendwas kommt mir "spanisch" vor: jedesmal, wenn ich mich anmelde, kommt eine Meldung von ZoneAlarm, dass sich ein Netzwerk angemeldet hat und ob ich es öffentlich oder sicher haben will. Die IP ist jedesmal ein wenig abweichend von meiner - also wenn ich z.B. die letzten Ziffern 56 habe, ist die vom sog. Netzwerk 59, die vorherigen stimmen überein. Ich habe aber kein Netzwerk eingerichtet. Zudem bekomme ich von fb täglich eine Mail, dass sich jemand von einem anderen Computer eingeloggt hat, und zwar genau zu dem Zeitpunkt, wenn ich mich abgemeldet habe oder etwas später.
Habe ja eine Vermutung, dass da jemand an meinem Computer etwas verändert hat - eine Bekannte, die sich als "Hacker-queen" tituliert, meinte mal, sie könnte so meinen Computer überwachen, dass ich niemals dahinter käme - und sie hatte mal Zugang zu meinem Computer als ich kurz weg war. Hat sie auf die Pauke gehauen oder kann das wirklich sein?
Habe schon viel gegoogelt, aber keine entsprechende Antwort finden können. Vielleicht kann mir hier geholfen werden, wie ich das feststellen kann, ob da wirklich was ist bzw. wo ich da suchen kann.
Im Internet bin ich über Internetstick von Vodafone.

Danke schon mal im voraus.
LG Santi

P.S: kann jemand mit OneNote was anfangen? - hatte ich im Startmenü, obwohl ich noch nie was damit gemacht habe - auch unter den Druckern fand ich OneNote - hab ich entfernt.

Geändert von Santi (10.12.2011 um 13:26 Uhr)

Alt 10.12.2011, 19:19   #2
markusg
/// Malware-holic
 
Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP? - Standard

Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP?



das ist ungefährlich, one note meine ich.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 10.12.2011, 21:36   #3
Santi
 
Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP? - Standard

Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP?



Markus - danke für die schnelle Antwort .. hier nun das Ergebnis:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10/12/2011 21:26:31 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Documents and Settings\Richard\Escritorio
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy
 
1,99 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 65,55% Memory free
3,84 Gb Paging File | 3,08 Gb Available in Paging File | 80,31% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 146,48 Gb Total Space | 50,24 Gb Free Space | 34,30% Space Free | Partition Type: NTFS
Drive D: | 86,39 Gb Total Space | 55,08 Gb Free Space | 63,75% Space Free | Partition Type: NTFS
Drive F: | 44,13 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: RICHHOUSE | User Name: Richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/12/10 21:24:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard\Escritorio\OTL.exe
PRC - [2011/11/10 11:18:38 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Archivos de programa\Mozilla Firefox\firefox.exe
PRC - [2011/11/09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Archivos de programa\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/11/09 20:01:38 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Archivos de programa\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/11/03 12:06:56 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Archivos de programa\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/04/08 11:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Archivos comunes\Java\Java Update\jucheck.exe
PRC - [2011/04/08 11:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
PRC - [2011/03/29 07:48:10 | 000,408,576 | ---- | M] (Vodafone) -- C:\Archivos de programa\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
PRC - [2011/03/29 07:47:46 | 000,009,216 | ---- | M] (Vodafone) -- C:\Archivos de programa\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
PRC - [2009/11/10 12:19:51 | 000,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/04/14 06:48:58 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/28 16:50:50 | 000,180,224 | ---- | M] (Creative Technology Ltd) -- C:\Archivos de programa\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/12/04 08:12:29 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/10 11:18:36 | 001,989,592 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\mozjs.dll
MOD - [2011/11/03 12:06:56 | 000,591,232 | ---- | M] () -- C:\Archivos de programa\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/11/03 12:06:56 | 000,430,568 | ---- | M] () -- C:\Archivos de programa\Lavasoft\Ad-Aware\Viprebridge.dll
MOD - [2011/11/03 12:06:56 | 000,308,560 | ---- | M] () -- C:\Archivos de programa\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/10/11 13:50:10 | 000,193,904 | ---- | M] () -- C:\Documents and Settings\All Users\Datos de programa\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2011/10/11 13:50:08 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Datos de programa\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011/07/09 08:23:55 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\19280e723d215c0d6607d3884f453cdf\System.Management.ni.dll
MOD - [2011/07/09 08:22:20 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\0f3d321ebd65af974ff0ad424223276d\System.ServiceProcess.ni.dll
MOD - [2011/07/09 08:22:17 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f31f1579160d87470cba918f06276e0d\System.Web.Services.ni.dll
MOD - [2011/07/09 08:22:15 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\bdaf7904d223589a0f464de58d27e691\System.Runtime.Remoting.ni.dll
MOD - [2011/07/09 08:22:12 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\7c430c38d71d632c019ae37d5ef12c8e\System.Transactions.ni.dll
MOD - [2011/07/09 08:14:19 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\e4bcb14e8e53c8dcaff3d2c20daf746e\System.Security.ni.dll
MOD - [2011/07/09 08:14:15 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\48f8b951a598647dd309ca2031807a5d\System.Configuration.ni.dll
MOD - [2011/07/09 08:14:11 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll
MOD - [2011/07/09 07:28:48 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f354057a5b4fad4c399da28449ba0d92\System.Xml.ni.dll
MOD - [2011/07/09 07:28:35 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\29d16d2f164fe2263539789ecd0d9d4f\System.Windows.Forms.ni.dll
MOD - [2011/07/09 07:28:15 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\a59b17e6040e3f6286a2227dfdb17096\System.Drawing.ni.dll
MOD - [2011/07/09 07:28:12 | 010,683,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\ee914f59ad8211e0b6734dccffd9986e\System.Design.ni.dll
MOD - [2011/07/09 07:27:54 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\05d99241bd45cbd96a6053841790a4a2\System.Data.ni.dll
MOD - [2011/07/09 07:24:49 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f6a9a002526806f3a5b745cf5c407cae\System.ni.dll
MOD - [2011/07/09 01:58:01 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/07/09 01:57:14 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/07/09 01:57:02 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/06/07 09:44:50 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Datos de programa\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011/03/24 08:50:52 | 001,101,824 | R--- | M] () -- C:\Archivos de programa\Vodafone\Vodafone Mobile Broadband\Bin\NDISAPI.dll
MOD - [2009/01/28 16:03:49 | 000,326,401 | ---- | M] () -- C:\Archivos de programa\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008/06/20 00:37:08 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008/06/20 00:37:06 | 000,163,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_es_b77a5c561934e089\System.Xml.resources.dll
MOD - [2008/06/20 00:37:05 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2007/09/20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Archivos de programa\WinRAR\RarExt.dll
MOD - [2007/05/08 00:59:08 | 000,137,216 | ---- | M] () -- C:\WINDOWS\system32\OemSpi.dll
MOD - [2007/04/02 17:19:22 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011/11/09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Archivos de programa\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/03/29 07:47:46 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Archivos de programa\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2010/09/01 14:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Archivos de programa\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2009/11/10 12:19:51 | 000,603,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009/11/10 12:19:48 | 000,362,240 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/11/12 16:44:18 | 000,027,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/16 18:22:20 | 000,464,264 | ---- | M] () [Disabled | Stopped] -- C:\Archivos de programa\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/02/28 16:07:48 | 000,529,704 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/11/09 20:01:38 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2011/11/03 12:06:56 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/11/03 12:06:56 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Archivos de programa\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/03/24 08:53:02 | 000,085,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2011/03/24 08:53:02 | 000,072,832 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/03/24 08:53:02 | 000,051,456 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2011/03/24 08:53:02 | 000,026,496 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2011/03/24 08:53:02 | 000,011,136 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2011/03/24 08:53:00 | 000,102,784 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010/09/02 01:31:20 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/05 00:28:54 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Archivos de programa\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/03/05 00:28:54 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Archivos de programa\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/08 22:20:00 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/11/04 15:59:38 | 000,113,280 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/11/04 15:59:38 | 000,102,528 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/11/04 15:59:38 | 000,100,736 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/04/13 23:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/02/25 19:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/11/21 16:06:26 | 001,174,528 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17xfi.sys -- (P17xfi)
DRV - [2007/10/10 18:31:08 | 001,664,384 | ---- | M] (Creative) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\p17xfilt.sys -- (p17xfilt)
DRV - [2006/08/07 18:30:52 | 000,162,176 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2006/06/29 05:58:28 | 000,146,112 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0220Dev.sys -- (V0220Dev)
DRV - [2006/06/08 08:00:52 | 000,006,272 | R--- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0220Vfx.sys -- (V0220Vfx)
DRV - [2005/12/08 10:54:52 | 000,114,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/12/08 10:54:44 | 000,142,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/08/20 12:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/20 12:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2431245
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Archivos de programa\ZoneAlarm\prxtbZon0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Archivos de programa\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Elf 1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856415&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Elf 1 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {38542454-dfb6-44f5-b052-d4e071a3d073}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {22e03916-85c5-44b0-8dc9-1830c11238d9}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856415&q="
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 4001
FF - prefs.js..network.proxy.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 4001
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 4001
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 4001
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 4001
FF - prefs.js..network.proxy.type: 4
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Archivos de programa\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Archivos de programa\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Archivos de programa\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Archivos de programa\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Archivos de programa\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Archivos de programa\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\Documents and Settings\All Users\Datos de programa\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Archivos de programa\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2011/11/10 11:18:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2011/05/13 01:13:14 | 000,000,000 | ---D | M]
 
[2009/05/02 23:06:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Extensions
[2011/12/06 09:58:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\extensions
[2011/12/06 09:58:28 | 000,000,000 | ---D | M] (Elf 1 Community Toolbar) -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9}
[2011/11/29 09:58:26 | 000,000,000 | ---D | M] (Elf 1.12 Community Toolbar) -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\extensions\{38542454-dfb6-44f5-b052-d4e071a3d073}
[2011/12/06 09:58:32 | 000,000,000 | ---D | M] (ZoneAlarm Community Toolbar) -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}
[2011/12/06 09:58:23 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010/12/29 20:32:16 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/11/30 09:58:20 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2009/11/14 09:57:33 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011/05/13 01:13:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\extensions\nostmp
[2010/12/30 17:16:32 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\searchplugins\conduit.xml
[2011/11/10 11:18:51 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
[2010/03/13 11:59:20 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}
[2011/10/30 01:26:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Archivos de programa\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/03/13 11:59:20 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions\{8545daff-ad1e-493f-a37e-eed1ac79682b}
[2011/11/10 11:18:38 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Archivos de programa\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/13 01:12:59 | 000,001,392 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/05/13 01:12:59 | 000,002,252 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\bing.xml
[2011/05/13 01:12:59 | 000,001,153 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\eBay-de.xml
[2011/05/13 01:12:59 | 000,006,805 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/05/13 01:12:59 | 000,001,178 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/05/13 01:12:59 | 000,001,105 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - Extension: Click to call with Skype = C:\Documents and Settings\Richard\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\
 
O1 HOSTS File: ([2011/12/09 12:44:58 | 000,438,967 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 127.0.0.1	136136.net
O1 - Hosts: 15097 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Archivos de programa\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Archivos de programa\ZoneAlarm\prxtbZon0.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Archivos de programa\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Archivos de programa\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Archivos de programa\ZoneAlarm\prxtbZon0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Archivos de programa\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (ZoneAlarm Spy Blocker Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Archivos de programa\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Archivos de programa\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - C:\Archivos de programa\ZoneAlarm\prxtbZon0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Archivos de programa\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [MobileBroadband] C:\Archivos de programa\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Archivos de programa\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [ZoneAlarm] C:\Archivos de programa\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [EPSON Stylus D92 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Richard\Datos de programa\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-1_3_1_18-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.166.210.80 212.73.32.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C950447-7608-49DB-9F4D-BE6ECA4BD806}: DhcpNameServer = 212.166.210.80 212.73.32.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5C15A04-3802-4380-ACDD-54E5F6BBD11D}: DhcpNameServer = 80.58.61.250 80.58.61.254
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll) - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/17 20:10:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/03/29 13:02:35 | 000,000,122 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{2243d31a-18ca-11e1-8ae4-001bb9e3cb78}\Shell - "" = AutoRun
O33 - MountPoints2\{2243d31a-18ca-11e1-8ae4-001bb9e3cb78}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe -- [2011/03/11 16:30:00 | 000,274,432 | R--- | M] (Vodafone)
O33 - MountPoints2\{33110226-19a6-11e1-8ae5-001bb9e3cb78}\Shell - "" = AutoRun
O33 - MountPoints2\{33110226-19a6-11e1-8ae5-001bb9e3cb78}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe -- [2011/03/11 16:30:00 | 000,274,432 | R--- | M] (Vodafone)
O33 - MountPoints2\{3bb89281-cdff-11de-8853-001bb9e3cb78}\Shell\AutoRun\command - "" = driver\usb\‡‘Š•†‘–Í€ŒŽ
O33 - MountPoints2\{3bb89281-cdff-11de-8853-001bb9e3cb78}\Shell\open\command - "" = driver\usb\‡‘Š•†‘–Í€ŒŽ
O33 - MountPoints2\{53d92a74-cdef-11de-884f-001bb9e3cb78}\Shell\AutoRun\command - "" = driver\usb\‡‘Š•†‘–Í€ŒŽ
O33 - MountPoints2\{53d92a74-cdef-11de-884f-001bb9e3cb78}\Shell\open\command - "" = driver\usb\‡‘Š•†‘–Í€ŒŽ
O33 - MountPoints2\{781ee5e4-f5bc-11e0-8aaa-001bb9e3cb78}\Shell - "" = AutoRun
O33 - MountPoints2\{781ee5e4-f5bc-11e0-8aaa-001bb9e3cb78}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{97d12ee9-1866-11e1-8ae3-001bb9e3cb78}\Shell - "" = AutoRun
O33 - MountPoints2\{97d12ee9-1866-11e1-8ae3-001bb9e3cb78}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe -- [2011/03/11 16:30:00 | 000,274,432 | R--- | M] (Vodafone)
O33 - MountPoints2\{a527d234-f50e-11e0-8aa7-001bb9e3cb78}\Shell - "" = AutoRun
O33 - MountPoints2\{a527d234-f50e-11e0-8aa7-001bb9e3cb78}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a527d235-f50e-11e0-8aa7-001bb9e3cb78}\Shell - "" = AutoRun
O33 - MountPoints2\{a527d235-f50e-11e0-8aa7-001bb9e3cb78}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe -- [2011/03/11 16:30:00 | 000,274,432 | R--- | M] (Vodafone)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Generación de gráficos vectoriales (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Enlace dinámico de datos HTML para Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Paquete para exploración sin conexión
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Autoría avanzada
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Ayuda de Internet Explorer
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Clases Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Actualización de seguridad para Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Herramientas de instalación de Internet Explorer
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Mejoras en la exploración
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Acceso al sitio de MSN
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Enlace dinámico de datos HTML
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BB0DCC5E-7477-3350-B5F5-7CE64E1E83B6} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Fuentes principales de Internet Explorer
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Programador de tareas
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - Ayuda de HTML
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "NMIndexingService"
MsConfig - Services: "PLFlash DeviceIoControl Service"
MsConfig - Services: "gusvc"
MsConfig - Services: "ASKService"
MsConfig - Services: "idsvc"
MsConfig - Services: "YahooAUService"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^McAfee Security Scan Plus.lnk -  - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Microsoft Office.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Richard^Menú Inicio^Programas^Inicio^ZooskMessenger.lnk -  - File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: C: - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= -  File not found
MsConfig - StartUpReg: FlashPlayerUpdate - hkey= - key= -  File not found
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= -  File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= -  File not found
MsConfig - StartUpReg: IMC - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
MsConfig - StartUpReg: ISW - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Archivos de programa\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Archivos de programa\Archivos comunes\Nero\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: OODefragTray - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: P17Helper - hkey= - key= -  File not found
MsConfig - StartUpReg: Persistence - hkey= - key= -  File not found
MsConfig - StartUpReg: PhonostarTimer - hkey= - key= - C:\Archivos de programa\phonostar\ps_timer.exe (phonostar)
MsConfig - StartUpReg: RegistryBooster - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Archivos de programa\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
MsConfig - StartUpReg: SpyHunter Security Suite - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Archivos de programa\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
MsConfig - StartUpReg: swg - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: V0220Mon.exe - hkey= - key= - C:\WINDOWS\V0220Mon.exe (Creative Technology Ltd.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/12/10 21:24:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Richard\Escritorio\OTL.exe
[2011/12/10 19:32:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Richard\Recent
[2011/12/07 18:48:56 | 003,552,208 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Richard\Escritorio\ccsetup313.exe
[2011/12/07 00:22:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Escritorio\freesmoke
[2011/12/04 14:04:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Escritorio\doris.tenerife
[2011/12/01 06:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Datos de programa\Skype
[2011/12/01 06:15:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Skype
[2011/11/28 09:49:15 | 000,026,496 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_juextctrl.sys
[2011/11/28 09:49:05 | 000,051,456 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcecm.sys
[2011/11/28 09:48:34 | 000,011,136 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys
[2011/11/28 09:48:01 | 000,102,784 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwusbdev.sys
[2011/11/27 07:41:40 | 000,085,760 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcacm.sys
[2011/11/27 07:40:51 | 000,072,832 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jubusenum.sys
[2011/11/27 07:40:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Vodafone
[2011/11/27 07:40:34 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Windows Sidebar
[2011/11/27 07:40:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Vodafone
[2011/11/27 07:40:19 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Vodafone
[2011/11/27 07:37:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Configuración local\Datos de programa\{39C0E0A2-0193-49A4-9D69-DABD740C37FE}
[2011/11/15 15:30:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Datos de programa\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2011/11/15 15:30:24 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Archivos comunes\Adobe AIR
[2011/11/12 07:35:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Check Point
[2011/11/12 07:35:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\CheckPoint
[2010/08/06 20:35:48 | 013,857,024 | ---- | C] (Media Fog Ltd.                                               ) -- C:\Archivos de programa\DriverUpdaterSetup-1.2.0.2090_multilang.exe
[2009/11/15 12:17:20 | 003,309,072 | ---- | C] (Piriform Ltd) -- C:\Archivos de programa\ccsetup224.exe
[2009/11/14 09:45:21 | 000,210,416 | ---- | C] (Check Point Software Technologies LTD) -- C:\Archivos de programa\zaSetup_es.exe
[2009/10/14 09:08:53 | 077,086,488 | ---- | C] (Lavasoft                                                                                                                                                                                                                                                                                                    ) -- C:\Archivos de programa\Ad-AwareInstallation.exe
[2009/06/27 17:12:19 | 037,452,296 | ---- | C] (Lavasoft                                                                                                                                                                                                                                                                                                    ) -- C:\Archivos de programa\Ad-AwareAE.exe
[2008/06/17 21:34:00 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/12/10 21:24:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard\Escritorio\OTL.exe
[2011/12/10 21:00:00 | 000,000,518 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2011/12/10 12:40:14 | 000,000,514 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/12/10 12:39:38 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/12/10 12:39:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/10 09:39:15 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/09 12:44:58 | 000,438,967 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/09 11:37:25 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Skype.lnk
[2011/12/08 15:56:29 | 000,062,758 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\hijo de puta.jpg
[2011/12/07 18:50:57 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\CCleaner.lnk
[2011/12/07 18:49:07 | 003,552,208 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Richard\Escritorio\ccsetup313.exe
[2011/12/07 16:16:10 | 000,006,330 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\xbox 360.jpg
[2011/12/07 08:40:37 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/12/07 08:40:37 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/12/04 14:03:01 | 005,142,775 | R--- | M] () -- C:\Documents and Settings\Richard\Escritorio\facebook-doris.tenerife.zip
[2011/11/28 09:49:16 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
[2011/11/28 09:49:14 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jucdcecm_01007.Wdf
[2011/11/27 07:41:43 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
[2011/11/27 07:40:59 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2011/11/27 07:40:58 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2011/11/27 07:40:36 | 000,001,996 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\SMS.lnk
[2011/11/27 07:40:36 | 000,001,946 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Vodafone Mobile Broadband.lnk
[2011/11/24 18:20:39 | 000,055,699 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\4576_20080827.jpg
[2011/11/22 11:02:13 | 000,049,581 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\Verknüpfung Film.jpg
[2011/11/18 21:31:43 | 000,000,111 | ---- | M] () -- C:\Documents and Settings\Richard\Datos de programa\AVSDVDPlayer.m3u
[2011/11/17 00:18:22 | 000,047,916 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\yo.png
[2011/11/16 17:53:11 | 000,003,807 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\lustige_witzige_bilder_rofl_kartoffel_de_13f8011e_01.04.11.jpg
[2011/11/13 10:17:50 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/11/13 10:14:48 | 000,000,832 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Ad-Aware.lnk
[2011/11/12 07:39:58 | 000,415,859 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/11/12 06:11:10 | 000,001,068 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\Reanudar la instalación de ZoneAlarm Security.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/12/08 15:56:29 | 000,062,758 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\hijo de puta.jpg
[2011/12/07 18:50:57 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\CCleaner.lnk
[2011/12/07 16:16:07 | 000,006,330 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\xbox 360.jpg
[2011/12/04 14:02:42 | 005,142,775 | R--- | C] () -- C:\Documents and Settings\Richard\Escritorio\facebook-doris.tenerife.zip
[2011/12/01 06:15:20 | 000,002,309 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Skype.lnk
[2011/11/28 09:49:16 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
[2011/11/28 09:49:14 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jucdcecm_01007.Wdf
[2011/11/27 07:41:43 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
[2011/11/27 07:40:59 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2011/11/27 07:40:58 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2011/11/27 07:40:36 | 000,001,996 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\SMS.lnk
[2011/11/27 07:40:36 | 000,001,946 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Vodafone Mobile Broadband.lnk
[2011/11/24 18:20:31 | 000,055,699 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\4576_20080827.jpg
[2011/11/22 11:02:12 | 000,049,581 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\Verknüpfung Film.jpg
[2011/11/17 00:18:22 | 000,047,916 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\yo.png
[2011/11/16 17:53:06 | 000,003,807 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\lustige_witzige_bilder_rofl_kartoffel_de_13f8011e_01.04.11.jpg
[2011/11/12 07:36:32 | 000,415,859 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/11/12 06:11:10 | 000,001,068 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\Reanudar la instalación de ZoneAlarm Security.lnk
[2011/09/08 09:52:48 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/04/25 10:26:07 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/25 10:26:07 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/03/24 08:50:52 | 000,226,366 | R--- | C] () -- C:\Documents and Settings\All Users\Datos de programa\DeviceManager.xml.rc4
[2010/08/07 14:27:06 | 001,801,933 | ---- | C] () -- C:\Archivos de programa\usbdrven.exe
[2010/08/07 14:24:12 | 000,004,990 | ---- | C] () -- C:\Documents and Settings\All Users\Datos de programa\mtbjfghn.xbe
[2009/11/12 22:17:10 | 033,961,728 | ---- | C] () -- C:\Archivos de programa\avira_antivir_personal_en.exe
[2009/11/10 17:10:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI
[2009/11/10 14:40:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Richard\Datos de programa\wklnhst.dat
[2009/10/29 17:18:50 | 008,432,640 | ---- | C] () -- C:\Archivos de programa\epson325180eu.exe
[2009/08/30 12:40:32 | 033,952,648 | ---- | C] () -- C:\Archivos de programa\zaSetup_80_298_000_en.exe
[2009/06/04 16:29:42 | 008,031,100 | ---- | C] () -- C:\Archivos de programa\setup.exe
[2009/05/02 23:06:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/10/13 09:52:17 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/10/12 09:09:45 | 000,000,580 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/11 20:26:57 | 000,036,972 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2008/08/14 17:03:15 | 000,000,180 | ---- | C] () -- C:\WINDOWS\sripper.ini
[2008/08/14 17:03:15 | 000,000,050 | ---- | C] () -- C:\WINDOWS\StreamRipper32.INI
[2008/07/09 07:29:34 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/06/22 17:29:41 | 000,000,111 | ---- | C] () -- C:\Documents and Settings\Richard\Datos de programa\AVSDVDPlayer.m3u
[2008/06/20 01:07:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/20 00:57:07 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/06/20 00:57:07 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/06/19 00:24:42 | 000,078,336 | ---- | C] () -- C:\Documents and Settings\Richard\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/19 00:03:35 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/06/18 12:18:34 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/17 21:35:04 | 000,003,118 | ---- | C] () -- C:\WINDOWS\System32\AudioDrv.ini
[2008/06/17 21:34:39 | 000,023,273 | ---- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2008/06/17 21:34:39 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/06/17 21:34:02 | 000,008,251 | R--- | C] () -- C:\WINDOWS\sfsyn.ini
[2008/06/17 21:34:01 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2008/06/17 21:34:00 | 000,137,216 | ---- | C] () -- C:\WINDOWS\System32\OemSpi.dll
[2008/06/17 21:22:13 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/06/17 20:13:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/06/17 20:08:42 | 000,021,900 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/06/17 19:48:44 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/06/17 19:47:49 | 000,279,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/20 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/20 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/20 12:00:00 | 000,498,986 | ---- | C] () -- C:\WINDOWS\System32\perfh00A.dat
[2004/08/20 12:00:00 | 000,436,190 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/20 12:00:00 | 000,317,534 | ---- | C] () -- C:\WINDOWS\System32\perfi00A.dat
[2004/08/20 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/20 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/20 12:00:00 | 000,087,068 | ---- | C] () -- C:\WINDOWS\System32\perfc00A.dat
[2004/08/20 12:00:00 | 000,068,906 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/20 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/20 12:00:00 | 000,036,284 | ---- | C] () -- C:\WINDOWS\System32\perfd00A.dat
[2004/08/20 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/20 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/20 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/20 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/20 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
 
========== LOP Check ==========
 
[2011/11/12 07:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\CheckPoint
[2009/10/29 17:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\EPSON
[2008/06/18 12:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Grisoft
[2011/11/07 22:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\InstallMate
[2008/10/12 14:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\MailFrontier
[2011/01/20 17:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Nexon
[2011/01/20 17:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\NexonEU
[2011/11/07 21:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Premium
[2008/08/01 23:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Propellerhead Software
[2009/11/10 12:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\TuneUp Software
[2011/11/27 07:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Vodafone
[2009/11/10 12:18:43 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Datos de programa\{55A29068-F2CE-456C-9148-C869879E2357}
[2011/10/28 16:22:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010/08/07 14:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Datos de programa\Carambis
[2010/07/02 11:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Datos de programa\CheckPoint
[2011/11/15 15:30:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Datos de programa\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2009/08/13 13:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Datos de programa\Deckadance
[2011/09/27 20:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Datos de programa\DVDVideoSoft
[2010/12/29 20:32:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Datos de programa\DVDVideoSoftIEHelpers
[2011/03/30 08:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Datos de programa\GetRightToGo
[2011/01/23 10:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Datos de programa\GlarySoft
[2008/07/22 13:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Datos de programa\ICQ Toolbar
[2009/02/24 12:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Datos de programa\MP3Rocket
[2008/06/26 22:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Datos de programa\Opera
[2009/11/10 13:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Datos de programa\phonostar-Player
[2011/11/08 16:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Datos de programa\PriceGong
[2008/08/06 23:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Datos de programa\Propellerhead Software
[2009/04/02 08:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Datos de programa\TeamViewer
[2009/11/10 12:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Datos de programa\TuneUp Software
[2011/01/10 14:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Datos de programa\Uniblue
[2011/11/27 07:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Datos de programa\Vodafone
[2009/09/04 15:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Datos de programa\Windows Live Writer
[2011/12/10 21:00:00 | 000,000,518 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
[2011/12/10 12:40:14 | 000,000,514 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/12/10 12:39:38 | 000,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011/12/10 12:37:05 | 000,000,000 | R--D | M] -- C:\Archivos de programa
[2008/06/23 19:05:08 | 000,000,000 | ---D | M] -- C:\audio
[2009/08/20 10:45:30 | 000,000,000 | ---D | M] -- C:\c6c789cd85c440803f4234b81cd618
[2009/10/29 17:21:28 | 000,000,000 | ---D | M] -- C:\Definitionen
[2008/10/12 13:39:54 | 000,000,000 | R--D | M] -- C:\Documents and Settings
[2009/10/29 17:21:28 | 000,000,000 | ---D | M] -- C:\Formulare
[2009/10/29 17:21:28 | 000,000,000 | ---D | M] -- C:\Lowcarb
[2009/11/10 13:08:27 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011/02/27 12:40:03 | 000,000,000 | ---D | M] -- C:\Nexon
[2010/01/24 00:39:22 | 000,000,000 | ---D | M] -- C:\Programme
[2008/06/17 20:16:14 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2009/11/12 21:52:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009/10/29 17:21:28 | 000,000,000 | ---D | M] -- C:\Video
[2008/06/18 19:20:47 | 000,000,000 | ---D | M] -- C:\Von Julio von anfang an
[2011/12/10 19:32:15 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
[2009/06/27 17:12:41 | 037,452,296 | ---- | M] (Lavasoft                                                                                                                                                                                                                                                                                                    ) -- C:\Archivos de programa\Ad-AwareAE.exe
[2009/10/14 09:11:17 | 077,086,488 | ---- | M] (Lavasoft                                                                                                                                                                                                                                                                                                    ) -- C:\Archivos de programa\Ad-AwareInstallation.exe
[2009/11/12 22:17:15 | 033,961,728 | ---- | M] () -- C:\Archivos de programa\avira_antivir_personal_en.exe
[2009/11/15 12:17:30 | 003,309,072 | ---- | M] (Piriform Ltd) -- C:\Archivos de programa\ccsetup224.exe
[2010/08/06 20:38:33 | 013,857,024 | ---- | M] (Media Fog Ltd.                                               ) -- C:\Archivos de programa\DriverUpdaterSetup-1.2.0.2090_multilang.exe
[2009/10/29 17:18:56 | 008,432,640 | ---- | M] () -- C:\Archivos de programa\epson325180eu.exe
[2009/06/04 16:29:55 | 008,031,100 | ---- | M] () -- C:\Archivos de programa\setup.exe
[2010/08/07 14:27:22 | 001,801,933 | ---- | M] () -- C:\Archivos de programa\usbdrven.exe
[2009/08/30 12:42:04 | 033,952,648 | ---- | M] () -- C:\Archivos de programa\zaSetup_80_298_000_en.exe
[2009/11/14 09:45:23 | 000,210,416 | ---- | M] (Check Point Software Technologies LTD) -- C:\Archivos de programa\zaSetup_es.exe
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2004/08/20 12:00:00 | 018,785,875 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 07:01:54 | 020,100,698 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 07:01:54 | 020,100,698 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004/08/20 12:00:00 | 018,785,875 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 07:01:54 | 020,100,698 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 07:01:54 | 020,100,698 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/20 12:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008/04/14 06:48:22 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2744C713F0217BD8FFD13E2EF731371C -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 06:48:22 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2744C713F0217BD8FFD13E2EF731371C -- C:\WINDOWS\system32\eventlog.dll
[2004/08/20 12:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=5696DF4EF09C375CE42FB2DDE1E68AB7 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2008/04/14 06:48:58 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=7522F548A84ABAD8FA516DE5AB3931EF -- C:\WINDOWS\explorer.exe
[2008/04/14 06:48:58 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=7522F548A84ABAD8FA516DE5AB3931EF -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/20 12:00:00 | 001,034,752 | ---- | M] (Microsoft Corporation) MD5=89C8DD146CEAF482D82822766437D93F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2004/08/20 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=7FD182B1B80117C353983565D60B1CAF -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/14 06:48:30 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=CD2BBB52DFAAB666B812A51B1E96F2A0 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 06:48:30 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=CD2BBB52DFAAB666B812A51B1E96F2A0 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008/04/14 06:48:36 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=B6BE3C96CD33336A551DB3F2299A8E69 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 06:48:36 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=B6BE3C96CD33336A551DB3F2299A8E69 -- C:\WINDOWS\system32\scecli.dll
[2004/08/20 12:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=C6347748F2E9F310EA1E1915482ABFEF -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004/08/20 12:00:00 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=5D5C9CC377A70D036816E7EA55F3CA73 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008/04/14 06:48:46 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=DA8898129E0075C7DE4DEE457514A73C -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/14 06:48:46 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=DA8898129E0075C7DE4DEE457514A73C -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2004/08/20 12:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=7B30B4D55B4562C733A5DDF6D6F72B3F -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 06:49:16 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=F5B8745B9A90EAF17E30C0574E049AA3 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 06:49:16 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=F5B8745B9A90EAF17E30C0574E049AA3 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008/04/14 06:49:16 | 000,510,976 | ---- | M] (Microsoft Corporation) MD5=213C80D912880BBF04453D09FFCCB28C -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 06:49:16 | 000,510,976 | ---- | M] (Microsoft Corporation) MD5=213C80D912880BBF04453D09FFCCB28C -- C:\WINDOWS\system32\winlogon.exe
[2004/08/20 12:00:00 | 000,505,344 | ---- | M] (Microsoft Corporation) MD5=FCB59D25D628B4D3181DC816D14679DD -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004/08/20 12:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004/08/20 12:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008/06/17 20:47:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008/06/17 20:47:04 | 000,643,072 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008/06/17 20:47:04 | 000,475,136 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2010/02/08 12:58:34 | 000,000,109 | ---- | M] () -- C:\Documents and Settings\Richard\default.pls
[2008/07/20 16:21:31 | 000,000,077 | -HS- | M] () -- C:\Documents and Settings\Richard\Desktop.ini
[2011/12/10 12:38:26 | 012,582,912 | ---- | M] () -- C:\Documents and Settings\Richard\ntuser.dat
[2011/12/10 21:30:10 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Richard\ntuser.dat.LOG
[2011/12/10 12:38:26 | 000,000,304 | -HS- | M] () -- C:\Documents and Settings\Richard\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011/03/03 13:53:03 | 001,858,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
--- --- ---
__________________

Alt 10.12.2011, 21:41   #4
Santi
 
Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP? - Standard

Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP?



... der Extra-Text:OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 10/12/2011 21:26:31 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Documents and Settings\Richard\Escritorio
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy
 
1,99 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 65,55% Memory free
3,84 Gb Paging File | 3,08 Gb Available in Paging File | 80,31% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 146,48 Gb Total Space | 50,24 Gb Free Space | 34,30% Space Free | Partition Type: NTFS
Drive D: | 86,39 Gb Total Space | 55,08 Gb Free Space | 63,75% Space Free | Partition Type: NTFS
Drive F: | 44,13 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: RICHHOUSE | User Name: Richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Archivos de programa\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Archivos de programa\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Archivos de programa\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Archivos de programa\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"110:TCP" = 110:TCP:*:Enabled:mail1
"25:TCP" = 25:TCP:*:Enabled:mail2
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Archivos de programa\Java\jre1.6.0_07\bin\javaw.exe" = C:\Archivos de programa\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\All Users\Datos de programa\NexonEU\NGM\NGM.exe" = C:\Documents and Settings\All Users\Datos de programa\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{12E0A949-8861-35F8-B7ED-5658788A7BFE}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - ESN
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
"{298B7460-A43A-3083-B295-75547FC68392}" = Microsoft .NET Framework 3.5 Language Pack - esn
"{2B120B1D-1908-4FB3-8C9D-72128A74E80A}" = ZoneAlarm Security
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C9C0A-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51AFB69C-1C54-4C77-A888-2860F8CD3E7D}" = Paint.NET v3.31
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53E2DCBB-E6F7-4C83-B1EF-F78435B9814E}" = Sound Blaster X-Fi Xtreme Audio
"{542068F1-9AAE-4E1B-8ACA-094FE03728BE}" = Carambis Driver Updater
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{68249B78-B714-11D7-88E8-0050DA21757E}" = Java 2 Runtime Environment Standard Edition v1.3.1_18
"{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband Lite
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.9.0
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-0020-0C0A-0000-0000000FF1CE}" = Paquete de compatibilidad para 2007 Office system
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A386CC19-1E79-4D4C-A54B-C8747871E4AD}" = ZoneAlarm Firewall
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B3FA7296-C3B1-4370-9ADE-9DFCF487D406}" = Ad-Aware
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB0DCC5E-7477-3350-B5F5-7CE64E1E83B6}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - ESN
"{BE282C23-5484-47FF-B2C1-EBEA5C891034}" = Nero 8
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASIO4ALL" = ASIO4ALL
"Ask Toolbar_is1" = ZoneAlarm Spy Blocker Toolbar
"AudioCS" = Consola de audio de Creative
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"CCleaner" = CCleaner
"Collab" = Collab
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative VF0220" = Creative Live! Cam Video IM Driver (1.01.01.00)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = Software de impresora EPSON
"File Shredder_is1" = File Shredder 2.0
"FL Studio 8" = FL Studio 8
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"Glary Utilities_is1" = Glary Utilities 2.29.0.1032
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IL Download Manager" = IL Download Manager
"IsoBuster_is1" = IsoBuster 2.3
"Microsoft .NET Framework 3.5 Language Pack - esn" = Paquete de idioma de Microsoft .NET Framework 3.5 - esn
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"MP3 Rocket" = MP3 Rocket
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"phonostarRadioPlayer_is1" = phonostar-Player Version 2.01.2
"PoiZone" = PoiZone
"Reason4_is1" = Reason 4.0
"ReValver" = ReValver
"SysInfo" = Información del sistema de Creative
"Toxic Biohazard" = Toxic Biohazard
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Warp VST V1.0" = Warp VST V1.0
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Reproductor de Windows Media 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ZoneAlarm Free" = ZoneAlarm Free
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 02/12/2011 4:21:59 | Computer Name = RICHHOUSE | Source = VmbService | ID = 0
Description = conflictManagerTypeValue
 
Error - 04/12/2011 4:04:52 | Computer Name = RICHHOUSE | Source = VmbService | ID = 0
Description = conflictManagerTypeValue
 
Error - 05/12/2011 4:17:50 | Computer Name = RICHHOUSE | Source = Avira AntiVir | ID = 4122
Description = Unable to load file <AVEvtLog>.   Returned error code: 
 
Error - 05/12/2011 4:18:12 | Computer Name = RICHHOUSE | Source = VmbService | ID = 0
Description = conflictManagerTypeValue
 
Error - 06/12/2011 4:41:34 | Computer Name = RICHHOUSE | Source = VmbService | ID = 0
Description = conflictManagerTypeValue
 
Error - 07/12/2011 4:40:13 | Computer Name = RICHHOUSE | Source = VmbService | ID = 0
Description = conflictManagerTypeValue
 
Error - 07/12/2011 4:40:58 | Computer Name = RICHHOUSE | Source = Lavasoft Ad-Aware Service | ID = 0
Description = 
 
Error - 08/12/2011 4:56:46 | Computer Name = RICHHOUSE | Source = VmbService | ID = 0
Description = conflictManagerTypeValue
 
Error - 10/12/2011 5:39:58 | Computer Name = RICHHOUSE | Source = VmbService | ID = 0
Description = conflictManagerTypeValue
 
Error - 10/12/2011 8:40:06 | Computer Name = RICHHOUSE | Source = VmbService | ID = 0
Description = conflictManagerTypeValue
 
[ System Events ]
Error - 30/11/2011 1:27:39 | Computer Name = RICHHOUSE | Source = Dhcp | ID = 1002
Description = La concesión de la dirección IP 62.87.57.155 para la tarjeta de red
 con la dirección de red 582C80139263 ha sido  denegada por el servidor DHCP 212.166.221.177
 (el servidor DHCP envió un mensaje DHCPNACK).
 
Error - 01/12/2011 0:51:55 | Computer Name = RICHHOUSE | Source = Dhcp | ID = 1002
Description = La concesión de la dirección IP 212.166.221.184 para la tarjeta de
 red con la dirección de red 582C80139263 ha sido  denegada por el servidor DHCP 212.73.44.210
 (el servidor DHCP envió un mensaje DHCPNACK).
 
Error - 02/12/2011 4:26:00 | Computer Name = RICHHOUSE | Source = Dhcp | ID = 1002
Description = La concesión de la dirección IP 212.73.44.209 para la tarjeta de red
 con la dirección de red 582C80139263 ha sido  denegada por el servidor DHCP 212.73.50.209
 (el servidor DHCP envió un mensaje DHCPNACK).
 
Error - 04/12/2011 4:11:34 | Computer Name = RICHHOUSE | Source = Dhcp | ID = 1002
Description = La concesión de la dirección IP 212.73.50.215 para la tarjeta de red
 con la dirección de red 582C80139263 ha sido  denegada por el servidor DHCP 62.87.99.49
 (el servidor DHCP envió un mensaje DHCPNACK).
 
Error - 05/12/2011 4:21:09 | Computer Name = RICHHOUSE | Source = Dhcp | ID = 1002
Description = La concesión de la dirección IP 62.87.99.51 para la tarjeta de red
 con la dirección de red 582C80139263 ha sido  denegada por el servidor DHCP 31.4.17.65
 (el servidor DHCP envió un mensaje DHCPNACK).
 
Error - 06/12/2011 4:46:24 | Computer Name = RICHHOUSE | Source = Dhcp | ID = 1002
Description = La concesión de la dirección IP 31.4.17.79 para la tarjeta de red 
con la dirección de red 582C80139263 ha sido  denegada por el servidor DHCP 62.87.108.193
 (el servidor DHCP envió un mensaje DHCPNACK).
 
Error - 07/12/2011 4:42:43 | Computer Name = RICHHOUSE | Source = Dhcp | ID = 1002
Description = La concesión de la dirección IP 62.87.108.224 para la tarjeta de red
 con la dirección de red 582C80139263 ha sido  denegada por el servidor DHCP 31.4.21.193
 (el servidor DHCP envió un mensaje DHCPNACK).
 
Error - 08/12/2011 5:01:27 | Computer Name = RICHHOUSE | Source = Dhcp | ID = 1002
Description = La concesión de la dirección IP 31.4.21.223 para la tarjeta de red
 con la dirección de red 582C80139263 ha sido  denegada por el servidor DHCP 62.87.96.201
 (el servidor DHCP envió un mensaje DHCPNACK).
 
Error - 10/12/2011 5:41:57 | Computer Name = RICHHOUSE | Source = Dhcp | ID = 1002
Description = La concesión de la dirección IP 62.87.96.202 para la tarjeta de red
 con la dirección de red 582C80139263 ha sido  denegada por el servidor DHCP 212.166.227.73
 (el servidor DHCP envió un mensaje DHCPNACK).
 
Error - 10/12/2011 8:41:53 | Computer Name = RICHHOUSE | Source = Dhcp | ID = 1002
Description = La concesión de la dirección IP 212.166.227.76 para la tarjeta de 
red con la dirección de red 582C80139263 ha sido  denegada por el servidor DHCP 62.87.72.57
 (el servidor DHCP envió un mensaje DHCPNACK).
 
 
< End of report >
         
--- --- ---

Alt 12.12.2011, 15:10   #5
markusg
/// Malware-holic
 
Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP? - Standard

Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP?



Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.12.2011, 08:42   #6
Santi
 
Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP? - Standard

Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP?



Combofix Logfile:
Code:
ATTFilter
ComboFix 11-12-12.02 - Richard 13/12/2011   8:27.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.34.3082.18.2039.1308 [GMT 0:00]
Running from: c:\documents and settings\Richard\Escritorio\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: ZoneAlarm Free Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\archivos de programa\DriverUpdaterSetup-1.2.0.2090_multilang.exe
c:\archivos de programa\epson325180eu.exe
c:\archivos de programa\Setup.exe
c:\documents and settings\Richard\Datos de programa\Microsoft\stor.cfg
c:\documents and settings\Richard\Datos de programa\PriceGong
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\1.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\a.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\b.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\c.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\d.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\e.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\f.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\g.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\h.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\i.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\J.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\k.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\l.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\m.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\mru.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\n.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\o.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\p.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\q.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\r.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\s.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\t.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\u.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\v.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\w.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\x.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\y.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\z.xml
c:\windows\system32\tmp.reg
D:\setup.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SVLOSTSERVICES
.
.
(((((((((((((((((((((((((   Files Created from 2011-11-13 to 2011-12-13  )))))))))))))))))))))))))))))))
.
.
2011-12-01 06:25 . 2011-12-13 08:33	--------	d-----w-	c:\documents and settings\Richard\Datos de programa\Skype
2011-11-28 09:49 . 2011-03-24 08:53	26496	----a-r-	c:\windows\system32\drivers\ew_juextctrl.sys
2011-11-28 09:49 . 2011-03-24 08:53	51456	----a-r-	c:\windows\system32\drivers\ew_jucdcecm.sys
2011-11-28 09:48 . 2011-03-24 08:53	11136	----a-r-	c:\windows\system32\drivers\ew_usbenumfilter.sys
2011-11-28 09:48 . 2011-03-24 08:53	102784	----a-r-	c:\windows\system32\drivers\ew_hwusbdev.sys
2011-11-27 07:41 . 2011-03-24 08:53	85760	----a-r-	c:\windows\system32\drivers\ew_jucdcacm.sys
2011-11-27 07:40 . 2008-03-21 13:57	14640	------w-	c:\windows\system32\spmsgXP_2k3.dll
2011-11-27 07:40 . 2011-03-24 08:53	72832	----a-r-	c:\windows\system32\drivers\ew_jubusenum.sys
2011-11-27 07:40 . 2011-03-24 08:53	1112288	----a-r-	c:\windows\system32\wdfcoinstaller01007.dll
2011-11-27 07:40 . 2011-11-27 07:40	--------	d-----w-	c:\archivos de programa\Windows Sidebar
2011-11-27 07:40 . 2011-11-27 07:40	--------	d-----w-	c:\documents and settings\All Users\Datos de programa\Vodafone
2011-11-27 07:40 . 2011-11-27 07:40	--------	d-----w-	c:\archivos de programa\Vodafone
2011-11-27 07:37 . 2011-11-27 07:37	--------	d-----w-	c:\documents and settings\Richard\Configuración local\Datos de programa\{39C0E0A2-0193-49A4-9D69-DABD740C37FE}
2011-11-15 15:30 . 2011-11-15 15:30	--------	d-----w-	c:\documents and settings\Richard\Datos de programa\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
2011-11-15 15:30 . 2011-11-15 15:30	--------	d-----w-	c:\archivos de programa\Archivos comunes\Adobe AIR
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-04 08:12 . 2011-07-22 19:52	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-13 10:17 . 2011-09-08 09:52	16432	----a-w-	c:\windows\system32\lsdelete.exe
2011-11-03 12:06 . 2010-01-29 11:24	64512	----a-w-	c:\windows\system32\drivers\Lbd.sys
2010-08-07 14:27 . 2010-08-07 14:27	1801933	----a-w-	c:\archivos de programa\usbdrven.exe
2009-11-15 12:17 . 2009-11-15 12:17	3309072	----a-w-	c:\archivos de programa\ccsetup224.exe
2009-11-14 09:45 . 2009-11-14 09:45	210416	----a-w-	c:\archivos de programa\zaSetup_es.exe
2009-11-12 22:17 . 2009-11-12 22:17	33961728	----a-w-	c:\archivos de programa\avira_antivir_personal_en.exe
2009-10-14 09:11 . 2009-10-14 09:08	77086488	----a-w-	c:\archivos de programa\Ad-AwareInstallation.exe
2009-08-30 12:42 . 2009-08-30 12:40	33952648	----a-w-	c:\archivos de programa\zaSetup_80_298_000_en.exe
2009-06-27 17:12 . 2009-06-27 17:12	37452296	----a-w-	c:\archivos de programa\Ad-AwareAE.exe
2009-04-15 20:24 . 2009-04-15 20:24	1044480	----a-w-	c:\archivos de programa\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24	200704	----a-w-	c:\archivos de programa\mozilla firefox\plugins\ssldivx.dll
2011-11-10 11:18 . 2011-05-13 01:12	134104	----a-w-	c:\archivos de programa\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\archivos de programa\DVDVideoSoftTB\prxtbDVD2.dll" [2011-05-09 176936]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\archivos de programa\ZoneAlarm\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 18:22	333192	----a-w-	c:\archivos de programa\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
2011-05-09 09:49	176936	----a-w-	c:\archivos de programa\ZoneAlarm\prxtbZon0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 09:49	176936	----a-w-	c:\archivos de programa\DVDVideoSoftTB\prxtbDVD2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\archivos de programa\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\archivos de programa\DVDVideoSoftTB\prxtbDVD2.dll" [2011-05-09 176936]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\archivos de programa\ZoneAlarm\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\archivos de programa\DVDVideoSoftTB\prxtbDVD2.dll" [2011-05-09 176936]
"{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}"= "c:\archivos de programa\ZoneAlarm\prxtbZon0.dll" [2011-05-09 176936]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\archivos de programa\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\archivos de programa\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\archivos de programa\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-02-28 180224]
"avgnt"="c:\archivos de programa\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe" [2011-04-08 254696]
"ZoneAlarm"="c:\archivos de programa\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-09 73360]
"MobileBroadband"="c:\archivos de programa\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2011-03-29 408576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\archivos de programa\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21	548352	----a-w-	c:\archivos de programa\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0OODBS\0lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Richard^Menú Inicio^Programas^Inicio^ZooskMessenger.lnk]
path=c:\documents and settings\Richard\Menú Inicio\Programas\Inicio\ZooskMessenger.lnk
backup=c:\windows\pss\ZooskMessenger.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\windows\system32
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38	34672	----a-w-	c:\archivos de programa\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\windows\system32\V0220Cvw.dll]
2006-05-23 17:00	245760	----a-r-	c:\windows\system32\V0220Cvw.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 06:48	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 11:44	31072	----a-w-	c:\archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-15 11:46	159744	----a-w-	c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-15 11:46	135168	----a-w-	c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 16:07	1828136	----a-w-	c:\archivos de programa\Archivos comunes\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 15:29	2221352	----a-w-	c:\archivos de programa\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-02-28 08:59	570664	----a-w-	c:\archivos de programa\Archivos comunes\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
2006-07-03 04:43	10752	----a-w-	c:\windows\system32\SPIRun.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-15 11:46	131072	----a-w-	c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhonostarTimer]
2009-05-13 18:35	126976	----a-w-	c:\archivos de programa\phonostar\ps_timer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 09:27	17351304	----a-r-	c:\archivos de programa\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 15:31	2144088	------w-	c:\archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 03:27	144784	----a-w-	c:\archivos de programa\Java\jre1.6.0_07\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-07-05 23:57	2424192	----a-w-	c:\archivos de programa\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0220Mon.exe]
2006-06-28 17:01	32768	----a-r-	c:\windows\V0220Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)
"PLFlash DeviceIoControl Service"=2 (0x2)
"gusvc"=3 (0x3)
"ASKService"=2 (0x2)
"idsvc"=3 (0x3)
"YahooAUService"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"PDFPrint"=c:\archivos de programa\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\All Users\\Datos de programa\\NexonEU\\NGM\\NGM.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"110:TCP"= 110:TCP:mail1
"25:TCP"= 25:TCP:mail2
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [29/01/2010 11:24 64512]
R1 SASDIFSV;SASDIFSV;c:\archivos de programa\SUPERAntiSpyware\SASDIFSV.SYS [05/01/2010 7:56 12872]
R1 SASKUTIL;SASKUTIL;c:\archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 7:56 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\archivos de programa\Avira\AntiVir Desktop\sched.exe [12/11/2009 22:18 108289]
R2 VmbService;Servicio de Vodafone Mobile Broadband;c:\archivos de programa\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [29/03/2011 7:47 9216]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [28/11/2011 9:48 11136]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [27/11/2011 7:41 85760]
R3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\drivers\ew_jucdcecm.sys [28/11/2011 9:49 51456]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [27/11/2011 7:40 72832]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [28/11/2011 9:49 26496]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\archivos de programa\Lavasoft\Ad-Aware\AAWService.exe [03/11/2011 12:06 2152152]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [28/11/2011 9:48 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [12/10/2011 20:15 113280]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [13/10/2011 7:17 100736]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\archivos de programa\Lavasoft\Ad-Aware\kernexplorer.sys [03/11/2011 12:06 15232]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [20/08/2004 12:00 14336]
S3 SASENUM;SASENUM;c:\archivos de programa\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 7:56 12872]
S3 V0220Dev;Live! Cam Video IM;c:\windows\system32\drivers\V0220Dev.sys [28/06/2008 0:09 146112]
S3 V0220Vfx;V0220VFX;c:\windows\system32\drivers\V0220Vfx.sys [28/06/2008 0:09 6272]
S4 ASKService;ASKService;c:\archivos de programa\AskBarDis\bar\bin\AskService.exe [14/11/2009 9:57 464264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper	REG_MULTI_SZ   	nosGetPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-13 c:\windows\Tasks\1-Klick-Wartung.job
- c:\archivos de programa\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-13 12:03]
.
2011-12-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\archivos de programa\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 12:06]
.
2011-12-13 c:\windows\Tasks\GlaryInitialize.job
- c:\archivos de programa\Glary Utilities\initialize.exe [2010-11-19 21:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2431245
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\Richard\Datos de programa\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\archiv~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.166.210.80 212.73.32.67
FF - ProfilePath - c:\documents and settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856415&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Elf 1 Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856415&q=
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 4001
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 4001
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 4001
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 4001
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 4001
FF - prefs.js: network.proxy.type - 4
 
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-13 08:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="8A1CC5C8210CE46DBE5D9AE35AB484E7C562BECFBDA35CAC5E6F657206CF8DCA1925BB9B4A689CEA42BA380E55596F68224BBA1FC65B147906AE7AE6891558DE9FE0CDFE185332332D83B3CB8FC3793AFDE1B5E4154E704C338D9AF58C731BC8E88BE7CD19BF681F990BACDBF4D02BE55D31A55C9263DFFE787431FD15F7495136850AA691FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A9C6AECB7A5D1407A2D97226D213B5554A451A68F497920BE8B0CF7FA44F27E2CEC59320325242BFDB8F4FE43979C89D37CDA05F4E48F96DF30B126B6725B1DB45895E625CF039E6BDF4C89568601FBE22F2831A4C33AC7B50F4A4E6F4B06025ACE22EBEB7F8FC03269425F11A262BC4C99BB563AF3CA073E3D7EA69056968B635E0F6FB931828EBAF42872ED54D8506CF002BF9DADA9046FA714BE0F1DC44C0F267B0D1E610152BD7259870CC6C0C89BBAD5E12D419F99A44D3302BBDAAB5A4DE2B566ECA35630200B905504E2DDE0C77044DD1C71720495465899D0B07BC7AD4B86671F971F8E4EB4EFE5ED14F64FE5038F955848807E0A0DEC8FE22BA228A966DE6EFD6C17D78C787389BEFA3C5857AD2E8AA7BB4FA21064FE38DEEA07155C6FDDE7365385C1A1FDEECFE67906F780BB1245444760A80C296D67781ABF90DEDEED8794FF8C659639CD671999192E47D0539C99A3C05287C6B20E10D5DCD967A9DE57262BDAF79EA63B7D08C33248B2FD1BAF65D8B0276B758C1E3E94FC30F3AB619C20D535072EDA6546F6A985E60E26FBC3A0E79DCFB62BA4389942EF7C3633D0945E61CA46E0BAC75940277BC0DBE0CDA66D532B17EC944AED2ACB84AB50D0853C5260D6CCD4212E678431C026CCDA8B043FCF3E47823FA9235F4C5DB1E35C316842AAE2BA47A477AC9C46232107E99618AF4941B950537031757BA95663B6CF5B8729E2AB9FB8F04ABC1BD973B2287116C4FF83EB96A2894D45D95A12CE3569989A30F7588F5815CB21634BE6871EE6B0C421D7DF7B2CF62BFB9E66FC25628AD940844DCC1F68BDFE8C56078C204229D7E2A90C99B22038C1A3DD03231A05CE06B8B97F4C7F6EAEF4D74F05A2B5AC3D7D185F6DBA1606BB39C628E61B1B2C1E7923F7516B14DB47151ED263DB6D4CD5082F6072A3C778880F3C36AB73260FB7982D7615BCCB9D0CBDA9FD7BE2D3C0D4285458BF4CFD82A9C3FA045B455E200D1A8AEEEA417DA79EB459AF03F0BB821E840DB64BEF55577B512DE131BF1D69AB0E640C797C4B841C35B166E6581DA01880FC805CDFBA5690075855D72133B695911ADA91C3D3B094663EA6319749373E43FC0742B6565CD32E540BE8576755E93F0BCE55D1C2F0AED1017F487FCB9964795984EA465144685"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1120)
c:\archivos de programa\SUPERAntiSpyware\SASWINLO.dll
.
- - - - - - - > 'explorer.exe'(768)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\archivos de programa\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\CTsvcCDA.exe
c:\archivos de programa\Java\jre6\bin\jqs.exe
c:\archivos de programa\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2011-12-13  08:38:51 - machine was rebooted
ComboFix-quarantined-files.txt  2011-12-13 08:38
.
Pre-Run: 53.762.695.168 bytes libres
Post-Run: 53.698.338.816 bytes libres
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 3CEA77A86ECA837870EBFECE0C608CF7
         
--- --- ---

Alt 13.12.2011, 08:50   #7
Santi
 
Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP? - Standard

Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP?



Hallo Markus ..

bei anderen Seiten, die ich besuche, bekomme ich es ja nicht mit - nur fb schickt mir jedesmal eine Mail, wenn sich jemand von einem anderen Computer einloggt auf meinem Account. Es sind Zeiten, in denen ich selbst bereits online bin oder Zeiten, zu denen ich unter Garantie den Computer runtergefahren hatte .. nachts z.B.

Sie schicken auch die IP mit .. hilft es, wenn ich mal solche Mails hier poste?

... LG Santi

Alt 13.12.2011, 12:00   #8
markusg
/// Malware-holic
 
Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP? - Standard

Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP?



hast du den proxy dort selbst eingerichtet?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 14.12.2011, 08:31   #9
Santi
 
Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP? - Standard

Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP?



.. Nein, hab ich nicht.
Kannst du schon was sagen - irgendwie trau ich mich gar nichts mehr zu machen am PC...

Alt 14.12.2011, 13:03   #10
markusg
/// Malware-holic
 
Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP? - Standard

Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP?



immer erst mal mit der ruhe.
öffne internet explorer, internet optionen, verbindung, lanverbindung.
eintrag bei proxy löschen, keinen proxy verwenden auswählen.
übernehmen ok.
öffne firefox, öffne extras öffne einstellungen.
erweitert, netzwerk, keinen proxy verwenden, ok klicken.

malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.12.2011, 07:36   #11
Santi
 
Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP? - Standard

Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP?



Die Proxy-Einstellungen habe ich entsprechend erledigt.

Bei Malwarebytes allerdings gibt es ein Problem. Es lässt sich nicht ausführen, weil die MSVBVM60.DLL nicht gefunden wird.

Alt 15.12.2011, 12:34   #12
markusg
/// Malware-holic
 
Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP? - Standard

Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP?



lade hitmanpro
http://dl.surfright.nl/HitmanPro36beta2.exe
doppelklicken,settings license, testlicense.
scanner wählen, funde in quarantäne und im letzten schritt das log speichern und hier posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.12.2011, 09:40   #13
Santi
 
Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP? - Standard

Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP?



Hat nichts gefunden - ausser 4 Cookies ...

Alt 16.12.2011, 11:35   #14
markusg
/// Malware-holic
 
Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP? - Standard

Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP?



zeigt zonealarm noch meldungen?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.12.2011, 12:41   #15
Santi
 
Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP? - Standard

Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP?



ja - bei jeder Anmeldung ..

habe soeben den PC neu gestartet und Hitman hat gemeldet, dass IE über Proxy aufs Internet zugreift .. ich bin aber immer! mit Firefox drin .. IE benutze ich gar nicht und zudem hab ich doch Proxy deaktiviert ... ?!?

Antwort

Themen zu Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP?
andere, anderen, anderer, angemeldet, anmeldung, antwort, computer, interne, internet, internetstick, kein netzwerk, mail, melde, meldung, netzwerk, niemals, spanisch, stelle, stick, stimmen, suche, täglich, verändert, wirklich, überwachen, zonealarm, zugang



Ähnliche Themen: Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP?


  1. Unbekannter Computername in Windows Netzwerk über Wlan
    Netzwerk und Hardware - 20.10.2015 (5)
  2. VIREN BEFALL? anderer PC im Netzwerk war befallen...
    Plagegeister aller Art und deren Bekämpfung - 31.08.2015 (2)
  3. Malware über Wlan Netzwerk
    Diskussionsforum - 20.08.2015 (18)
  4. Master Card Spam geöffnet - meldung: anderer pc hat dieselbe ip adresse!
    Plagegeister aller Art und deren Bekämpfung - 24.07.2014 (9)
  5. Über Lan mit W-Lan im Netzwerk ins Internet Windows XP
    Log-Analyse und Auswertung - 04.12.2013 (7)
  6. Meldung von ZoneAlarm: Trojan-Ransom.Win32.Foreign.fvto erkannt
    Plagegeister aller Art und deren Bekämpfung - 09.09.2013 (19)
  7. Weiterleitung über andere Adresse im Browser, gleiches Problem wie anderer Thread vom 10.3.2013
    Plagegeister aller Art und deren Bekämpfung - 21.04.2013 (9)
  8. Datensicherung bei Virenbefall über LAN-Netzwerk sicher?
    Plagegeister aller Art und deren Bekämpfung - 27.11.2012 (7)
  9. über eine lokales Netzwerk auf den Ordner Programme zugreifen
    Alles rund um Windows - 11.07.2011 (1)
  10. Fehler 815 bei Verbindung über DFÜ mit Netzwerk
    Netzwerk und Hardware - 12.09.2010 (0)
  11. Meldungen von ZoneAlarm über ausgehende Nachichten an Verschiedene Mailadressen.
    Plagegeister aller Art und deren Bekämpfung - 15.03.2008 (13)
  12. windows xp Netzwerk funktioniert nicht über NetBEUI
    Netzwerk und Hardware - 16.07.2007 (10)
  13. Seltsame Meldung von Zonealarm
    Antiviren-, Firewall- und andere Schutzprogramme - 28.05.2007 (4)
  14. Zonealarm läßt über Outlook keine Mails versenden
    Antiviren-, Firewall- und andere Schutzprogramme - 11.07.2003 (2)
  15. Zonealarm läßt über Outlook keine Mails versenden
    Antiviren-, Firewall- und andere Schutzprogramme - 11.07.2003 (1)
  16. ZONEALARM idiotische Meldung
    Antiviren-, Firewall- und andere Schutzprogramme - 30.04.2003 (5)
  17. privates Netzwerk-ZoneAlarm verbietet Client Zugang zum I-net
    Antiviren-, Firewall- und andere Schutzprogramme - 16.04.2003 (7)

Zum Thema Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP? - Hallo, irgendwas kommt mir "spanisch" vor: jedesmal, wenn ich mich anmelde, kommt eine Meldung von ZoneAlarm, dass sich ein Netzwerk angemeldet hat und ob ich es öffentlich oder sicher haben - Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP?...
Archiv
Du betrachtest: Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.