Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP? (https://www.trojaner-board.de/106059-anmeldung-zonealarm-meldung-netzwerk-anderer-ip.html)

Santi 10.12.2011 14:11
Bei Anmeldung: ZoneAlarm-Meldung über ein Netzwerk mit anderer IP?
 
Hallo, irgendwas kommt mir "spanisch" vor: jedesmal, wenn ich mich anmelde, kommt eine Meldung von ZoneAlarm, dass sich ein Netzwerk angemeldet hat und ob ich es öffentlich oder sicher haben will. Die IP ist jedesmal ein wenig abweichend von meiner - also wenn ich z.B. die letzten Ziffern 56 habe, ist die vom sog. Netzwerk 59, die vorherigen stimmen überein. Ich habe aber kein Netzwerk eingerichtet. Zudem bekomme ich von fb täglich eine Mail, dass sich jemand von einem anderen Computer eingeloggt hat, und zwar genau zu dem Zeitpunkt, wenn ich mich abgemeldet habe oder etwas später.
Habe ja eine Vermutung, dass da jemand an meinem Computer etwas verändert hat - eine Bekannte, die sich als "Hacker-queen" tituliert, meinte mal, sie könnte so meinen Computer überwachen, dass ich niemals dahinter käme - und sie hatte mal Zugang zu meinem Computer als ich kurz weg war. Hat sie auf die Pauke gehauen oder kann das wirklich sein?
Habe schon viel gegoogelt, aber keine entsprechende Antwort finden können. Vielleicht kann mir hier geholfen werden, wie ich das feststellen kann, ob da wirklich was ist bzw. wo ich da suchen kann.
Im Internet bin ich über Internetstick von Vodafone.

Danke schon mal im voraus.
LG Santi

P.S: kann jemand mit OneNote was anfangen? - hatte ich im Startmenü, obwohl ich noch nie was damit gemacht habe - auch unter den Druckern fand ich OneNote - hab ich entfernt.

markusg 10.12.2011 20:19
das ist ungefährlich, one note meine ich.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Santi 10.12.2011 22:36
Markus - danke für die schnelle Antwort .. hier nun das Ergebnis:OTL Logfile:
Code:
OTL logfile created on: 10/12/2011 21:26:31 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Documents and Settings\Richard\Escritorio
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy
 
1,99 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 65,55% Memory free
3,84 Gb Paging File | 3,08 Gb Available in Paging File | 80,31% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 146,48 Gb Total Space | 50,24 Gb Free Space | 34,30% Space Free | Partition Type: NTFS
Drive D: | 86,39 Gb Total Space | 55,08 Gb Free Space | 63,75% Space Free | Partition Type: NTFS
Drive F: | 44,13 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: RICHHOUSE | User Name: Richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/12/10 21:24:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard\Escritorio\OTL.exe
PRC - [2011/11/10 11:18:38 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Archivos de programa\Mozilla Firefox\firefox.exe
PRC - [2011/11/09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Archivos de programa\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/11/09 20:01:38 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Archivos de programa\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/11/03 12:06:56 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Archivos de programa\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/04/08 11:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Archivos comunes\Java\Java Update\jucheck.exe
PRC - [2011/04/08 11:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
PRC - [2011/03/29 07:48:10 | 000,408,576 | ---- | M] (Vodafone) -- C:\Archivos de programa\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
PRC - [2011/03/29 07:47:46 | 000,009,216 | ---- | M] (Vodafone) -- C:\Archivos de programa\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
PRC - [2009/11/10 12:19:51 | 000,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/04/14 06:48:58 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/28 16:50:50 | 000,180,224 | ---- | M] (Creative Technology Ltd) -- C:\Archivos de programa\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/12/04 08:12:29 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/10 11:18:36 | 001,989,592 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\mozjs.dll
MOD - [2011/11/03 12:06:56 | 000,591,232 | ---- | M] () -- C:\Archivos de programa\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/11/03 12:06:56 | 000,430,568 | ---- | M] () -- C:\Archivos de programa\Lavasoft\Ad-Aware\Viprebridge.dll
MOD - [2011/11/03 12:06:56 | 000,308,560 | ---- | M] () -- C:\Archivos de programa\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/10/11 13:50:10 | 000,193,904 | ---- | M] () -- C:\Documents and Settings\All Users\Datos de programa\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2011/10/11 13:50:08 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Datos de programa\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011/07/09 08:23:55 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\19280e723d215c0d6607d3884f453cdf\System.Management.ni.dll
MOD - [2011/07/09 08:22:20 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\0f3d321ebd65af974ff0ad424223276d\System.ServiceProcess.ni.dll
MOD - [2011/07/09 08:22:17 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f31f1579160d87470cba918f06276e0d\System.Web.Services.ni.dll
MOD - [2011/07/09 08:22:15 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\bdaf7904d223589a0f464de58d27e691\System.Runtime.Remoting.ni.dll
MOD - [2011/07/09 08:22:12 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\7c430c38d71d632c019ae37d5ef12c8e\System.Transactions.ni.dll
MOD - [2011/07/09 08:14:19 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\e4bcb14e8e53c8dcaff3d2c20daf746e\System.Security.ni.dll
MOD - [2011/07/09 08:14:15 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\48f8b951a598647dd309ca2031807a5d\System.Configuration.ni.dll
MOD - [2011/07/09 08:14:11 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll
MOD - [2011/07/09 07:28:48 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f354057a5b4fad4c399da28449ba0d92\System.Xml.ni.dll
MOD - [2011/07/09 07:28:35 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\29d16d2f164fe2263539789ecd0d9d4f\System.Windows.Forms.ni.dll
MOD - [2011/07/09 07:28:15 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\a59b17e6040e3f6286a2227dfdb17096\System.Drawing.ni.dll
MOD - [2011/07/09 07:28:12 | 010,683,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\ee914f59ad8211e0b6734dccffd9986e\System.Design.ni.dll
MOD - [2011/07/09 07:27:54 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\05d99241bd45cbd96a6053841790a4a2\System.Data.ni.dll
MOD - [2011/07/09 07:24:49 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f6a9a002526806f3a5b745cf5c407cae\System.ni.dll
MOD - [2011/07/09 01:58:01 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/07/09 01:57:14 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/07/09 01:57:02 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/06/07 09:44:50 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Datos de programa\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011/03/24 08:50:52 | 001,101,824 | R--- | M] () -- C:\Archivos de programa\Vodafone\Vodafone Mobile Broadband\Bin\NDISAPI.dll
MOD - [2009/01/28 16:03:49 | 000,326,401 | ---- | M] () -- C:\Archivos de programa\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008/06/20 00:37:08 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008/06/20 00:37:06 | 000,163,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_es_b77a5c561934e089\System.Xml.resources.dll
MOD - [2008/06/20 00:37:05 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2007/09/20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Archivos de programa\WinRAR\RarExt.dll
MOD - [2007/05/08 00:59:08 | 000,137,216 | ---- | M] () -- C:\WINDOWS\system32\OemSpi.dll
MOD - [2007/04/02 17:19:22 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011/11/09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Archivos de programa\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/03/29 07:47:46 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Archivos de programa\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2010/09/01 14:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Archivos de programa\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2009/11/10 12:19:51 | 000,603,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009/11/10 12:19:48 | 000,362,240 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/11/12 16:44:18 | 000,027,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/16 18:22:20 | 000,464,264 | ---- | M] () [Disabled | Stopped] -- C:\Archivos de programa\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/02/28 16:07:48 | 000,529,704 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/11/09 20:01:38 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2011/11/03 12:06:56 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/11/03 12:06:56 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Archivos de programa\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/03/24 08:53:02 | 000,085,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2011/03/24 08:53:02 | 000,072,832 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/03/24 08:53:02 | 000,051,456 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2011/03/24 08:53:02 | 000,026,496 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2011/03/24 08:53:02 | 000,011,136 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2011/03/24 08:53:00 | 000,102,784 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010/09/02 01:31:20 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/05 00:28:54 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Archivos de programa\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/03/05 00:28:54 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Archivos de programa\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/08 22:20:00 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/11/04 15:59:38 | 000,113,280 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/11/04 15:59:38 | 000,102,528 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/11/04 15:59:38 | 000,100,736 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/04/13 23:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/02/25 19:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/11/21 16:06:26 | 001,174,528 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17xfi.sys -- (P17xfi)
DRV - [2007/10/10 18:31:08 | 001,664,384 | ---- | M] (Creative) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\p17xfilt.sys -- (p17xfilt)
DRV - [2006/08/07 18:30:52 | 000,162,176 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2006/06/29 05:58:28 | 000,146,112 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0220Dev.sys -- (V0220Dev)
DRV - [2006/06/08 08:00:52 | 000,006,272 | R--- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0220Vfx.sys -- (V0220Vfx)
DRV - [2005/12/08 10:54:52 | 000,114,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/12/08 10:54:44 | 000,142,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/08/20 12:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/20 12:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2431245
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Archivos de programa\ZoneAlarm\prxtbZon0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Archivos de programa\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Elf 1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856415&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Elf 1 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {38542454-dfb6-44f5-b052-d4e071a3d073}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {22e03916-85c5-44b0-8dc9-1830c11238d9}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856415&q="
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 4001
FF - prefs.js..network.proxy.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 4001
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 4001
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 4001
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 4001
FF - prefs.js..network.proxy.type: 4
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Archivos de programa\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Archivos de programa\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Archivos de programa\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Archivos de programa\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Archivos de programa\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Archivos de programa\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\Documents and Settings\All Users\Datos de programa\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Archivos de programa\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2011/11/10 11:18:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2011/05/13 01:13:14 | 000,000,000 | ---D | M]
 
[2009/05/02 23:06:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Extensions
[2011/12/06 09:58:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\extensions
[2011/12/06 09:58:28 | 000,000,000 | ---D | M] (Elf 1 Community Toolbar) -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9}
[2011/11/29 09:58:26 | 000,000,000 | ---D | M] (Elf 1.12 Community Toolbar) -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\extensions\{38542454-dfb6-44f5-b052-d4e071a3d073}
[2011/12/06 09:58:32 | 000,000,000 | ---D | M] (ZoneAlarm Community Toolbar) -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}
[2011/12/06 09:58:23 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010/12/29 20:32:16 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/11/30 09:58:20 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2009/11/14 09:57:33 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011/05/13 01:13:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\extensions\nostmp
[2010/12/30 17:16:32 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\searchplugins\conduit.xml
[2011/11/10 11:18:51 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
[2010/03/13 11:59:20 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}
[2011/10/30 01:26:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Archivos de programa\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/03/13 11:59:20 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions\{8545daff-ad1e-493f-a37e-eed1ac79682b}
[2011/11/10 11:18:38 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Archivos de programa\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/13 01:12:59 | 000,001,392 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/05/13 01:12:59 | 000,002,252 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\bing.xml
[2011/05/13 01:12:59 | 000,001,153 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\eBay-de.xml
[2011/05/13 01:12:59 | 000,006,805 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/05/13 01:12:59 | 000,001,178 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/05/13 01:12:59 | 000,001,105 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - Extension: Click to call with Skype = C:\Documents and Settings\Richard\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\
 
O1 HOSTS File: ([2011/12/09 12:44:58 | 000,438,967 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        123topsearch.com
O1 - Hosts: 127.0.0.1        www.123topsearch.com
O1 - Hosts: 127.0.0.1        132.com
O1 - Hosts: 127.0.0.1        www.132.com
O1 - Hosts: 127.0.0.1        www.136136.net
O1 - Hosts: 127.0.0.1        136136.net
O1 - Hosts: 15097 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Archivos de programa\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Archivos de programa\ZoneAlarm\prxtbZon0.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Archivos de programa\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Archivos de programa\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Archivos de programa\ZoneAlarm\prxtbZon0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Archivos de programa\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (ZoneAlarm Spy Blocker Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Archivos de programa\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Archivos de programa\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - C:\Archivos de programa\ZoneAlarm\prxtbZon0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Archivos de programa\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [MobileBroadband] C:\Archivos de programa\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Archivos de programa\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [ZoneAlarm] C:\Archivos de programa\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [EPSON Stylus D92 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Richard\Datos de programa\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-1_3_1_18-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.166.210.80 212.73.32.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C950447-7608-49DB-9F4D-BE6ECA4BD806}: DhcpNameServer = 212.166.210.80 212.73.32.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5C15A04-3802-4380-ACDD-54E5F6BBD11D}: DhcpNameServer = 80.58.61.250 80.58.61.254
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll) - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/17 20:10:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/03/29 13:02:35 | 000,000,122 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{2243d31a-18ca-11e1-8ae4-001bb9e3cb78}\Shell - "" = AutoRun
O33 - MountPoints2\{2243d31a-18ca-11e1-8ae4-001bb9e3cb78}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe -- [2011/03/11 16:30:00 | 000,274,432 | R--- | M] (Vodafone)
O33 - MountPoints2\{33110226-19a6-11e1-8ae5-001bb9e3cb78}\Shell - "" = AutoRun
O33 - MountPoints2\{33110226-19a6-11e1-8ae5-001bb9e3cb78}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe -- [2011/03/11 16:30:00 | 000,274,432 | R--- | M] (Vodafone)
O33 - MountPoints2\{3bb89281-cdff-11de-8853-001bb9e3cb78}\Shell\AutoRun\command - "" = driver\usb\‡‘Š•†‘–Í€ŒŽ
O33 - MountPoints2\{3bb89281-cdff-11de-8853-001bb9e3cb78}\Shell\open\command - "" = driver\usb\‡‘Š•†‘–Í€ŒŽ
O33 - MountPoints2\{53d92a74-cdef-11de-884f-001bb9e3cb78}\Shell\AutoRun\command - "" = driver\usb\‡‘Š•†‘–Í€ŒŽ
O33 - MountPoints2\{53d92a74-cdef-11de-884f-001bb9e3cb78}\Shell\open\command - "" = driver\usb\‡‘Š•†‘–Í€ŒŽ
O33 - MountPoints2\{781ee5e4-f5bc-11e0-8aaa-001bb9e3cb78}\Shell - "" = AutoRun
O33 - MountPoints2\{781ee5e4-f5bc-11e0-8aaa-001bb9e3cb78}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{97d12ee9-1866-11e1-8ae3-001bb9e3cb78}\Shell - "" = AutoRun
O33 - MountPoints2\{97d12ee9-1866-11e1-8ae3-001bb9e3cb78}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe -- [2011/03/11 16:30:00 | 000,274,432 | R--- | M] (Vodafone)
O33 - MountPoints2\{a527d234-f50e-11e0-8aa7-001bb9e3cb78}\Shell - "" = AutoRun
O33 - MountPoints2\{a527d234-f50e-11e0-8aa7-001bb9e3cb78}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a527d235-f50e-11e0-8aa7-001bb9e3cb78}\Shell - "" = AutoRun
O33 - MountPoints2\{a527d235-f50e-11e0-8aa7-001bb9e3cb78}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe -- [2011/03/11 16:30:00 | 000,274,432 | R--- | M] (Vodafone)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Generación de gráficos vectoriales (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Enlace dinámico de datos HTML para Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Paquete para exploración sin conexión
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Autoría avanzada
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Ayuda de Internet Explorer
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Clases Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Actualización de seguridad para Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Herramientas de instalación de Internet Explorer
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Mejoras en la exploración
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Acceso al sitio de MSN
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Enlace dinámico de datos HTML
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BB0DCC5E-7477-3350-B5F5-7CE64E1E83B6} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Fuentes principales de Internet Explorer
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Programador de tareas
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - Ayuda de HTML
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "NMIndexingService"
MsConfig - Services: "PLFlash DeviceIoControl Service"
MsConfig - Services: "gusvc"
MsConfig - Services: "ASKService"
MsConfig - Services: "idsvc"
MsConfig - Services: "YahooAUService"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^McAfee Security Scan Plus.lnk -  - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Microsoft Office.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Richard^Menú Inicio^Programas^Inicio^ZooskMessenger.lnk -  - File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: C: - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= -  File not found
MsConfig - StartUpReg: FlashPlayerUpdate - hkey= - key= -  File not found
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= -  File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= -  File not found
MsConfig - StartUpReg: IMC - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
MsConfig - StartUpReg: ISW - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Archivos de programa\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Archivos de programa\Archivos comunes\Nero\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: OODefragTray - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: P17Helper - hkey= - key= -  File not found
MsConfig - StartUpReg: Persistence - hkey= - key= -  File not found
MsConfig - StartUpReg: PhonostarTimer - hkey= - key= - C:\Archivos de programa\phonostar\ps_timer.exe (phonostar)
MsConfig - StartUpReg: RegistryBooster - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Archivos de programa\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
MsConfig - StartUpReg: SpyHunter Security Suite - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Archivos de programa\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
MsConfig - StartUpReg: swg - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: V0220Mon.exe - hkey= - key= - C:\WINDOWS\V0220Mon.exe (Creative Technology Ltd.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/12/10 21:24:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Richard\Escritorio\OTL.exe
[2011/12/10 19:32:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Richard\Recent
[2011/12/07 18:48:56 | 003,552,208 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Richard\Escritorio\ccsetup313.exe
[2011/12/07 00:22:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Escritorio\freesmoke
[2011/12/04 14:04:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Escritorio\doris.tenerife
[2011/12/01 06:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Datos de programa\Skype
[2011/12/01 06:15:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Skype
[2011/11/28 09:49:15 | 000,026,496 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_juextctrl.sys
[2011/11/28 09:49:05 | 000,051,456 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcecm.sys
[2011/11/28 09:48:34 | 000,011,136 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys
[2011/11/28 09:48:01 | 000,102,784 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwusbdev.sys
[2011/11/27 07:41:40 | 000,085,760 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcacm.sys
[2011/11/27 07:40:51 | 000,072,832 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jubusenum.sys
[2011/11/27 07:40:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Vodafone
[2011/11/27 07:40:34 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Windows Sidebar
[2011/11/27 07:40:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Vodafone
[2011/11/27 07:40:19 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Vodafone
[2011/11/27 07:37:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Configuración local\Datos de programa\{39C0E0A2-0193-49A4-9D69-DABD740C37FE}
[2011/11/15 15:30:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Datos de programa\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2011/11/15 15:30:24 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Archivos comunes\Adobe AIR
[2011/11/12 07:35:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Check Point
[2011/11/12 07:35:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\CheckPoint
[2010/08/06 20:35:48 | 013,857,024 | ---- | C] (Media Fog Ltd.                                              ) -- C:\Archivos de programa\DriverUpdaterSetup-1.2.0.2090_multilang.exe
[2009/11/15 12:17:20 | 003,309,072 | ---- | C] (Piriform Ltd) -- C:\Archivos de programa\ccsetup224.exe
[2009/11/14 09:45:21 | 000,210,416 | ---- | C] (Check Point Software Technologies LTD) -- C:\Archivos de programa\zaSetup_es.exe
[2009/10/14 09:08:53 | 077,086,488 | ---- | C] (Lavasoft                                                                                                                                                                                                                                                                                                    ) -- C:\Archivos de programa\Ad-AwareInstallation.exe
[2009/06/27 17:12:19 | 037,452,296 | ---- | C] (Lavasoft                                                                                                                                                                                                                                                                                                    ) -- C:\Archivos de programa\Ad-AwareAE.exe
[2008/06/17 21:34:00 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/12/10 21:24:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard\Escritorio\OTL.exe
[2011/12/10 21:00:00 | 000,000,518 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2011/12/10 12:40:14 | 000,000,514 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/12/10 12:39:38 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/12/10 12:39:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/10 09:39:15 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/09 12:44:58 | 000,438,967 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/09 11:37:25 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Skype.lnk
[2011/12/08 15:56:29 | 000,062,758 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\hijo de puta.jpg
[2011/12/07 18:50:57 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\CCleaner.lnk
[2011/12/07 18:49:07 | 003,552,208 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Richard\Escritorio\ccsetup313.exe
[2011/12/07 16:16:10 | 000,006,330 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\xbox 360.jpg
[2011/12/07 08:40:37 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/12/07 08:40:37 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/12/04 14:03:01 | 005,142,775 | R--- | M] () -- C:\Documents and Settings\Richard\Escritorio\facebook-doris.tenerife.zip
[2011/11/28 09:49:16 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
[2011/11/28 09:49:14 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jucdcecm_01007.Wdf
[2011/11/27 07:41:43 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
[2011/11/27 07:40:59 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2011/11/27 07:40:58 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2011/11/27 07:40:36 | 000,001,996 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\SMS.lnk
[2011/11/27 07:40:36 | 000,001,946 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Vodafone Mobile Broadband.lnk
[2011/11/24 18:20:39 | 000,055,699 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\4576_20080827.jpg
[2011/11/22 11:02:13 | 000,049,581 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\Verknüpfung Film.jpg
[2011/11/18 21:31:43 | 000,000,111 | ---- | M] () -- C:\Documents and Settings\Richard\Datos de programa\AVSDVDPlayer.m3u
[2011/11/17 00:18:22 | 000,047,916 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\yo.png
[2011/11/16 17:53:11 | 000,003,807 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\lustige_witzige_bilder_rofl_kartoffel_de_13f8011e_01.04.11.jpg
[2011/11/13 10:17:50 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/11/13 10:14:48 | 000,000,832 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Ad-Aware.lnk
[2011/11/12 07:39:58 | 000,415,859 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/11/12 06:11:10 | 000,001,068 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\Reanudar la instalación de ZoneAlarm Security.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/12/08 15:56:29 | 000,062,758 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\hijo de puta.jpg
[2011/12/07 18:50:57 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\CCleaner.lnk
[2011/12/07 16:16:07 | 000,006,330 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\xbox 360.jpg
[2011/12/04 14:02:42 | 005,142,775 | R--- | C] () -- C:\Documents and Settings\Richard\Escritorio\facebook-doris.tenerife.zip
[2011/12/01 06:15:20 | 000,002,309 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Skype.lnk
[2011/11/28 09:49:16 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
[2011/11/28 09:49:14 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jucdcecm_01007.Wdf
[2011/11/27 07:41:43 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
[2011/11/27 07:40:59 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2011/11/27 07:40:58 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2011/11/27 07:40:36 | 000,001,996 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\SMS.lnk
[2011/11/27 07:40:36 | 000,001,946 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Vodafone Mobile Broadband.lnk
[2011/11/24 18:20:31 | 000,055,699 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\4576_20080827.jpg
[2011/11/22 11:02:12 | 000,049,581 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\Verknüpfung Film.jpg
[2011/11/17 00:18:22 | 000,047,916 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\yo.png
[2011/11/16 17:53:06 | 000,003,807 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\lustige_witzige_bilder_rofl_kartoffel_de_13f8011e_01.04.11.jpg
[2011/11/12 07:36:32 | 000,415,859 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/11/12 06:11:10 | 000,001,068 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\Reanudar la instalación de ZoneAlarm Security.lnk
[2011/09/08 09:52:48 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/04/25 10:26:07 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/25 10:26:07 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/03/24 08:50:52 | 000,226,366 | R--- | C] () -- C:\Documents and Settings\All Users\Datos de programa\DeviceManager.xml.rc4
[2010/08/07 14:27:06 | 001,801,933 | ---- | C] () -- C:\Archivos de programa\usbdrven.exe
[2010/08/07 14:24:12 | 000,004,990 | ---- | C] () -- C:\Documents and Settings\All Users\Datos de programa\mtbjfghn.xbe
[2009/11/12 22:17:10 | 033,961,728 | ---- | C] () -- C:\Archivos de programa\avira_antivir_personal_en.exe
[2009/11/10 17:10:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI
[2009/11/10 14:40:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Richard\Datos de programa\wklnhst.dat
[2009/10/29 17:18:50 | 008,432,640 | ---- | C] () -- C:\Archivos de programa\epson325180eu.exe
[2009/08/30 12:40:32 | 033,952,648 | ---- | C] () -- C:\Archivos de programa\zaSetup_80_298_000_en.exe
[2009/06/04 16:29:42 | 008,031,100 | ---- | C] () -- C:\Archivos de programa\setup.exe
[2009/05/02 23:06:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/10/13 09:52:17 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/10/12 09:09:45 | 000,000,580 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/11 20:26:57 | 000,036,972 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2008/08/14 17:03:15 | 000,000,180 | ---- | C] () -- C:\WINDOWS\sripper.ini
[2008/08/14 17:03:15 | 000,000,050 | ---- | C] () -- C:\WINDOWS\StreamRipper32.INI
[2008/07/09 07:29:34 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/06/22 17:29:41 | 000,000,111 | ---- | C] () -- C:\Documents and Settings\Richard\Datos de programa\AVSDVDPlayer.m3u
[2008/06/20 01:07:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/20 00:57:07 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/06/20 00:57:07 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/06/19 00:24:42 | 000,078,336 | ---- | C] () -- C:\Documents and Settings\Richard\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/19 00:03:35 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/06/18 12:18:34 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/17 21:35:04 | 000,003,118 | ---- | C] () -- C:\WINDOWS\System32\AudioDrv.ini
[2008/06/17 21:34:39 | 000,023,273 | ---- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2008/06/17 21:34:39 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/06/17 21:34:02 | 000,008,251 | R--- | C] () -- C:\WINDOWS\sfsyn.ini
[2008/06/17 21:34:01 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2008/06/17 21:34:00 | 000,137,216 | ---- | C] () -- C:\WINDOWS\System32\OemSpi.dll
[2008/06/17 21:22:13 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/06/17 20:13:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/06/17 20:08:42 | 000,021,900 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/06/17 19:48:44 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/06/17 19:47:49 | 000,279,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/20 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/20 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/20 12:00:00 | 000,498,986 | ---- | C] () -- C:\WINDOWS\System32\perfh00A.dat
[2004/08/20 12:00:00 | 000,436,190 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/20 12:00:00 | 000,317,534 | ---- | C] () -- C:\WINDOWS\System32\perfi00A.dat
[2004/08/20 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/20 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/20 12:00:00 | 000,087,068 | ---- | C] () -- C:\WINDOWS\System32\perfc00A.dat
[2004/08/20 12:00:00 | 000,068,906 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/20 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/20 12:00:00 | 000,036,284 | ---- | C] () -- C:\WINDOWS\System32\perfd00A.dat
[2004/08/20 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/20 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/20 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/20 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/20 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
 
========== LOP Check ==========
 
[2011/11/12 07:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\CheckPoint
[2009/10/29 17:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\EPSON
[2008/06/18 12:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Grisoft
[2011/11/07 22:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\InstallMate
[2008/10/12 14:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\MailFrontier
[2011/01/20 17:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Nexon
[2011/01/20 17:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\NexonEU
[2011/11/07 21:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Premium
[2008/08/01 23:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Propellerhead Software
[2009/11/10 12:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\TuneUp Software
[2011/11/27 07:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Vodafone
[2009/11/10 12:18:43 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Datos de programa\{55A29068-F2CE-456C-9148-C869879E2357}
[2011/10/28 16:22:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010/08/07 14:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Datos de programa\Carambis
[2010/07/02 11:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Datos de programa\CheckPoint
[2011/11/15 15:30:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Datos de programa\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2009/08/13 13:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Datos de programa\Deckadance
[2011/09/27 20:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Datos de programa\DVDVideoSoft
[2010/12/29 20:32:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Datos de programa\DVDVideoSoftIEHelpers
[2011/03/30 08:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Datos de programa\GetRightToGo
[2011/01/23 10:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Datos de programa\GlarySoft
[2008/07/22 13:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Datos de programa\ICQ Toolbar
[2009/02/24 12:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Datos de programa\MP3Rocket
[2008/06/26 22:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Datos de programa\Opera
[2009/11/10 13:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Datos de programa\phonostar-Player
[2011/11/08 16:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Datos de programa\PriceGong
[2008/08/06 23:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Datos de programa\Propellerhead Software
[2009/04/02 08:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Datos de programa\TeamViewer
[2009/11/10 12:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Datos de programa\TuneUp Software
[2011/01/10 14:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Datos de programa\Uniblue
[2011/11/27 07:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Datos de programa\Vodafone
[2009/09/04 15:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Datos de programa\Windows Live Writer
[2011/12/10 21:00:00 | 000,000,518 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
[2011/12/10 12:40:14 | 000,000,514 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/12/10 12:39:38 | 000,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011/12/10 12:37:05 | 000,000,000 | R--D | M] -- C:\Archivos de programa
[2008/06/23 19:05:08 | 000,000,000 | ---D | M] -- C:\audio
[2009/08/20 10:45:30 | 000,000,000 | ---D | M] -- C:\c6c789cd85c440803f4234b81cd618
[2009/10/29 17:21:28 | 000,000,000 | ---D | M] -- C:\Definitionen
[2008/10/12 13:39:54 | 000,000,000 | R--D | M] -- C:\Documents and Settings
[2009/10/29 17:21:28 | 000,000,000 | ---D | M] -- C:\Formulare
[2009/10/29 17:21:28 | 000,000,000 | ---D | M] -- C:\Lowcarb
[2009/11/10 13:08:27 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011/02/27 12:40:03 | 000,000,000 | ---D | M] -- C:\Nexon
[2010/01/24 00:39:22 | 000,000,000 | ---D | M] -- C:\Programme
[2008/06/17 20:16:14 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2009/11/12 21:52:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009/10/29 17:21:28 | 000,000,000 | ---D | M] -- C:\Video
[2008/06/18 19:20:47 | 000,000,000 | ---D | M] -- C:\Von Julio von anfang an
[2011/12/10 19:32:15 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
[2009/06/27 17:12:41 | 037,452,296 | ---- | M] (Lavasoft                                                                                                                                                                                                                                                                                                    ) -- C:\Archivos de programa\Ad-AwareAE.exe
[2009/10/14 09:11:17 | 077,086,488 | ---- | M] (Lavasoft                                                                                                                                                                                                                                                                                                    ) -- C:\Archivos de programa\Ad-AwareInstallation.exe
[2009/11/12 22:17:15 | 033,961,728 | ---- | M] () -- C:\Archivos de programa\avira_antivir_personal_en.exe
[2009/11/15 12:17:30 | 003,309,072 | ---- | M] (Piriform Ltd) -- C:\Archivos de programa\ccsetup224.exe
[2010/08/06 20:38:33 | 013,857,024 | ---- | M] (Media Fog Ltd.                                              ) -- C:\Archivos de programa\DriverUpdaterSetup-1.2.0.2090_multilang.exe
[2009/10/29 17:18:56 | 008,432,640 | ---- | M] () -- C:\Archivos de programa\epson325180eu.exe
[2009/06/04 16:29:55 | 008,031,100 | ---- | M] () -- C:\Archivos de programa\setup.exe
[2010/08/07 14:27:22 | 001,801,933 | ---- | M] () -- C:\Archivos de programa\usbdrven.exe
[2009/08/30 12:42:04 | 033,952,648 | ---- | M] () -- C:\Archivos de programa\zaSetup_80_298_000_en.exe
[2009/11/14 09:45:23 | 000,210,416 | ---- | M] (Check Point Software Technologies LTD) -- C:\Archivos de programa\zaSetup_es.exe
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2004/08/20 12:00:00 | 018,785,875 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 07:01:54 | 020,100,698 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 07:01:54 | 020,100,698 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004/08/20 12:00:00 | 018,785,875 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 07:01:54 | 020,100,698 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 07:01:54 | 020,100,698 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/20 12:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008/04/14 06:48:22 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2744C713F0217BD8FFD13E2EF731371C -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 06:48:22 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2744C713F0217BD8FFD13E2EF731371C -- C:\WINDOWS\system32\eventlog.dll
[2004/08/20 12:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=5696DF4EF09C375CE42FB2DDE1E68AB7 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2008/04/14 06:48:58 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=7522F548A84ABAD8FA516DE5AB3931EF -- C:\WINDOWS\explorer.exe
[2008/04/14 06:48:58 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=7522F548A84ABAD8FA516DE5AB3931EF -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/20 12:00:00 | 001,034,752 | ---- | M] (Microsoft Corporation) MD5=89C8DD146CEAF482D82822766437D93F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2004/08/20 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=7FD182B1B80117C353983565D60B1CAF -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/14 06:48:30 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=CD2BBB52DFAAB666B812A51B1E96F2A0 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 06:48:30 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=CD2BBB52DFAAB666B812A51B1E96F2A0 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008/04/14 06:48:36 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=B6BE3C96CD33336A551DB3F2299A8E69 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 06:48:36 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=B6BE3C96CD33336A551DB3F2299A8E69 -- C:\WINDOWS\system32\scecli.dll
[2004/08/20 12:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=C6347748F2E9F310EA1E1915482ABFEF -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004/08/20 12:00:00 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=5D5C9CC377A70D036816E7EA55F3CA73 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008/04/14 06:48:46 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=DA8898129E0075C7DE4DEE457514A73C -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/14 06:48:46 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=DA8898129E0075C7DE4DEE457514A73C -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2004/08/20 12:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=7B30B4D55B4562C733A5DDF6D6F72B3F -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 06:49:16 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=F5B8745B9A90EAF17E30C0574E049AA3 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 06:49:16 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=F5B8745B9A90EAF17E30C0574E049AA3 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008/04/14 06:49:16 | 000,510,976 | ---- | M] (Microsoft Corporation) MD5=213C80D912880BBF04453D09FFCCB28C -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 06:49:16 | 000,510,976 | ---- | M] (Microsoft Corporation) MD5=213C80D912880BBF04453D09FFCCB28C -- C:\WINDOWS\system32\winlogon.exe
[2004/08/20 12:00:00 | 000,505,344 | ---- | M] (Microsoft Corporation) MD5=FCB59D25D628B4D3181DC816D14679DD -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004/08/20 12:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004/08/20 12:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008/06/17 20:47:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008/06/17 20:47:04 | 000,643,072 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008/06/17 20:47:04 | 000,475,136 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2010/02/08 12:58:34 | 000,000,109 | ---- | M] () -- C:\Documents and Settings\Richard\default.pls
[2008/07/20 16:21:31 | 000,000,077 | -HS- | M] () -- C:\Documents and Settings\Richard\Desktop.ini
[2011/12/10 12:38:26 | 012,582,912 | ---- | M] () -- C:\Documents and Settings\Richard\ntuser.dat
[2011/12/10 21:30:10 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Richard\ntuser.dat.LOG
[2011/12/10 12:38:26 | 000,000,304 | -HS- | M] () -- C:\Documents and Settings\Richard\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011/03/03 13:53:03 | 001,858,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<          >

< End of report >
--- --- ---

Santi 10.12.2011 22:41
... der Extra-Text:OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 10/12/2011 21:26:31 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Documents and Settings\Richard\Escritorio
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy
 
1,99 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 65,55% Memory free
3,84 Gb Paging File | 3,08 Gb Available in Paging File | 80,31% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 146,48 Gb Total Space | 50,24 Gb Free Space | 34,30% Space Free | Partition Type: NTFS
Drive D: | 86,39 Gb Total Space | 55,08 Gb Free Space | 63,75% Space Free | Partition Type: NTFS
Drive F: | 44,13 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: RICHHOUSE | User Name: Richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Archivos de programa\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Archivos de programa\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Archivos de programa\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Archivos de programa\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"110:TCP" = 110:TCP:*:Enabled:mail1
"25:TCP" = 25:TCP:*:Enabled:mail2
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Archivos de programa\Java\jre1.6.0_07\bin\javaw.exe" = C:\Archivos de programa\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\All Users\Datos de programa\NexonEU\NGM\NGM.exe" = C:\Documents and Settings\All Users\Datos de programa\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{12E0A949-8861-35F8-B7ED-5658788A7BFE}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - ESN
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
"{298B7460-A43A-3083-B295-75547FC68392}" = Microsoft .NET Framework 3.5 Language Pack - esn
"{2B120B1D-1908-4FB3-8C9D-72128A74E80A}" = ZoneAlarm Security
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C9C0A-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51AFB69C-1C54-4C77-A888-2860F8CD3E7D}" = Paint.NET v3.31
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53E2DCBB-E6F7-4C83-B1EF-F78435B9814E}" = Sound Blaster X-Fi Xtreme Audio
"{542068F1-9AAE-4E1B-8ACA-094FE03728BE}" = Carambis Driver Updater
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{68249B78-B714-11D7-88E8-0050DA21757E}" = Java 2 Runtime Environment Standard Edition v1.3.1_18
"{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband Lite
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.9.0
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-0020-0C0A-0000-0000000FF1CE}" = Paquete de compatibilidad para 2007 Office system
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A386CC19-1E79-4D4C-A54B-C8747871E4AD}" = ZoneAlarm Firewall
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B3FA7296-C3B1-4370-9ADE-9DFCF487D406}" = Ad-Aware
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB0DCC5E-7477-3350-B5F5-7CE64E1E83B6}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - ESN
"{BE282C23-5484-47FF-B2C1-EBEA5C891034}" = Nero 8
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASIO4ALL" = ASIO4ALL
"Ask Toolbar_is1" = ZoneAlarm Spy Blocker Toolbar
"AudioCS" = Consola de audio de Creative
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"CCleaner" = CCleaner
"Collab" = Collab
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative VF0220" = Creative Live! Cam Video IM Driver (1.01.01.00)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = Software de impresora EPSON
"File Shredder_is1" = File Shredder 2.0
"FL Studio 8" = FL Studio 8
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"Glary Utilities_is1" = Glary Utilities 2.29.0.1032
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IL Download Manager" = IL Download Manager
"IsoBuster_is1" = IsoBuster 2.3
"Microsoft .NET Framework 3.5 Language Pack - esn" = Paquete de idioma de Microsoft .NET Framework 3.5 - esn
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"MP3 Rocket" = MP3 Rocket
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"phonostarRadioPlayer_is1" = phonostar-Player Version 2.01.2
"PoiZone" = PoiZone
"Reason4_is1" = Reason 4.0
"ReValver" = ReValver
"SysInfo" = Información del sistema de Creative
"Toxic Biohazard" = Toxic Biohazard
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Warp VST V1.0" = Warp VST V1.0
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Reproductor de Windows Media 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ZoneAlarm Free" = ZoneAlarm Free
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 02/12/2011 4:21:59 | Computer Name = RICHHOUSE | Source = VmbService | ID = 0
Description = conflictManagerTypeValue
 
Error - 04/12/2011 4:04:52 | Computer Name = RICHHOUSE | Source = VmbService | ID = 0
Description = conflictManagerTypeValue
 
Error - 05/12/2011 4:17:50 | Computer Name = RICHHOUSE | Source = Avira AntiVir | ID = 4122
Description = Unable to load file <AVEvtLog>.  Returned error code:
 
Error - 05/12/2011 4:18:12 | Computer Name = RICHHOUSE | Source = VmbService | ID = 0
Description = conflictManagerTypeValue
 
Error - 06/12/2011 4:41:34 | Computer Name = RICHHOUSE | Source = VmbService | ID = 0
Description = conflictManagerTypeValue
 
Error - 07/12/2011 4:40:13 | Computer Name = RICHHOUSE | Source = VmbService | ID = 0
Description = conflictManagerTypeValue
 
Error - 07/12/2011 4:40:58 | Computer Name = RICHHOUSE | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
 
Error - 08/12/2011 4:56:46 | Computer Name = RICHHOUSE | Source = VmbService | ID = 0
Description = conflictManagerTypeValue
 
Error - 10/12/2011 5:39:58 | Computer Name = RICHHOUSE | Source = VmbService | ID = 0
Description = conflictManagerTypeValue
 
Error - 10/12/2011 8:40:06 | Computer Name = RICHHOUSE | Source = VmbService | ID = 0
Description = conflictManagerTypeValue
 
[ System Events ]
Error - 30/11/2011 1:27:39 | Computer Name = RICHHOUSE | Source = Dhcp | ID = 1002
Description = La concesión de la dirección IP 62.87.57.155 para la tarjeta de red
 con la dirección de red 582C80139263 ha sido  denegada por el servidor DHCP 212.166.221.177
 (el servidor DHCP envió un mensaje DHCPNACK).
 
Error - 01/12/2011 0:51:55 | Computer Name = RICHHOUSE | Source = Dhcp | ID = 1002
Description = La concesión de la dirección IP 212.166.221.184 para la tarjeta de
 red con la dirección de red 582C80139263 ha sido  denegada por el servidor DHCP 212.73.44.210
 (el servidor DHCP envió un mensaje DHCPNACK).
 
Error - 02/12/2011 4:26:00 | Computer Name = RICHHOUSE | Source = Dhcp | ID = 1002
Description = La concesión de la dirección IP 212.73.44.209 para la tarjeta de red
 con la dirección de red 582C80139263 ha sido  denegada por el servidor DHCP 212.73.50.209
 (el servidor DHCP envió un mensaje DHCPNACK).
 
Error - 04/12/2011 4:11:34 | Computer Name = RICHHOUSE | Source = Dhcp | ID = 1002
Description = La concesión de la dirección IP 212.73.50.215 para la tarjeta de red
 con la dirección de red 582C80139263 ha sido  denegada por el servidor DHCP 62.87.99.49
 (el servidor DHCP envió un mensaje DHCPNACK).
 
Error - 05/12/2011 4:21:09 | Computer Name = RICHHOUSE | Source = Dhcp | ID = 1002
Description = La concesión de la dirección IP 62.87.99.51 para la tarjeta de red
 con la dirección de red 582C80139263 ha sido  denegada por el servidor DHCP 31.4.17.65
 (el servidor DHCP envió un mensaje DHCPNACK).
 
Error - 06/12/2011 4:46:24 | Computer Name = RICHHOUSE | Source = Dhcp | ID = 1002
Description = La concesión de la dirección IP 31.4.17.79 para la tarjeta de red
con la dirección de red 582C80139263 ha sido  denegada por el servidor DHCP 62.87.108.193
 (el servidor DHCP envió un mensaje DHCPNACK).
 
Error - 07/12/2011 4:42:43 | Computer Name = RICHHOUSE | Source = Dhcp | ID = 1002
Description = La concesión de la dirección IP 62.87.108.224 para la tarjeta de red
 con la dirección de red 582C80139263 ha sido  denegada por el servidor DHCP 31.4.21.193
 (el servidor DHCP envió un mensaje DHCPNACK).
 
Error - 08/12/2011 5:01:27 | Computer Name = RICHHOUSE | Source = Dhcp | ID = 1002
Description = La concesión de la dirección IP 31.4.21.223 para la tarjeta de red
 con la dirección de red 582C80139263 ha sido  denegada por el servidor DHCP 62.87.96.201
 (el servidor DHCP envió un mensaje DHCPNACK).
 
Error - 10/12/2011 5:41:57 | Computer Name = RICHHOUSE | Source = Dhcp | ID = 1002
Description = La concesión de la dirección IP 62.87.96.202 para la tarjeta de red
 con la dirección de red 582C80139263 ha sido  denegada por el servidor DHCP 212.166.227.73
 (el servidor DHCP envió un mensaje DHCPNACK).
 
Error - 10/12/2011 8:41:53 | Computer Name = RICHHOUSE | Source = Dhcp | ID = 1002
Description = La concesión de la dirección IP 212.166.227.76 para la tarjeta de
red con la dirección de red 582C80139263 ha sido  denegada por el servidor DHCP 62.87.72.57
 (el servidor DHCP envió un mensaje DHCPNACK).
 
 
< End of report >
--- --- ---

markusg 12.12.2011 16:10
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

Santi 13.12.2011 09:42
Combofix Logfile:
Code:
ComboFix 11-12-12.02 - Richard 13/12/2011  8:27.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.34.3082.18.2039.1308 [GMT 0:00]
Running from: c:\documents and settings\Richard\Escritorio\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: ZoneAlarm Free Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\archivos de programa\DriverUpdaterSetup-1.2.0.2090_multilang.exe
c:\archivos de programa\epson325180eu.exe
c:\archivos de programa\Setup.exe
c:\documents and settings\Richard\Datos de programa\Microsoft\stor.cfg
c:\documents and settings\Richard\Datos de programa\PriceGong
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\1.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\a.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\b.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\c.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\d.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\e.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\f.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\g.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\h.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\i.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\J.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\k.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\l.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\m.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\mru.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\n.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\o.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\p.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\q.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\r.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\s.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\t.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\u.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\v.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\w.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\x.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\y.xml
c:\documents and settings\Richard\Datos de programa\PriceGong\Data\z.xml
c:\windows\system32\tmp.reg
D:\setup.exe
.
.
(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SVLOSTSERVICES
.
.
(((((((((((((((((((((((((  Files Created from 2011-11-13 to 2011-12-13  )))))))))))))))))))))))))))))))
.
.
2011-12-01 06:25 . 2011-12-13 08:33        --------        d-----w-        c:\documents and settings\Richard\Datos de programa\Skype
2011-11-28 09:49 . 2011-03-24 08:53        26496        ----a-r-        c:\windows\system32\drivers\ew_juextctrl.sys
2011-11-28 09:49 . 2011-03-24 08:53        51456        ----a-r-        c:\windows\system32\drivers\ew_jucdcecm.sys
2011-11-28 09:48 . 2011-03-24 08:53        11136        ----a-r-        c:\windows\system32\drivers\ew_usbenumfilter.sys
2011-11-28 09:48 . 2011-03-24 08:53        102784        ----a-r-        c:\windows\system32\drivers\ew_hwusbdev.sys
2011-11-27 07:41 . 2011-03-24 08:53        85760        ----a-r-        c:\windows\system32\drivers\ew_jucdcacm.sys
2011-11-27 07:40 . 2008-03-21 13:57        14640        ------w-        c:\windows\system32\spmsgXP_2k3.dll
2011-11-27 07:40 . 2011-03-24 08:53        72832        ----a-r-        c:\windows\system32\drivers\ew_jubusenum.sys
2011-11-27 07:40 . 2011-03-24 08:53        1112288        ----a-r-        c:\windows\system32\wdfcoinstaller01007.dll
2011-11-27 07:40 . 2011-11-27 07:40        --------        d-----w-        c:\archivos de programa\Windows Sidebar
2011-11-27 07:40 . 2011-11-27 07:40        --------        d-----w-        c:\documents and settings\All Users\Datos de programa\Vodafone
2011-11-27 07:40 . 2011-11-27 07:40        --------        d-----w-        c:\archivos de programa\Vodafone
2011-11-27 07:37 . 2011-11-27 07:37        --------        d-----w-        c:\documents and settings\Richard\Configuración local\Datos de programa\{39C0E0A2-0193-49A4-9D69-DABD740C37FE}
2011-11-15 15:30 . 2011-11-15 15:30        --------        d-----w-        c:\documents and settings\Richard\Datos de programa\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
2011-11-15 15:30 . 2011-11-15 15:30        --------        d-----w-        c:\archivos de programa\Archivos comunes\Adobe AIR
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-04 08:12 . 2011-07-22 19:52        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-13 10:17 . 2011-09-08 09:52        16432        ----a-w-        c:\windows\system32\lsdelete.exe
2011-11-03 12:06 . 2010-01-29 11:24        64512        ----a-w-        c:\windows\system32\drivers\Lbd.sys
2010-08-07 14:27 . 2010-08-07 14:27        1801933        ----a-w-        c:\archivos de programa\usbdrven.exe
2009-11-15 12:17 . 2009-11-15 12:17        3309072        ----a-w-        c:\archivos de programa\ccsetup224.exe
2009-11-14 09:45 . 2009-11-14 09:45        210416        ----a-w-        c:\archivos de programa\zaSetup_es.exe
2009-11-12 22:17 . 2009-11-12 22:17        33961728        ----a-w-        c:\archivos de programa\avira_antivir_personal_en.exe
2009-10-14 09:11 . 2009-10-14 09:08        77086488        ----a-w-        c:\archivos de programa\Ad-AwareInstallation.exe
2009-08-30 12:42 . 2009-08-30 12:40        33952648        ----a-w-        c:\archivos de programa\zaSetup_80_298_000_en.exe
2009-06-27 17:12 . 2009-06-27 17:12        37452296        ----a-w-        c:\archivos de programa\Ad-AwareAE.exe
2009-04-15 20:24 . 2009-04-15 20:24        1044480        ----a-w-        c:\archivos de programa\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24        200704        ----a-w-        c:\archivos de programa\mozilla firefox\plugins\ssldivx.dll
2011-11-10 11:18 . 2011-05-13 01:12        134104        ----a-w-        c:\archivos de programa\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\archivos de programa\DVDVideoSoftTB\prxtbDVD2.dll" [2011-05-09 176936]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\archivos de programa\ZoneAlarm\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 18:22        333192        ----a-w-        c:\archivos de programa\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
2011-05-09 09:49        176936        ----a-w-        c:\archivos de programa\ZoneAlarm\prxtbZon0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 09:49        176936        ----a-w-        c:\archivos de programa\DVDVideoSoftTB\prxtbDVD2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\archivos de programa\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\archivos de programa\DVDVideoSoftTB\prxtbDVD2.dll" [2011-05-09 176936]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\archivos de programa\ZoneAlarm\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\archivos de programa\DVDVideoSoftTB\prxtbDVD2.dll" [2011-05-09 176936]
"{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}"= "c:\archivos de programa\ZoneAlarm\prxtbZon0.dll" [2011-05-09 176936]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\archivos de programa\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\archivos de programa\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\archivos de programa\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-02-28 180224]
"avgnt"="c:\archivos de programa\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe" [2011-04-08 254696]
"ZoneAlarm"="c:\archivos de programa\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-09 73360]
"MobileBroadband"="c:\archivos de programa\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2011-03-29 408576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\archivos de programa\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21        548352        ----a-w-        c:\archivos de programa\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0OODBS\0lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Richard^Menú Inicio^Programas^Inicio^ZooskMessenger.lnk]
path=c:\documents and settings\Richard\Menú Inicio\Programas\Inicio\ZooskMessenger.lnk
backup=c:\windows\pss\ZooskMessenger.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\windows\system32
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38        34672        ----a-w-        c:\archivos de programa\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\windows\system32\V0220Cvw.dll]
2006-05-23 17:00        245760        ----a-r-        c:\windows\system32\V0220Cvw.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 06:48        15360        ----a-w-        c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 11:44        31072        ----a-w-        c:\archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-15 11:46        159744        ----a-w-        c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-15 11:46        135168        ----a-w-        c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 16:07        1828136        ----a-w-        c:\archivos de programa\Archivos comunes\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 15:29        2221352        ----a-w-        c:\archivos de programa\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-02-28 08:59        570664        ----a-w-        c:\archivos de programa\Archivos comunes\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
2006-07-03 04:43        10752        ----a-w-        c:\windows\system32\SPIRun.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-15 11:46        131072        ----a-w-        c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhonostarTimer]
2009-05-13 18:35        126976        ----a-w-        c:\archivos de programa\phonostar\ps_timer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 09:27        17351304        ----a-r-        c:\archivos de programa\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 15:31        2144088        ------w-        c:\archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 03:27        144784        ----a-w-        c:\archivos de programa\Java\jre1.6.0_07\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-07-05 23:57        2424192        ----a-w-        c:\archivos de programa\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0220Mon.exe]
2006-06-28 17:01        32768        ----a-r-        c:\windows\V0220Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)
"PLFlash DeviceIoControl Service"=2 (0x2)
"gusvc"=3 (0x3)
"ASKService"=2 (0x2)
"idsvc"=3 (0x3)
"YahooAUService"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"PDFPrint"=c:\archivos de programa\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\All Users\\Datos de programa\\NexonEU\\NGM\\NGM.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"110:TCP"= 110:TCP:mail1
"25:TCP"= 25:TCP:mail2
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [29/01/2010 11:24 64512]
R1 SASDIFSV;SASDIFSV;c:\archivos de programa\SUPERAntiSpyware\SASDIFSV.SYS [05/01/2010 7:56 12872]
R1 SASKUTIL;SASKUTIL;c:\archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 7:56 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\archivos de programa\Avira\AntiVir Desktop\sched.exe [12/11/2009 22:18 108289]
R2 VmbService;Servicio de Vodafone Mobile Broadband;c:\archivos de programa\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [29/03/2011 7:47 9216]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [28/11/2011 9:48 11136]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [27/11/2011 7:41 85760]
R3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\drivers\ew_jucdcecm.sys [28/11/2011 9:49 51456]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [27/11/2011 7:40 72832]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [28/11/2011 9:49 26496]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\archivos de programa\Lavasoft\Ad-Aware\AAWService.exe [03/11/2011 12:06 2152152]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [28/11/2011 9:48 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [12/10/2011 20:15 113280]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [13/10/2011 7:17 100736]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\archivos de programa\Lavasoft\Ad-Aware\kernexplorer.sys [03/11/2011 12:06 15232]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [20/08/2004 12:00 14336]
S3 SASENUM;SASENUM;c:\archivos de programa\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 7:56 12872]
S3 V0220Dev;Live! Cam Video IM;c:\windows\system32\drivers\V0220Dev.sys [28/06/2008 0:09 146112]
S3 V0220Vfx;V0220VFX;c:\windows\system32\drivers\V0220Vfx.sys [28/06/2008 0:09 6272]
S4 ASKService;ASKService;c:\archivos de programa\AskBarDis\bar\bin\AskService.exe [14/11/2009 9:57 464264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper        REG_MULTI_SZ          nosGetPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-13 c:\windows\Tasks\1-Klick-Wartung.job
- c:\archivos de programa\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-13 12:03]
.
2011-12-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\archivos de programa\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 12:06]
.
2011-12-13 c:\windows\Tasks\GlaryInitialize.job
- c:\archivos de programa\Glary Utilities\initialize.exe [2010-11-19 21:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2431245
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\Richard\Datos de programa\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\archiv~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.166.210.80 212.73.32.67
FF - ProfilePath - c:\documents and settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856415&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Elf 1 Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856415&q=
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 4001
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 4001
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 4001
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 4001
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 4001
FF - prefs.js: network.proxy.type - 4
 
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-13 08:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="8A1CC5C8210CE46DBE5D9AE35AB484E7C562BECFBDA35CAC5E6F657206CF8DCA1925BB9B4A689CEA42BA380E55596F68224BBA1FC65B147906AE7AE6891558DE9FE0CDFE185332332D83B3CB8FC3793AFDE1B5E4154E704C338D9AF58C731BC8E88BE7CD19BF681F990BACDBF4D02BE55D31A55C9263DFFE787431FD15F7495136850AA691FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A9C6AECB7A5D1407A2D97226D213B5554A451A68F497920BE8B0CF7FA44F27E2CEC59320325242BFDB8F4FE43979C89D37CDA05F4E48F96DF30B126B6725B1DB45895E625CF039E6BDF4C89568601FBE22F2831A4C33AC7B50F4A4E6F4B06025ACE22EBEB7F8FC03269425F11A262BC4C99BB563AF3CA073E3D7EA69056968B635E0F6FB931828EBAF42872ED54D8506CF002BF9DADA9046FA714BE0F1DC44C0F267B0D1E610152BD7259870CC6C0C89BBAD5E12D419F99A44D3302BBDAAB5A4DE2B566ECA35630200B905504E2DDE0C77044DD1C71720495465899D0B07BC7AD4B86671F971F8E4EB4EFE5ED14F64FE5038F955848807E0A0DEC8FE22BA228A966DE6EFD6C17D78C787389BEFA3C5857AD2E8AA7BB4FA21064FE38DEEA07155C6FDDE7365385C1A1FDEECFE67906F780BB1245444760A80C296D67781ABF90DEDEED8794FF8C659639CD671999192E47D0539C99A3C05287C6B20E10D5DCD967A9DE57262BDAF79EA63B7D08C33248B2FD1BAF65D8B0276B758C1E3E94FC30F3AB619C20D535072EDA6546F6A985E60E26FBC3A0E79DCFB62BA4389942EF7C3633D0945E61CA46E0BAC75940277BC0DBE0CDA66D532B17EC944AED2ACB84AB50D0853C5260D6CCD4212E678431C026CCDA8B043FCF3E47823FA9235F4C5DB1E35C316842AAE2BA47A477AC9C46232107E99618AF4941B950537031757BA95663B6CF5B8729E2AB9FB8F04ABC1BD973B2287116C4FF83EB96A2894D45D95A12CE3569989A30F7588F5815CB21634BE6871EE6B0C421D7DF7B2CF62BFB9E66FC25628AD940844DCC1F68BDFE8C56078C204229D7E2A90C99B22038C1A3DD03231A05CE06B8B97F4C7F6EAEF4D74F05A2B5AC3D7D185F6DBA1606BB39C628E61B1B2C1E7923F7516B14DB47151ED263DB6D4CD5082F6072A3C778880F3C36AB73260FB7982D7615BCCB9D0CBDA9FD7BE2D3C0D4285458BF4CFD82A9C3FA045B455E200D1A8AEEEA417DA79EB459AF03F0BB821E840DB64BEF55577B512DE131BF1D69AB0E640C797C4B841C35B166E6581DA01880FC805CDFBA5690075855D72133B695911ADA91C3D3B094663EA6319749373E43FC0742B6565CD32E540BE8576755E93F0BCE55D1C2F0AED1017F487FCB9964795984EA465144685"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1120)
c:\archivos de programa\SUPERAntiSpyware\SASWINLO.dll
.
- - - - - - - > 'explorer.exe'(768)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\archivos de programa\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\CTsvcCDA.exe
c:\archivos de programa\Java\jre6\bin\jqs.exe
c:\archivos de programa\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2011-12-13  08:38:51 - machine was rebooted
ComboFix-quarantined-files.txt  2011-12-13 08:38
.
Pre-Run: 53.762.695.168 bytes libres
Post-Run: 53.698.338.816 bytes libres
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 3CEA77A86ECA837870EBFECE0C608CF7
--- --- ---

Santi 13.12.2011 09:50
Hallo Markus ..

bei anderen Seiten, die ich besuche, bekomme ich es ja nicht mit - nur fb schickt mir jedesmal eine Mail, wenn sich jemand von einem anderen Computer einloggt auf meinem Account. Es sind Zeiten, in denen ich selbst bereits online bin oder Zeiten, zu denen ich unter Garantie den Computer runtergefahren hatte .. nachts z.B.

Sie schicken auch die IP mit .. hilft es, wenn ich mal solche Mails hier poste?

... LG Santi

markusg 13.12.2011 13:00
hast du den proxy dort selbst eingerichtet?

Santi 14.12.2011 09:31
.. Nein, hab ich nicht.
Kannst du schon was sagen :confused: - irgendwie trau ich mich gar nichts mehr zu machen am PC...

markusg 14.12.2011 14:03
immer erst mal mit der ruhe.
öffne internet explorer, internet optionen, verbindung, lanverbindung.
eintrag bei proxy löschen, keinen proxy verwenden auswählen.
übernehmen ok.
öffne firefox, öffne extras öffne einstellungen.
erweitert, netzwerk, keinen proxy verwenden, ok klicken.

malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Santi 15.12.2011 08:36
Die Proxy-Einstellungen habe ich entsprechend erledigt.

Bei Malwarebytes allerdings gibt es ein Problem. Es lässt sich nicht ausführen, weil die MSVBVM60.DLL nicht gefunden wird.

markusg 15.12.2011 13:34
lade hitmanpro
http://dl.surfright.nl/HitmanPro36beta2.exe
doppelklicken,settings license, testlicense.
scanner wählen, funde in quarantäne und im letzten schritt das log speichern und hier posten

Santi 16.12.2011 10:40
Hat nichts gefunden - ausser 4 Cookies ...

markusg 16.12.2011 12:35
zeigt zonealarm noch meldungen?

Santi 16.12.2011 13:41
ja - bei jeder Anmeldung ..

habe soeben den PC neu gestartet und Hitman hat gemeldet, dass IE über Proxy aufs Internet zugreift .. ich bin aber immer! mit Firefox drin .. IE benutze ich gar nicht und zudem hab ich doch Proxy deaktiviert ... ?!?

markusg 16.12.2011 13:45
läuft denn im taskmanager die iexplore.exe?
hab mir schon fast gedacht das wirs nicht haben, aber bisher wurde auch noch nichts weiter angezeigt, deswegen fragte ich.
downloade mbr check:
http://ad13.geekstogo.com/MBRCheck.exe
doppelklicken log posten

Santi 16.12.2011 13:47
nein .. läuft nicht .. habe es bei Hitman "reparieren" lassen, habe aber jeden Tag im Autostart IE-Helper - zwei Einträge, die ich jeden deaktiviere und jeden Tag sind sie wieder da .. könnte auch an Skype liegen, oder??

Santi 16.12.2011 13:49
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 123):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E6000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F78000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F67000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F48000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F30000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9F10000 fltmgr.sys
0xB9EFE000 sr.sys
0xBA0F8000 Lbd.sys
0xBA108000 PxHelp20.sys
0xB9EE7000 KSecDD.sys
0xB9ED4000 WudfPf.sys
0xB9E47000 Ntfs.sys
0xB9E1A000 NDIS.sys
0xB9E00000 Mup.sys
0xBA188000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB8E36000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB8E22000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8E08000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0xBA438000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8DE4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA440000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8C82000 \SystemRoot\system32\drivers\P17xfi.sys
0xB8C5E000 \SystemRoot\system32\drivers\portcls.sys
0xBA198000 \SystemRoot\system32\drivers\drmk.sys
0xB8C3B000 \SystemRoot\system32\drivers\ks.sys
0xB8C09000 \SystemRoot\system32\DRIVERS\ctoss2k.sys
0xB8BE2000 \SystemRoot\system32\DRIVERS\ctsfm2k.sys
0xB8A4B000 \SystemRoot\system32\drivers\p17xfilt.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA448000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA450000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA6C9000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA58C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8A34000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA208000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA458000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8A23000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA218000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA460000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA468000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA228000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5CC000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB89C5000 \SystemRoot\system32\DRIVERS\update.sys
0xBA598000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB89B3000 \SystemRoot\system32\DRIVERS\ew_jubusenum.sys
0xBA238000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB8937000 \SystemRoot\System32\Drivers\wdf01000.sys
0xBA248000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA268000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5CE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA5D0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7C8000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5D2000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA488000 \SystemRoot\System32\drivers\vga.sys
0xBA5D4000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5D6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA490000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA498000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9DC4000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA87FF000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA87A6000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA8758000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA8730000 \SystemRoot\system32\DRIVERS\netbt.sys
0xBA288000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA86B1000 \SystemRoot\System32\vsdatant.sys
0xA868F000 \SystemRoot\System32\drivers\afd.sys
0xBA298000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xA866D000 \??\C:\Archivos de programa\SUPERAntiSpyware\SASKUTIL.sys
0xBA4A8000 \??\C:\Archivos de programa\SUPERAntiSpyware\SASDIFSV.SYS
0xA8642000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA85D2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA2A8000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA4B0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xA8574000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xBA5E2000 \??\C:\Archivos de programa\Avira\AntiVir Desktop\avgio.sys
0xBA2E8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBA378000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA558000 \SystemRoot\system32\DRIVERS\ew_usbenumfilter.sys
0xA84BF000 \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys
0xBA380000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA308000 \SystemRoot\system32\DRIVERS\ew_jucdcecm.sys
0xBA388000 \SystemRoot\system32\DRIVERS\ew_juextctrl.sys
0xA84A7000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5F0000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA56C000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA390000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA783000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xBF47A000 \SystemRoot\System32\ATMFD.DLL
0xA8353000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA81FD000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys
0xA83FF000 \SystemRoot\system32\DRIVERS\nwlnknb.sys
0xA832F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA7F90000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA278000 \SystemRoot\system32\drivers\sysaudio.sys
0xA7E52000 \SystemRoot\system32\drivers\ctusfsyn.sys
0xA791A000 \SystemRoot\system32\DRIVERS\srv.sys
0xA7AFA000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys
0xA74EE000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 42):
0 System Idle Process
4 System
772 C:\WINDOWS\system32\smss.exe
1092 csrss.exe
1116 C:\WINDOWS\system32\winlogon.exe
1176 C:\WINDOWS\system32\services.exe
1188 C:\WINDOWS\system32\lsass.exe
1408 C:\WINDOWS\system32\svchost.exe
1508 svchost.exe
1548 C:\WINDOWS\system32\svchost.exe
1592 C:\WINDOWS\system32\svchost.exe
1756 C:\Archivos de programa\HitmanPro\hmpsched.exe
1876 svchost.exe
124 svchost.exe
188 C:\Archivos de programa\CheckPoint\ZoneAlarm\vsmon.exe
560 C:\WINDOWS\system32\spoolsv.exe
608 C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
620 C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe
1052 C:\WINDOWS\explorer.exe
312 C:\Archivos de programa\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
340 C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe
348 C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
388 C:\Archivos de programa\CheckPoint\ZoneAlarm\zatray.exe
392 C:\Archivos de programa\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
336 C:\Archivos de programa\Skype\Phone\Skype.exe
736 C:\WINDOWS\system32\ctfmon.exe
1952 C:\WINDOWS\system32\CTSVCCDA.EXE
2136 C:\Archivos de programa\Java\jre6\bin\jqs.exe
2272 C:\Archivos de programa\Nero\Nero8\Nero BackItUp\NBService.exe
2676 C:\WINDOWS\system32\svchost.exe
2780 C:\WINDOWS\system32\TUProgSt.exe
2892 C:\Archivos de programa\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
3484 C:\WINDOWS\system32\wbem\wmiapsrv.exe
3524 wmiprvse.exe
3580 alg.exe
2032 C:\Archivos de programa\Lavasoft\Ad-Aware\AAWTray.exe
4060 C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe
2392 unsecapp.exe
2788 C:\WINDOWS\system32\wuauclt.exe
3832 C:\Archivos de programa\Mozilla Firefox\firefox.exe
1240 C:\Archivos de programa\Mozilla Firefox\plugin-container.exe
2452 C:\Documents and Settings\Richard\Escritorio\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000024`9ed8e200 (NTFS)

PhysicalDrive0 Model Number: ST3250820AS, Rev: 3.CHL

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: 9CFC8D75A9B3B79AD2D82DDC3A8E515904016E5A


Done!

Santi 16.12.2011 13:54
taskmanager: die explorer.exe läuft

markusg 16.12.2011 14:57
sieht gut aus.
poste mir mal ne neue otl.txt
evtl reagiert zonealarm da einfach nur überzogen und es gibt keine gefahr, wäre auch nicht das erste mal
diese hitmanpro meldung wegen des proxys wundert mich halt.

Santi 16.12.2011 15:12
okay - mach ich gleich .. also otl

was ist dann aber mit diesen Meldungen von fb, dass sich zu allen möglichen Zeiten jemand bei mir einloggt ?

otl poste ich gleich .. mom

Santi 16.12.2011 15:26
OTL Logfile:
Code:
OTL logfile created on: 16/12/2011 14:13:57 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Documents and Settings\Richard\Escritorio
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy
 
1,99 Gb Total Physical Memory | 1,02 Gb Available Physical Memory | 51,08% Memory free
3,84 Gb Paging File | 3,05 Gb Available in Paging File | 79,48% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 146,48 Gb Total Space | 49,89 Gb Free Space | 34,06% Space Free | Partition Type: NTFS
Drive D: | 86,39 Gb Total Space | 55,08 Gb Free Space | 63,75% Space Free | Partition Type: NTFS
Drive F: | 44,13 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: RICHHOUSE | User Name: Richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/12/15 19:26:11 | 000,097,600 | ---- | M] (SurfRight B.V.) -- C:\Archivos de programa\HitmanPro\hmpsched.exe
PRC - [2011/12/10 21:24:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard\Escritorio\OTL.exe
PRC - [2011/11/10 11:18:38 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Archivos de programa\Mozilla Firefox\firefox.exe
PRC - [2011/11/09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Archivos de programa\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/11/09 20:01:38 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Archivos de programa\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/11/03 12:06:56 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Archivos de programa\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/04/08 11:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
PRC - [2011/03/29 07:48:10 | 000,408,576 | ---- | M] (Vodafone) -- C:\Archivos de programa\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
PRC - [2011/03/29 07:47:46 | 000,009,216 | ---- | M] (Vodafone) -- C:\Archivos de programa\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
PRC - [2009/11/10 12:19:51 | 000,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/04/14 06:48:58 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/28 16:50:50 | 000,180,224 | ---- | M] (Creative Technology Ltd) -- C:\Archivos de programa\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/12/05 12:55:56 | 000,193,904 | ---- | M] () -- C:\Documents and Settings\All Users\Datos de programa\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2011/12/05 12:54:51 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Datos de programa\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011/12/04 08:12:29 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/10 11:18:36 | 001,989,592 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\mozjs.dll
MOD - [2011/11/03 12:06:56 | 000,591,232 | ---- | M] () -- C:\Archivos de programa\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/11/03 12:06:56 | 000,430,568 | ---- | M] () -- C:\Archivos de programa\Lavasoft\Ad-Aware\Viprebridge.dll
MOD - [2011/11/03 12:06:56 | 000,308,560 | ---- | M] () -- C:\Archivos de programa\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/07/09 08:23:55 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\19280e723d215c0d6607d3884f453cdf\System.Management.ni.dll
MOD - [2011/07/09 08:22:20 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\0f3d321ebd65af974ff0ad424223276d\System.ServiceProcess.ni.dll
MOD - [2011/07/09 08:22:17 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f31f1579160d87470cba918f06276e0d\System.Web.Services.ni.dll
MOD - [2011/07/09 08:22:15 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\bdaf7904d223589a0f464de58d27e691\System.Runtime.Remoting.ni.dll
MOD - [2011/07/09 08:22:12 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\7c430c38d71d632c019ae37d5ef12c8e\System.Transactions.ni.dll
MOD - [2011/07/09 08:14:19 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\e4bcb14e8e53c8dcaff3d2c20daf746e\System.Security.ni.dll
MOD - [2011/07/09 08:14:15 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\48f8b951a598647dd309ca2031807a5d\System.Configuration.ni.dll
MOD - [2011/07/09 08:14:11 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll
MOD - [2011/07/09 07:28:48 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f354057a5b4fad4c399da28449ba0d92\System.Xml.ni.dll
MOD - [2011/07/09 07:28:35 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\29d16d2f164fe2263539789ecd0d9d4f\System.Windows.Forms.ni.dll
MOD - [2011/07/09 07:28:15 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\a59b17e6040e3f6286a2227dfdb17096\System.Drawing.ni.dll
MOD - [2011/07/09 07:28:12 | 010,683,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\ee914f59ad8211e0b6734dccffd9986e\System.Design.ni.dll
MOD - [2011/07/09 07:27:54 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\05d99241bd45cbd96a6053841790a4a2\System.Data.ni.dll
MOD - [2011/07/09 07:24:49 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f6a9a002526806f3a5b745cf5c407cae\System.ni.dll
MOD - [2011/07/09 01:58:01 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/07/09 01:57:14 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/07/09 01:57:02 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/06/07 09:44:50 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Datos de programa\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011/03/24 08:50:52 | 001,101,824 | R--- | M] () -- C:\Archivos de programa\Vodafone\Vodafone Mobile Broadband\Bin\NDISAPI.dll
MOD - [2009/01/28 16:03:49 | 000,326,401 | ---- | M] () -- C:\Archivos de programa\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008/06/20 00:37:08 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008/06/20 00:37:06 | 000,163,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_es_b77a5c561934e089\System.Xml.resources.dll
MOD - [2008/06/20 00:37:05 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2008/04/14 06:48:26 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007/09/20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Archivos de programa\WinRAR\RarExt.dll
MOD - [2007/05/08 00:59:08 | 000,137,216 | ---- | M] () -- C:\WINDOWS\system32\OemSpi.dll
MOD - [2007/04/02 17:19:22 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011/12/15 19:26:11 | 000,097,600 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Archivos de programa\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2011/11/09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Archivos de programa\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/03/29 07:47:46 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Archivos de programa\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2010/09/01 14:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Archivos de programa\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2009/11/10 12:19:51 | 000,603,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009/11/10 12:19:48 | 000,362,240 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/11/12 16:44:18 | 000,027,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/16 18:22:20 | 000,464,264 | ---- | M] () [Disabled | Stopped] -- C:\Archivos de programa\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/02/28 16:07:48 | 000,529,704 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/11/09 20:01:38 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2011/11/03 12:06:56 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/11/03 12:06:56 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Archivos de programa\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/03/24 08:53:02 | 000,085,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2011/03/24 08:53:02 | 000,072,832 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/03/24 08:53:02 | 000,051,456 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2011/03/24 08:53:02 | 000,026,496 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2011/03/24 08:53:02 | 000,011,136 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2011/03/24 08:53:00 | 000,102,784 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010/09/02 01:31:20 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/05 00:28:54 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Archivos de programa\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/03/05 00:28:54 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Archivos de programa\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/08 22:20:00 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/11/04 15:59:38 | 000,113,280 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/11/04 15:59:38 | 000,102,528 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/11/04 15:59:38 | 000,100,736 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Archivos de programa\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/04/13 23:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/02/25 19:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/11/21 16:06:26 | 001,174,528 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17xfi.sys -- (P17xfi)
DRV - [2007/10/10 18:31:08 | 001,664,384 | ---- | M] (Creative) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\p17xfilt.sys -- (p17xfilt)
DRV - [2006/08/07 18:30:52 | 000,162,176 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2006/06/29 05:58:28 | 000,146,112 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0220Dev.sys -- (V0220Dev)
DRV - [2006/06/08 08:00:52 | 000,006,272 | R--- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0220Vfx.sys -- (V0220Vfx)
DRV - [2005/12/08 10:54:52 | 000,114,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/12/08 10:54:44 | 000,142,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/08/20 12:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/20 12:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2431245
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Archivos de programa\ZoneAlarm\prxtbZon0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Archivos de programa\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Elf 1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856415&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Elf 1 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {38542454-dfb6-44f5-b052-d4e071a3d073}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {22e03916-85c5-44b0-8dc9-1830c11238d9}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856415&q="
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 4001
FF - prefs.js..network.proxy.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 4001
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 4001
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 4001
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 4001
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Archivos de programa\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Archivos de programa\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Archivos de programa\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Archivos de programa\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Archivos de programa\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Archivos de programa\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\Documents and Settings\All Users\Datos de programa\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Archivos de programa\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2011/11/10 11:18:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2011/05/13 01:13:14 | 000,000,000 | ---D | M]
 
[2009/05/02 23:06:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Extensions
[2011/12/06 09:58:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\extensions
[2011/12/06 09:58:28 | 000,000,000 | ---D | M] (Elf 1 Community Toolbar) -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9}
[2011/11/29 09:58:26 | 000,000,000 | ---D | M] (Elf 1.12 Community Toolbar) -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\extensions\{38542454-dfb6-44f5-b052-d4e071a3d073}
[2011/12/06 09:58:32 | 000,000,000 | ---D | M] (ZoneAlarm Community Toolbar) -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}
[2011/12/06 09:58:23 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010/12/29 20:32:16 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/11/30 09:58:20 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2009/11/14 09:57:33 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011/05/13 01:13:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\extensions\nostmp
[2010/12/30 17:16:32 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\Richard\Datos de programa\Mozilla\Firefox\Profiles\jbozoiww.default\searchplugins\conduit.xml
[2011/11/10 11:18:51 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
[2010/03/13 11:59:20 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}
[2011/10/30 01:26:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Archivos de programa\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/03/13 11:59:20 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions\{8545daff-ad1e-493f-a37e-eed1ac79682b}
[2011/11/10 11:18:38 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Archivos de programa\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/13 01:12:59 | 000,001,392 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/05/13 01:12:59 | 000,002,252 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\bing.xml
[2011/05/13 01:12:59 | 000,001,153 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\eBay-de.xml
[2011/05/13 01:12:59 | 000,006,805 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/05/13 01:12:59 | 000,001,178 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/05/13 01:12:59 | 000,001,105 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - Extension: Click to call with Skype = C:\Documents and Settings\Richard\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\
 
O1 HOSTS File: ([2011/12/13 08:33:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Archivos de programa\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Archivos de programa\ZoneAlarm\prxtbZon0.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Archivos de programa\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Archivos de programa\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Archivos de programa\ZoneAlarm\prxtbZon0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Archivos de programa\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (ZoneAlarm Spy Blocker Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Archivos de programa\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Archivos de programa\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - C:\Archivos de programa\ZoneAlarm\prxtbZon0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Archivos de programa\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [MobileBroadband] C:\Archivos de programa\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Archivos de programa\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [ZoneAlarm] C:\Archivos de programa\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Richard\Datos de programa\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-1_3_1_18-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.166.210.80 212.73.32.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C950447-7608-49DB-9F4D-BE6ECA4BD806}: DhcpNameServer = 212.166.210.80 212.73.32.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5C15A04-3802-4380-ACDD-54E5F6BBD11D}: DhcpNameServer = 80.58.61.250 80.58.61.254
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll) - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/17 20:10:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/03/29 13:02:35 | 000,000,122 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Generación de gráficos vectoriales (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Enlace dinámico de datos HTML para Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Paquete para exploración sin conexión
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Autoría avanzada
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Ayuda de Internet Explorer
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Clases Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Actualización de seguridad para Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Herramientas de instalación de Internet Explorer
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Mejoras en la exploración
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Acceso al sitio de MSN
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Enlace dinámico de datos HTML
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BB0DCC5E-7477-3350-B5F5-7CE64E1E83B6} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Fuentes principales de Internet Explorer
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Programador de tareas
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - Ayuda de HTML
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "NMIndexingService"
MsConfig - Services: "PLFlash DeviceIoControl Service"
MsConfig - Services: "gusvc"
MsConfig - Services: "ASKService"
MsConfig - Services: "idsvc"
MsConfig - Services: "YahooAUService"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^McAfee Security Scan Plus.lnk -  - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Microsoft Office.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Richard^Menú Inicio^Programas^Inicio^ZooskMessenger.lnk -  - File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= -  File not found
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= -  File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= -  File not found
MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Archivos de programa\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Archivos de programa\Archivos comunes\Nero\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: P17Helper - hkey= - key= -  File not found
MsConfig - StartUpReg: Persistence - hkey= - key= -  File not found
MsConfig - StartUpReg: PhonostarTimer - hkey= - key= - C:\Archivos de programa\phonostar\ps_timer.exe (phonostar)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Archivos de programa\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Archivos de programa\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
MsConfig - StartUpReg: V0220Mon.exe - hkey= - key= - C:\WINDOWS\V0220Mon.exe (Creative Technology Ltd.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/12/16 12:10:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Richard\Recent
[2011/12/15 19:26:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\HitmanPro
[2011/12/15 19:26:10 | 000,000,000 | ---D | C] -- C:\Archivos de programa\HitmanPro
[2011/12/15 19:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\HitmanPro
[2011/12/15 19:16:55 | 006,790,472 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Richard\Escritorio\HitmanPro36beta2.exe
[2011/12/15 07:32:48 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/12/15 07:32:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Malwarebytes' Anti-Malware
[2011/12/15 07:32:44 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/15 07:32:44 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2011/12/15 07:31:45 | 009,466,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Richard\Escritorio\mbam-setup-1.51.1.1800.exe
[2011/12/15 07:15:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
[2011/12/15 07:08:12 | 009,852,544 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Richard\Escritorio\mbam-setup-1.51.2.1300.exe
[2011/12/13 23:40:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/13 08:26:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/13 08:24:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/13 08:24:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/13 08:24:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/13 08:24:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/13 08:23:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/13 08:23:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/13 08:15:58 | 004,337,189 | R--- | C] (Swearware) -- C:\Documents and Settings\Richard\Escritorio\ComboFix.exe
[2011/12/12 19:46:54 | 000,910,624 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Richard\Escritorio\jre-6u29-windows-i586-iftw.exe
[2011/12/10 21:24:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Richard\Escritorio\OTL.exe
[2011/12/07 18:48:56 | 003,552,208 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Richard\Escritorio\ccsetup313.exe
[2011/12/07 00:22:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Escritorio\freesmoke
[2011/12/01 06:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Datos de programa\Skype
[2011/12/01 06:15:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Skype
[2011/11/28 09:49:15 | 000,026,496 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_juextctrl.sys
[2011/11/28 09:49:05 | 000,051,456 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcecm.sys
[2011/11/28 09:48:34 | 000,011,136 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys
[2011/11/28 09:48:01 | 000,102,784 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwusbdev.sys
[2011/11/27 07:41:40 | 000,085,760 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcacm.sys
[2011/11/27 07:40:56 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2011/11/27 07:40:51 | 001,112,288 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01007.dll
[2011/11/27 07:40:51 | 000,072,832 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jubusenum.sys
[2011/11/27 07:40:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menú Inicio\Programas\Vodafone
[2011/11/27 07:40:34 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Windows Sidebar
[2011/11/27 07:40:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Datos de programa\Vodafone
[2011/11/27 07:40:19 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Vodafone
[2011/11/27 07:37:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Configuración local\Datos de programa\{39C0E0A2-0193-49A4-9D69-DABD740C37FE}
[2009/11/15 12:17:20 | 003,309,072 | ---- | C] (Piriform Ltd) -- C:\Archivos de programa\ccsetup224.exe
[2009/11/14 09:45:21 | 000,210,416 | ---- | C] (Check Point Software Technologies LTD) -- C:\Archivos de programa\zaSetup_es.exe
[2009/10/14 09:08:53 | 077,086,488 | ---- | C] (Lavasoft                                                                                                                                                                                                                                                                                                    ) -- C:\Archivos de programa\Ad-AwareInstallation.exe
[2009/06/27 17:12:19 | 037,452,296 | ---- | C] (Lavasoft                                                                                                                                                                                                                                                                                                    ) -- C:\Archivos de programa\Ad-AwareAE.exe
[2008/06/17 21:34:00 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/12/16 14:00:00 | 000,000,518 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2011/12/16 12:48:01 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\MBRCheck.exe
[2011/12/16 12:27:58 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys
[2011/12/16 12:27:13 | 000,000,514 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/12/16 12:26:42 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/12/16 12:26:42 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/12/16 12:25:48 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/12/16 12:25:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/15 19:26:11 | 000,001,659 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\HitmanPro.lnk
[2011/12/15 19:17:04 | 006,790,472 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Richard\Escritorio\HitmanPro36beta2.exe
[2011/12/15 19:01:40 | 000,003,986 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\yo.JPG
[2011/12/15 07:32:49 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes' Anti-Malware.lnk
[2011/12/15 07:31:59 | 009,466,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Richard\Escritorio\mbam-setup-1.51.1.1800.exe
[2011/12/15 07:26:50 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Richard\Escritorio\mbam-setup-1.51.2.1300.exe
[2011/12/14 21:52:56 | 000,003,426 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\smoke3.jpg
[2011/12/14 21:49:08 | 000,010,712 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\smoke2.jpg
[2011/12/14 21:48:27 | 000,010,227 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\smoke1.jpg
[2011/12/13 08:33:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/13 08:26:21 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/12/13 08:23:52 | 004,337,189 | R--- | M] (Swearware) -- C:\Documents and Settings\Richard\Escritorio\ComboFix.exe
[2011/12/12 19:46:55 | 000,910,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Richard\Escritorio\jre-6u29-windows-i586-iftw.exe
[2011/12/12 16:58:49 | 000,415,916 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/12/12 16:57:33 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/12 15:45:56 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Skype.lnk
[2011/12/12 01:19:06 | 000,016,495 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\tüte.jpg
[2011/12/11 21:32:02 | 000,007,003 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\Heinz.jpg
[2011/12/10 21:24:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard\Escritorio\OTL.exe
[2011/12/08 15:56:29 | 000,062,758 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\hijo de puta.jpg
[2011/12/07 18:50:57 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\CCleaner.lnk
[2011/12/07 18:49:07 | 003,552,208 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Richard\Escritorio\ccsetup313.exe
[2011/12/07 16:16:10 | 000,006,330 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\xbox 360.jpg
[2011/12/04 08:12:29 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/11/28 09:49:16 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
[2011/11/28 09:49:14 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jucdcecm_01007.Wdf
[2011/11/27 07:41:43 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
[2011/11/27 07:40:59 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2011/11/27 07:40:58 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2011/11/27 07:40:36 | 000,001,996 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\SMS.lnk
[2011/11/27 07:40:36 | 000,001,946 | ---- | M] () -- C:\Documents and Settings\All Users\Escritorio\Vodafone Mobile Broadband.lnk
[2011/11/24 18:20:39 | 000,055,699 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\4576_20080827.jpg
[2011/11/22 11:02:13 | 000,049,581 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\Verknüpfung Film.jpg
[2011/11/18 21:31:43 | 000,000,111 | ---- | M] () -- C:\Documents and Settings\Richard\Datos de programa\AVSDVDPlayer.m3u
[2011/11/17 00:18:22 | 000,047,916 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\yo.png
[2011/11/16 17:53:11 | 000,003,807 | ---- | M] () -- C:\Documents and Settings\Richard\Escritorio\lustige_witzige_bilder_rofl_kartoffel_de_13f8011e_01.04.11.jpg
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/12/16 12:48:01 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\MBRCheck.exe
[2011/12/15 19:26:11 | 000,001,659 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\HitmanPro.lnk
[2011/12/15 19:19:42 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys
[2011/12/15 19:01:40 | 000,003,986 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\yo.JPG
[2011/12/15 07:32:49 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Malwarebytes' Anti-Malware.lnk
[2011/12/14 21:52:55 | 000,003,426 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\smoke3.jpg
[2011/12/14 21:49:08 | 000,010,712 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\smoke2.jpg
[2011/12/14 21:48:27 | 000,010,227 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\smoke1.jpg
[2011/12/13 08:26:21 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/12/13 08:26:19 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/13 08:24:21 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/13 08:24:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/13 08:24:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/13 08:24:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/13 08:24:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/12 01:19:05 | 000,016,495 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\tüte.jpg
[2011/12/11 21:32:00 | 000,007,003 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\Heinz.jpg
[2011/12/08 15:56:29 | 000,062,758 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\hijo de puta.jpg
[2011/12/07 18:50:57 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\CCleaner.lnk
[2011/12/07 16:16:07 | 000,006,330 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\xbox 360.jpg
[2011/12/01 06:15:20 | 000,002,309 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Skype.lnk
[2011/11/28 09:49:16 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
[2011/11/28 09:49:14 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jucdcecm_01007.Wdf
[2011/11/27 07:41:43 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
[2011/11/27 07:40:59 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2011/11/27 07:40:58 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2011/11/27 07:40:36 | 000,001,996 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\SMS.lnk
[2011/11/27 07:40:36 | 000,001,946 | ---- | C] () -- C:\Documents and Settings\All Users\Escritorio\Vodafone Mobile Broadband.lnk
[2011/11/24 18:20:31 | 000,055,699 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\4576_20080827.jpg
[2011/11/22 11:02:12 | 000,049,581 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\Verknüpfung Film.jpg
[2011/11/17 00:18:22 | 000,047,916 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\yo.png
[2011/11/16 17:53:06 | 000,003,807 | ---- | C] () -- C:\Documents and Settings\Richard\Escritorio\lustige_witzige_bilder_rofl_kartoffel_de_13f8011e_01.04.11.jpg
[2011/09/08 09:52:48 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/04/25 10:26:07 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/25 10:26:07 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/03/24 08:50:52 | 000,226,366 | R--- | C] () -- C:\Documents and Settings\All Users\Datos de programa\DeviceManager.xml.rc4
[2010/08/07 14:27:06 | 001,801,933 | ---- | C] () -- C:\Archivos de programa\usbdrven.exe
[2010/08/07 14:24:12 | 000,004,990 | ---- | C] () -- C:\Documents and Settings\All Users\Datos de programa\mtbjfghn.xbe
[2009/11/12 22:17:10 | 033,961,728 | ---- | C] () -- C:\Archivos de programa\avira_antivir_personal_en.exe
[2009/11/10 17:10:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI
[2009/11/10 14:40:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Richard\Datos de programa\wklnhst.dat
[2009/08/30 12:40:32 | 033,952,648 | ---- | C] () -- C:\Archivos de programa\zaSetup_80_298_000_en.exe
[2009/05/02 23:06:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/10/13 09:52:17 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/10/12 09:09:45 | 000,000,580 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/11 20:26:57 | 000,036,972 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2008/08/14 17:03:15 | 000,000,180 | ---- | C] () -- C:\WINDOWS\sripper.ini
[2008/08/14 17:03:15 | 000,000,050 | ---- | C] () -- C:\WINDOWS\StreamRipper32.INI
[2008/07/09 07:29:34 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/06/22 17:29:41 | 000,000,111 | ---- | C] () -- C:\Documents and Settings\Richard\Datos de programa\AVSDVDPlayer.m3u
[2008/06/20 01:07:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/20 00:57:07 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/06/20 00:57:07 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/06/19 00:24:42 | 000,078,336 | ---- | C] () -- C:\Documents and Settings\Richard\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/19 00:03:35 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/06/18 12:18:34 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/17 21:35:04 | 000,003,118 | ---- | C] () -- C:\WINDOWS\System32\AudioDrv.ini
[2008/06/17 21:34:39 | 000,023,273 | ---- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2008/06/17 21:34:39 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/06/17 21:34:02 | 000,008,251 | R--- | C] () -- C:\WINDOWS\sfsyn.ini
[2008/06/17 21:34:01 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2008/06/17 21:34:00 | 000,137,216 | ---- | C] () -- C:\WINDOWS\System32\OemSpi.dll
[2008/06/17 21:22:13 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/06/17 20:13:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/06/17 20:08:42 | 000,021,900 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/06/17 19:48:44 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/06/17 19:47:49 | 000,279,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/20 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/20 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/20 12:00:00 | 000,498,986 | ---- | C] () -- C:\WINDOWS\System32\perfh00A.dat
[2004/08/20 12:00:00 | 000,436,190 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/20 12:00:00 | 000,317,534 | ---- | C] () -- C:\WINDOWS\System32\perfi00A.dat
[2004/08/20 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/20 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/20 12:00:00 | 000,087,068 | ---- | C] () -- C:\WINDOWS\System32\perfc00A.dat
[2004/08/20 12:00:00 | 000,068,906 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/20 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/20 12:00:00 | 000,036,284 | ---- | C] () -- C:\WINDOWS\System32\perfd00A.dat
[2004/08/20 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/20 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/20 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/20 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/20 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011/12/15 19:26:10 | 000,000,000 | R--D | M] -- C:\Archivos de programa
[2008/06/23 19:05:08 | 000,000,000 | ---D | M] -- C:\audio
[2009/08/20 10:45:30 | 000,000,000 | ---D | M] -- C:\c6c789cd85c440803f4234b81cd618
[2011/12/13 08:26:21 | 000,000,000 | RHSD | M] -- C:\cmdcons
[2009/10/29 17:21:28 | 000,000,000 | ---D | M] -- C:\Definitionen
[2008/10/12 13:39:54 | 000,000,000 | R--D | M] -- C:\Documents and Settings
[2009/10/29 17:21:28 | 000,000,000 | ---D | M] -- C:\Formulare
[2009/10/29 17:21:28 | 000,000,000 | ---D | M] -- C:\Lowcarb
[2009/11/10 13:08:27 | 000,000,000 | R--D | M] -- C:\MSOCache
[2011/02/27 12:40:03 | 000,000,000 | ---D | M] -- C:\Nexon
[2010/01/24 00:39:22 | 000,000,000 | ---D | M] -- C:\Programme
[2011/12/13 08:38:54 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011/12/13 23:40:00 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2009/11/12 21:52:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009/10/29 17:21:28 | 000,000,000 | ---D | M] -- C:\Video
[2008/06/18 19:20:47 | 000,000,000 | ---D | M] -- C:\Von Julio von anfang an
[2011/12/16 12:26:16 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
[2009/06/27 17:12:41 | 037,452,296 | ---- | M] (Lavasoft                                                                                                                                                                                                                                                                                                    ) -- C:\Archivos de programa\Ad-AwareAE.exe
[2009/10/14 09:11:17 | 077,086,488 | ---- | M] (Lavasoft                                                                                                                                                                                                                                                                                                    ) -- C:\Archivos de programa\Ad-AwareInstallation.exe
[2009/11/12 22:17:15 | 033,961,728 | ---- | M] () -- C:\Archivos de programa\avira_antivir_personal_en.exe
[2009/11/15 12:17:30 | 003,309,072 | ---- | M] (Piriform Ltd) -- C:\Archivos de programa\ccsetup224.exe
[2010/08/07 14:27:22 | 001,801,933 | ---- | M] () -- C:\Archivos de programa\usbdrven.exe
[2009/08/30 12:42:04 | 033,952,648 | ---- | M] () -- C:\Archivos de programa\zaSetup_80_298_000_en.exe
[2009/11/14 09:45:23 | 000,210,416 | ---- | M] (Check Point Software Technologies LTD) -- C:\Archivos de programa\zaSetup_es.exe
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2004/08/20 12:00:00 | 018,785,875 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 07:01:54 | 020,100,698 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 07:01:54 | 020,100,698 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004/08/20 12:00:00 | 018,785,875 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 07:01:54 | 020,100,698 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 07:01:54 | 020,100,698 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/20 12:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008/04/14 06:48:22 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2744C713F0217BD8FFD13E2EF731371C -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 06:48:22 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2744C713F0217BD8FFD13E2EF731371C -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 06:48:22 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2744C713F0217BD8FFD13E2EF731371C -- C:\WINDOWS\system32\eventlog.dll
[2004/08/20 12:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=5696DF4EF09C375CE42FB2DDE1E68AB7 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2008/04/14 06:48:58 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=7522F548A84ABAD8FA516DE5AB3931EF -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 06:48:58 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=7522F548A84ABAD8FA516DE5AB3931EF -- C:\WINDOWS\explorer.exe
[2008/04/14 06:48:58 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=7522F548A84ABAD8FA516DE5AB3931EF -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/20 12:00:00 | 001,034,752 | ---- | M] (Microsoft Corporation) MD5=89C8DD146CEAF482D82822766437D93F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2004/08/20 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=7FD182B1B80117C353983565D60B1CAF -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/14 06:48:30 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=CD2BBB52DFAAB666B812A51B1E96F2A0 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 06:48:30 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=CD2BBB52DFAAB666B812A51B1E96F2A0 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 06:48:30 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=CD2BBB52DFAAB666B812A51B1E96F2A0 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008/04/14 06:48:36 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=B6BE3C96CD33336A551DB3F2299A8E69 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 06:48:36 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=B6BE3C96CD33336A551DB3F2299A8E69 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 06:48:36 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=B6BE3C96CD33336A551DB3F2299A8E69 -- C:\WINDOWS\system32\scecli.dll
[2004/08/20 12:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=C6347748F2E9F310EA1E1915482ABFEF -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004/08/20 12:00:00 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=5D5C9CC377A70D036816E7EA55F3CA73 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008/04/14 06:48:46 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=DA8898129E0075C7DE4DEE457514A73C -- C:\WINDOWS\ERDNT\cache\user32.dll
[2008/04/14 06:48:46 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=DA8898129E0075C7DE4DEE457514A73C -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/14 06:48:46 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=DA8898129E0075C7DE4DEE457514A73C -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2004/08/20 12:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=7B30B4D55B4562C733A5DDF6D6F72B3F -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 06:49:16 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=F5B8745B9A90EAF17E30C0574E049AA3 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 06:49:16 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=F5B8745B9A90EAF17E30C0574E049AA3 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 06:49:16 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=F5B8745B9A90EAF17E30C0574E049AA3 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008/04/14 06:49:16 | 000,510,976 | ---- | M] (Microsoft Corporation) MD5=213C80D912880BBF04453D09FFCCB28C -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 06:49:16 | 000,510,976 | ---- | M] (Microsoft Corporation) MD5=213C80D912880BBF04453D09FFCCB28C -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 06:49:16 | 000,510,976 | ---- | M] (Microsoft Corporation) MD5=213C80D912880BBF04453D09FFCCB28C -- C:\WINDOWS\system32\winlogon.exe
[2004/08/20 12:00:00 | 000,505,344 | ---- | M] (Microsoft Corporation) MD5=FCB59D25D628B4D3181DC816D14679DD -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004/08/20 12:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004/08/20 12:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008/06/17 20:47:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008/06/17 20:47:04 | 000,643,072 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008/06/17 20:47:04 | 000,475,136 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2010/02/08 12:58:34 | 000,000,109 | ---- | M] () -- C:\Documents and Settings\Richard\default.pls
[2008/07/20 16:21:31 | 000,000,077 | -HS- | M] () -- C:\Documents and Settings\Richard\Desktop.ini
[2011/12/16 12:24:30 | 012,582,912 | ---- | M] () -- C:\Documents and Settings\Richard\ntuser.dat
[2011/12/16 14:13:24 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Richard\ntuser.dat.LOG
[2011/12/16 12:24:30 | 000,000,304 | -HS- | M] () -- C:\Documents and Settings\Richard\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011/03/03 13:53:03 | 001,858,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<          >

< End of report >
--- --- ---

markusg 16.12.2011 15:31
start ausführen msconfig systemstart
alle haken raus außer avira (avgnt)
MobileBroadband
ZoneAlarm
ok klicken, pc neustarten.
deswegen werden wir gleich noch nach rootkits suchen. aber erst mal das ausführen

Santi 16.12.2011 15:35
im vorletzten Reiter - richtig?
Zonealarm ist da aber nicht drin

Santi 16.12.2011 15:40
... nur um sicher zu gehen - bei mir steht es in spanisch .. inicio müsste der Systemstart sein ..

Santi 16.12.2011 15:49
so .. wieder da

markusg 16.12.2011 15:56
sorry ich kann kein spanisch :-)
http://www.chip.de/downloads/Rootkit..._21701698.html
bitte rootkit unhooker laden, evtl. warnmeldung mit ok anklicken, dann bitte alle programme deaktivieren.
bitte auf den tap report, dann auf scan, alles aktivieren.
bitte drauf achten das c: angehakt ist
dann ok klicken und während des scans nicht am pc arbeiten.
am ende also nach beendigung des scans:
File --> Save Report
speichern und hier anhängen
diesen hier anhängen.

Santi 16.12.2011 16:44
RkUnhooker report generator v0.7
==============================================
Rootkit Unhooker kernel version: 3.7.300.501
==============================================
Windows Major Version: 5
Windows Minor Version: 1
Windows Build Number: 2600
==============================================
>SSDT State
NtConnectPort
Actual Address 0xA87632F4
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtCreateFile
Actual Address 0xA875D5CA
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtCreateKey
Actual Address 0xBA7C5E3E
Hooked by: Unknown module filename
NtCreatePort
Actual Address 0xA8763A80
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtCreateThread
Actual Address 0xBA7C5E34
Hooked by: Unknown module filename
NtCreateWaitablePort
Actual Address 0xA8763BB6
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtDeleteFile
Actual Address 0xA875E1E0
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtDeleteKey
Actual Address 0xBA7C5E43
Hooked by: Unknown module filename
NtDeleteValueKey
Actual Address 0xBA7C5E4D
Hooked by: Unknown module filename
NtLoadKey
Actual Address 0xBA7C5E52
Hooked by: Unknown module filename
NtLoadKey2
Actual Address 0xA877E99C
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtOpenFile
Actual Address 0xA875DDF2
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtOpenProcess
Actual Address 0xBA7C5E20
Hooked by: Unknown module filename
NtOpenThread
Actual Address 0xBA7C5E25
Hooked by: Unknown module filename
NtRenameKey
Actual Address 0xA877F72A
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtReplaceKey
Actual Address 0xBA7C5E5C
Hooked by: Unknown module filename
NtRequestWaitReplyPort
Actual Address 0xA8762EC4
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtRestoreKey
Actual Address 0xBA7C5E57
Hooked by: Unknown module filename
NtSetInformationFile
Actual Address 0xA875E5A4
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtSetSecurityObject
Actual Address 0xA877FC6A
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtSetValueKey
Actual Address 0xBA7C5E48
Hooked by: Unknown module filename
NtTerminateProcess
Actual Address 0xBA7C5E2F
Hooked by: Unknown module filename
==============================================
>Shadow
==============================================
>Processes
Process: System
Process Id: 4
EPROCESS Address: 0x89E32A00

Process: C:\Archivos de programa\Nero\Nero8\Nero BackItUp\NBService.exe
Process Id: 220
EPROCESS Address: 0x89BE1788

Process: C:\WINDOWS\system32\spoolsv.exe
Process Id: 372
EPROCESS Address: 0x89856B70

Process: C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
Process Id: 424
EPROCESS Address: 0x89853518

Process: C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe
Process Id: 432
EPROCESS Address: 0x898A5748

Process: C:\WINDOWS\system32\smss.exe
Process Id: 892
EPROCESS Address: 0x899C2278

Process: C:\WINDOWS\explorer.exe
Process Id: 940
EPROCESS Address: 0x8861D380

Process: C:\WINDOWS\system32\csrss.exe
Process Id: 1012
EPROCESS Address: 0x89999380

Process: C:\WINDOWS\system32\winlogon.exe
Process Id: 1052
EPROCESS Address: 0x899E84F0

Process: C:\WINDOWS\system32\services.exe
Process Id: 1096
EPROCESS Address: 0x899942C0

Process: C:\Archivos de programa\WinRAR\WinRAR.exe
Process Id: 1100
EPROCESS Address: 0x87F49938

Process: C:\WINDOWS\system32\lsass.exe
Process Id: 1108
EPROCESS Address: 0x89997DA0

Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1308
EPROCESS Address: 0x89988BA0

Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1316
EPROCESS Address: 0x8857CAE8

Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1412
EPROCESS Address: 0x898E5A08

Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1452
EPROCESS Address: 0x89892480

Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1492
EPROCESS Address: 0x898F3C30

Process: C:\Archivos de programa\HitmanPro\hmpsched.exe
Process Id: 1536
EPROCESS Address: 0x89AF22E8

Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1580
EPROCESS Address: 0x899EDC30

Process: C:\WINDOWS\system32\CTSVCCDA.EXE
Process Id: 1644
EPROCESS Address: 0x886059A0

Process: C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe
Process Id: 1676
EPROCESS Address: 0x88400DA0

Process: C:\Archivos de programa\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
Process Id: 1708
EPROCESS Address: 0x8984E638

Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1732
EPROCESS Address: 0x89989600

Process: C:\WINDOWS\system32\wuauclt.exe
Process Id: 1860
EPROCESS Address: 0x89D4CA90

Process: C:\Archivos de programa\Java\jre6\bin\jqs.exe
Process Id: 1996
EPROCESS Address: 0x885B6B90

Process: C:\WINDOWS\system32\TUProgSt.exe
Process Id: 2064
EPROCESS Address: 0x88B9CBA0

Process: C:\Archivos de programa\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
Process Id: 2240
EPROCESS Address: 0x898E04B8

Process: C:\WINDOWS\system32\wbem\wmiapsrv.exe
Process Id: 2904
EPROCESS Address: 0x885F4388

Process: C:\WINDOWS\system32\alg.exe
Process Id: 3060
EPROCESS Address: 0x884D8B00

Process: C:\Documents and Settings\Richard\Escritorio\RkUnhooker\px4F2p1K.exe
Process Id: 2440
EPROCESS Address: 0x883E0020

==============================================
>Drivers
Driver: C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
Address: 0xB8EEF000
Size: 5857280 bytes

Driver: C:\WINDOWS\System32\igxpdx32.DLL
Address: 0xBF1E7000
Size: 2699264 bytes

Driver: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000
Size: 2158592 bytes

Driver: PnpManager
Address: 0x804D7000
Size: 2158592 bytes

Driver: RAW
Address: 0x804D7000
Size: 2158592 bytes

Driver: WMIxWDM
Address: 0x804D7000
Size: 2158592 bytes

Driver: Win32k
Address: 0xBF800000
Size: 1859584 bytes

Driver: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000
Size: 1859584 bytes

Driver: C:\WINDOWS\System32\igxpdv32.DLL
Address: 0xBF04F000
Size: 1671168 bytes

Driver: C:\WINDOWS\system32\drivers\p17xfilt.sys
Address: 0xB8B04000
Size: 1667072 bytes

Driver: C:\WINDOWS\system32\drivers\P17xfi.sys
Address: 0xB8D3B000
Size: 1449984 bytes

Driver: Ntfs.sys
Address: 0xB9E47000
Size: 577536 bytes

Driver: C:\WINDOWS\System32\vsdatant.sys
Address: 0xA8742000
Size: 520192 bytes

Driver: C:\WINDOWS\System32\Drivers\wdf01000.sys
Address: 0xB89F0000
Size: 507904 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xA8663000
Size: 458752 bytes

Driver: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB8A7E000
Size: 385024 bytes

Driver: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xA8837000
Size: 364544 bytes

Driver: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xA7B7D000
Size: 360448 bytes

Driver: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBF47A000
Size: 290816 bytes

Driver: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA775B000
Size: 266240 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
Address: 0xB8CC2000
Size: 204800 bytes

Driver: ACPI.sys
Address: 0xB9F78000
Size: 192512 bytes

Driver: NDIS.sys
Address: 0xB9E1A000
Size: 184320 bytes

Driver: C:\WINDOWS\System32\igxpgd32.dll
Address: 0xBF024000
Size: 176128 bytes

Driver: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xA71FE000
Size: 176128 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xA86D3000
Size: 176128 bytes

Driver: C:\WINDOWS\system32\drivers\ctusfsyn.sys
Address: 0xA7F9D000
Size: 163840 bytes

Driver: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xA87E7000
Size: 163840 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
Address: 0xB8C9B000
Size: 159744 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xA87C1000
Size: 155648 bytes

Driver: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xB8D17000
Size: 147456 bytes

Driver: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xB8E9D000
Size: 147456 bytes

Driver: C:\WINDOWS\system32\drivers\ks.sys
Address: 0xB8CF4000
Size: 143360 bytes

Driver: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xA8720000
Size: 139264 bytes

Driver: C:\Archivos de programa\SUPERAntiSpyware\SASKUTIL.sys
Address: 0xA86FE000
Size: 139264 bytes

Driver: ACPI_HAL
Address: 0x806E6000
Size: 134400 bytes

Driver: C:\WINDOWS\system32\hal.dll
Address: 0x806E6000
Size: 134400 bytes

Driver: fltmgr.sys
Address: 0xB9F10000
Size: 131072 bytes

Driver: ftdisk.sys
Address: 0xB9F48000
Size: 126976 bytes

Driver: C:\WINDOWS\system32\DRIVERS\avipbb.sys
Address: 0xA8592000
Size: 114688 bytes

Driver: Mup.sys
Address: 0xB9E00000
Size: 106496 bytes

Driver: C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
Address: 0xB8EC1000
Size: 106496 bytes

Driver: atapi.sys
Address: 0xB9F30000
Size: 98304 bytes

Driver: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA8552000
Size: 98304 bytes

Driver: KSecDD.sys
Address: 0xB9EE7000
Size: 94208 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB8AED000
Size: 94208 bytes

Driver: C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
Address: 0xA8370000
Size: 90112 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ew_jucdcacm.sys
Address: 0xA864E000
Size: 86016 bytes

Driver: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA8013000
Size: 86016 bytes

Driver: C:\WINDOWS\system32\DRIVERS\avgntflt.sys
Address: 0xA83FE000
Size: 81920 bytes

Driver: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB8EDB000
Size: 81920 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xA8890000
Size: 77824 bytes

Driver: WudfPf.sys
Address: 0xB9ED4000
Size: 77824 bytes

Driver: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000
Size: 73728 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
Address: 0xB8A6C000
Size: 73728 bytes

Driver: C:\WINDOWS\System32\igxprd32.dll
Address: 0xBF012000
Size: 73728 bytes

Driver: sr.sys
Address: 0xB9EFE000
Size: 73728 bytes

Driver: pci.sys
Address: 0xB9F67000
Size: 69632 bytes

Driver: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB8ADC000
Size: 69632 bytes

Driver: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xBA2E8000
Size: 65536 bytes

Driver: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xBA1D8000
Size: 65536 bytes

Driver: C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
Address: 0xA85AE000
Size: 65536 bytes

Driver: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xBA1A8000
Size: 61440 bytes

Driver: Lbd.sys
Address: 0xBA0F8000
Size: 61440 bytes

Driver: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xBA1E8000
Size: 61440 bytes

Driver: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xA84A2000
Size: 61440 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xBA278000
Size: 61440 bytes

Driver: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xBA1B8000
Size: 57344 bytes

Driver: C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
Address: 0xA7C8D000
Size: 57344 bytes

Driver: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xBA0E8000
Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ew_jucdcecm.sys
Address: 0xBA2B8000
Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xBA1F8000
Size: 53248 bytes

Driver: VolSnap.sys
Address: 0xBA0C8000
Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS
Address: 0xBA248000
Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xBA218000
Size: 49152 bytes

Driver: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xBA2A8000
Size: 45056 bytes

Driver: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xBA1C8000
Size: 45056 bytes

Driver: MountMgr.sys
Address: 0xBA0B8000
Size: 45056 bytes

Driver: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xBA208000
Size: 45056 bytes

Driver: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xBA198000
Size: 40960 bytes

Driver: isapnp.sys
Address: 0xBA0A8000
Size: 40960 bytes

Driver: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xBA258000
Size: 40960 bytes

Driver: PxHelp20.sys
Address: 0xBA108000
Size: 40960 bytes

Driver: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xBA238000
Size: 40960 bytes

Driver: disk.sys
Address: 0xBA0D8000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xBA228000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xBA298000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xBA288000
Size: 36864 bytes

Driver: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xBA370000
Size: 32768 bytes

Driver: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xBA498000
Size: 32768 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xBA4B0000
Size: 32768 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xBA440000
Size: 32768 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ew_juextctrl.sys
Address: 0xBA378000
Size: 28672 bytes

Driver: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xBA448000
Size: 28672 bytes

Driver: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xBA328000
Size: 28672 bytes

Driver: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xBA340000
Size: 28672 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xBA450000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\Drivers\rkhdrv40.SYS
Address: 0xBA380000
Size: 24576 bytes

Driver: C:\Archivos de programa\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0xBA4A8000
Size: 24576 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
Address: 0xBA4A0000
Size: 24576 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xBA438000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xBA488000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xBA490000
Size: 20480 bytes

Driver: PartMgr.sys
Address: 0xBA330000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xBA460000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xBA468000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xBA458000
Size: 20480 bytes

Driver: C:\WINDOWS\System32\watchdog.sys
Address: 0xBA390000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xBA59C000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xA83FA000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xBA4B8000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xBA580000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ew_usbenumfilter.sys
Address: 0xBA558000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xBA588000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xB9DC0000
Size: 12288 bytes

Driver: C:\Archivos de programa\Avira\AntiVir Desktop\avgio.sys
Address: 0xBA5D4000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xBA5CC000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA5DA000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xBA5CA000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xBA5A8000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xBA5CE000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xBA5D0000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xBA5C6000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xBA5C8000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xBA5AA000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xBA6BA000
Size: 4096 bytes

Driver: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xBA6F4000
Size: 4096 bytes

Driver: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xBA7C3000
Size: 4096 bytes

Driver: pciide.sys
Address: 0xBA670000
Size: 4096 bytes

==============================================
>Stealth
==============================================
>Files

Suspect File: C:\Qoobox\BackEnv\AppData.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\Cache.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\Cookies.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\Desktop.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\Favorites.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\History.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\LocalAppData.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\LocalSettings.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\Music.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\NetHood.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\Personal.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\Pictures.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\PrintHood.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\Profiles.Folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\Programs.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\Recent.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\SendTo.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\SetPath.bat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\StartMenu.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\StartUp.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\SysPath.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\Templates.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\VikPev00 Status: Hidden

==============================================
>Hooks

tcpip.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification at address 0xA8876428 hook handler located in [vsdatant.sys]
tcpip.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification at address 0xA8876454 hook handler located in [vsdatant.sys]
tcpip.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification at address 0xA8876460 hook handler located in [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification at address 0xBA28DB4C hook handler located in [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisDeregisterProtocol, Type: IAT modification at address 0xBA28DB1C hook handler located in [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification at address 0xBA28DB3C hook handler located in [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification at address 0xBA28DB28 hook handler located in [vsdatant.sys]
[940]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification at address 0x01001268 hook handler located in [shimeng.dll]

Santi 16.12.2011 16:45
.. soll ich auf "unhook all" klicken ?

Santi 16.12.2011 16:49
>SSDT State
NtConnectPort
Actual Address 0xA87632F4
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtCreateFile
Actual Address 0xA875D5CA
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtCreateKey
Actual Address 0xBA7C5E3E
Hooked by: Unknown module filename

NtCreatePort
Actual Address 0xA8763A80
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtCreateThread
Actual Address 0xBA7C5E34
Hooked by: Unknown module filename

NtCreateWaitablePort
Actual Address 0xA8763BB6
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtDeleteFile
Actual Address 0xA875E1E0
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtDeleteKey
Actual Address 0xBA7C5E43
Hooked by: Unknown module filename

NtDeleteValueKey
Actual Address 0xBA7C5E4D
Hooked by: Unknown module filename

NtLoadKey
Actual Address 0xBA7C5E52
Hooked by: Unknown module filename

NtLoadKey2
Actual Address 0xA877E99C
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtOpenFile
Actual Address 0xA875DDF2
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtOpenProcess
Actual Address 0xBA7C5E20
Hooked by: Unknown module filename

NtOpenThread
Actual Address 0xBA7C5E25
Hooked by: Unknown module filename

NtRenameKey
Actual Address 0xA877F72A
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtReplaceKey
Actual Address 0xBA7C5E5C
Hooked by: Unknown module filename

NtRequestWaitReplyPort
Actual Address 0xA8762EC4
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtRestoreKey
Actual Address 0xBA7C5E57
Hooked by: Unknown module filename

NtSetInformationFile
Actual Address 0xA875E5A4
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtSetSecurityObject
Actual Address 0xA877FC6A
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtSetValueKey
Actual Address 0xBA7C5E48
Hooked by: Unknown module filename

NtTerminateProcess
Actual Address 0xBA7C5E2F
Hooked by: Unknown module filename

>Shadow
>Processes
>Drivers
>Stealth
>Files
Suspect File: C:\Qoobox\BackEnv\AppData.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\Cache.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\Cookies.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\Desktop.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\Favorites.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\History.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\LocalAppData.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\LocalSettings.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\Music.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\NetHood.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\Personal.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\Pictures.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\PrintHood.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\Profiles.Folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\Programs.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\Recent.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\SendTo.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\SetPath.bat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\StartMenu.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\StartUp.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\SysPath.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\Templates.folder.dat Status: Hidden
Suspect File: C:\Qoobox\BackEnv\VikPev00 Status: Hidden
>Hooks
tcpip.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification at address 0xA8876428 hook handler located in [vsdatant.sys]
tcpip.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification at address 0xA8876454 hook handler located in [vsdatant.sys]
tcpip.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification at address 0xA8876460 hook handler located in [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification at address 0xBA28DB4C hook handler located in [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisDeregisterProtocol, Type: IAT modification at address 0xBA28DB1C hook handler located in [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification at address 0xBA28DB3C hook handler located in [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification at address 0xBA28DB28 hook handler located in [vsdatant.sys]
[940]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification at address 0x01001268 hook handler located in [shimeng.dll]
!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

der letzte Satz wirkt etwas beunruhigend irgendwie - kann das sein..

markusg 16.12.2011 18:08
ja, brauche noch mehr infos.

öffne rootkit unhooker Tools Kernel Callbacks Routines
und mache mir nen screenshot und hänge ihn an

Santi 16.12.2011 18:18
habe in Tools nur folgendes:
Wipe / Copy file
VM Detection
Dump Memory Region
Notify Routines

Wo finde ich das?
Soll ich nun unhook all anklicken oder so stehen lassen?

Zwischendurch mal ein "Dankeschön" .. ich koste Dich schon irre viel Zeit ..

Santi 16.12.2011 18:34
Liste der Anhänge anzeigen (Anzahl: 1)
.. meinst du das?

markusg 17.12.2011 12:27
scanne mal mit kaspersky rescue disk
Kaspersky Rescue Disk 10

Santi 17.12.2011 17:58
wo bitte krieg ich da einen download zum scannen her? .. ne meldung, dass ich das nu lange genug benutzt habe und mich zum kauf entschliessen soll .. auf den punkt "scan" bin ich noch nicht gekommen

sorry - ich bin leicht angenervt langsam .. jeden tag die meldungen, dass sich jemand unter meinem namen irgendwo einloggt zu zeiten, in denen ich nicht da bin .. ich kann mir ja denken, wer die kleine drogen-mistbiene ist - nur beweisen kann ich es eben nicht
Markus, ich arbeite mit diesem Rechner, da sind Firmendaten und Zugänge drauf .. und ich hab keine Ahnung, wie weit sie da Zugriff hat und mir schaden kann .. mich nerven diese kranken Menschen derartig .. von meinen privaten Daten ganz zu schweigen ..

sorry für die Ausschweifungen ... wie also finde ich die Möglichkeit, den Scan zu machen .. ich komm nicht weiter - weder auf einen download noch auf sonst was bei rescue disk .. helf mir bitte

markusg 17.12.2011 18:01
hi, das mit den firmendaten wusste ich nicht.
wollen wir nicht lieber nen schnitt machen das system, nach datensicherung, neu aufsetzen und vernünftig absichern?

Santi 17.12.2011 18:08
war auch schon mein Gedanke .. aber die CDs hab ich nicht .. hatte mein Sohn - ist sein Rechner, hab ich behalten, wollte ihn nicht hergeben - er ist letztes Jahr tödlich verunglückt und ich hab die CDs nicht zum neu aufsetzen - siehst du eine chance, das ich ohne neu aufsetzen hier wieder klar schiff machen kann?

Santi 17.12.2011 19:46
gut .. neu aufsetzen wird sich machen lassen .. hilfst du mir, das ganze dann "vernünftig abzusichern" .. wie du sagst? .. wär mir schon wichtig, ich hab keinen Bock mehr auf unliebsame Überraschungen .. offensichtlich kriegen wir die lady ja so nicht wirklich raus .. kann sie eigentlich auch das hier alles mitlesen? .. wie weit ist sie drin auf meinem PC .. ?

markusg 17.12.2011 19:48
klar helfe ich dir, habe ich ja gesagt.
xp kostet bei amazon 20 € aber nicht von dem pc aus bestellen.
autorun aus:
Tipparchiv - Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten - WinTotal.de
dann wichtige daten sichern, bilder dokumente musik vidios.
morgen geb ich dir weitere anweisungen, für heute genug gemacht

Santi 17.12.2011 19:50
danke Markus ...

wünsch dir ein schönes Wochenende .. finde es schon genial, dass es Menschen wie dich gibt, die so einfach helfen, wo andere nicht weiter wissen .. ist nicht mehr selbstverständlich heutzutage .. merci

markusg 18.12.2011 17:00
kein problem.
daten gesichert?
dann sag mir ob du weist wie man formatiert, falls nein ob du ne windows cd nutzt, recovery cd oder recovery partition, falls letzteres benötige ich den hersteller und typen deines geräts

Santi 19.12.2011 09:13
wird wohl CD sein, bekomme ich heute am frühen nachmittag
daten sind gesichert und formatiert habe ich irgendwann mal, lange her - also werde ich da deine hilfe brauchen .. bis dann also lg

markusg 19.12.2011 13:05
ok sag mir wenn du so weit bist

Santi 19.12.2011 14:48
.. xp-cd hab ich jetzt .. system also
nur office nicht - kann ich dann trotzdem online arbeiten? .. ich hatte so eine situation noch nicht..
auf der xp-cd ist der product-key drauf - müsste ja reichen, um es zu installieren
eine möglichkeit, mein office, das ich drauf habe, dann ohne cd zu installieren wird es ja wohl nicht geben

.. so ich sammel grad mal meine gedanken, heute ist ein montag, an dem alles zusammen läuft, aber ich will die kleine mistbiene in meinem pc endlich los werden, das ist mal das wichtigste im moment

ready to go

markusg 19.12.2011 15:52
hast du zu dem pc noch driver bzw suport cds dazu bekommen?

Santi 19.12.2011 15:53
nein - hab ich nicht

markusg 19.12.2011 15:58
hmm also lege jetzt die cd ein und starte neu, evtl. musst du f12 drücken um ins boot menü zu kommen und dort das cd bzw dvd laufwerk wählen.
dann klicke immer auf weiter bis du zur partitionsauswahl kommst. lösche erst alle partitionen und erstelle sie neu. wie das geht steht direkt in dem setup.
ntfs als format.
dann formatieren.
und zwar nicht die schnelle, sondern die normale formatierungsart wählen.
dann windows neu instalieren und hiermit weiter:
- servicepack3:
Detail Seite Windows XP Service Pack 3-Netzwerkinstallationspaket für IT-Spezialisten und Entwickler
- internet explorer 8, auch wenn du nen andern browser nutzt, muss er aktuell sein.
Detail Seite Windows Internet Explorer 8 für Windows XP
- automatische updates so konfigurieren, das sie automatisch geladen/instaliert werden:
Konfigurieren und Verwenden des Features "Automatische Updates" in Windows
arbeite folgende anleitung durch:
http://www.trojaner-board.de/96344-a...-rechners.html

hier den abschnitt xp durcharbeiten,
das konfigurieren der dienste auslassen, der link geht nicht.
Als nächstes kommen wir zu dem Antimalware Programm.
Dieses ist ein wichtiger Bestandteil des Sicherheitskonzeptes, deswegen sollte man sich gut überlegen, welche Wahl man trifft.
Bei den kostenlosen Scannern halte ich Persönlich Avast! für die beste Wahl.
Als kostenpflichtiges würde ich Emsisoft empfehlen
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
zumal du den pc beruflich nutzt wäre das die beste wahl
kenne shops wo du es für 10 € bekommen kannst, natürlich erst mal die 30 tage testversion nutzen
Weitere Vertreter .
kaspersky:
Kaspersky Lab: Antivirus software
Symantec (Norton)
Symantec - AntiVirus, Anti-Spyware, Endpoint Security, Backup, Storage Solutions

Browserwahl:
Da wir häufig mit dem Browser arbeiten, ist diese Wahl natürlich ebenfalls wichtig, die wichtigen Vertreter befinden sich in dem Verlinktem Thema.
ich würde zu chrome greifen:
https://www.google.com/chrome?hl=de

Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
http://filepony.de/download-sandboxie/
anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
http://filepony.de/download-sandboxie/
bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
Windows 7 Systemabbild erstellen (Backup)
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

Santi 19.12.2011 16:39
ich kann es nicht ausdrucken .. der drucker spielt verrückt .. sag mal, kann die das alles mitlesen was ich hier schreibe?

lass mich einfach dumm fragen .. wie komme ich ins netz, wenn ich keinen browser installiert habe .. so weit ich mich erinnere, ist dann alles "nackt" wenn das system drauf ist .. tut mir leid, wenn ich fragen stelle, die dich die stirn runzeln lassen - ich will nur nicht dann doof vor dem monitor sitzen und nicht wissen, wie ich ins netz komme ohne browser

Santi 19.12.2011 17:00
.. ich könnte diese drogenkranke kuh ans kreuz nageln, die nichts tut, als zuhause sitzen und nachzudenken,wie sie andere leute ausspionieren kann, die hat zuhause sogar ein aufnahmegerät laufen um alle gespräche aufzuzeichnen, verschickt im namen anderer emails und faxe, scannt die unterschriften von leuten ein und ordert per internet und versendet schreiben mit der gescannten unterschrift .. die ist doch nur noch krank - und ich hab die probleme hier ..

sorry - aber ich bin einfach nur stinksauer ...

Markus .. wenn ich nun die cd einlege und das alles mit den partitionen mache wie du es gesagt hast, wie komme ich dann ins netz - kann mir ja schlecht was downloaden wenn ich nicht on bin .. erklär es einfach "mädchengerecht" auch wenn ich nicht wirklich blond bin, aber meine nerven liegen langsam blank

markusg 19.12.2011 17:06
hi, der internet explorer ist ja vor instaliert.
du kannst auch den chrome laden und auf nen stick packen.du hattest mir nicht den hersteller + typen deines pcs gesagt, falls er nicht selbst zusammengebaut wurde.

Santi 19.12.2011 17:10
ist ein compaq Presario SR5228ES .. war neu gekauft, also nix gebasteltes, absolut nicht

markusg 19.12.2011 17:21
eig müsste der ne revoery partition haben, versuch mal beim start f10 wenn das hp logo kommt oder alt+f10 oder f8 da müsste man ihn auf werkseinstellungen zurück setzen können da sind dann alle driver dabei

Santi 19.12.2011 17:28
uff .. wie nu

das mach ich also nachdem ich die cd eingelegt habe und das mit den partitionen .. oder davor

ich hasse theorien .. lerne eher aus der praxis, allerdings hab ich so meine bedenken, dass ich mit der praxis hängen bleibe, wenn ich nicht die genauen schritte einhalte .. deswegen frag ich so viel

Santi 19.12.2011 17:43
egal - ich mach jetzt einfach, wenn alle stricke reissen, gibts ja noch internet-cafés

markusg 19.12.2011 17:47
hi, ich wusste ja nicht das dein gerät eine haus eigene recovery funktion hatt.
da benötigst du dann keine windows cd.
hast also im moment 2 möglichkeiten zur verfügung.

Santi 19.12.2011 17:57
Markus .. sag mir bitte wie ich das ding platt machen kann, damit die lady schon mal draussen ist .. alles andere werde ich schon gebacken bekommen um wieder online zu sein

ich will einfach nur, dass niemand zugriff auf meinen pc hat und wenn ich nicht klarkomme, stell ich mich auf die strasse und schreie nach hilfe - irgendjemand wird sich schon melden ..

wenn ich die cd jetzt einlege fragt sie ob ich xp installieren will .. klar will ich, aber erst, wenn alles sauber ist

markusg 19.12.2011 17:59
versuch erst mal folgendes.
neustarten und wenn das hp logo kommt f10 drücken, da solltest du auswählen können auf werkseinstellugngen zurück setzen oder ähnliches, es könnte auch die tastenkombination alt+f10 sein.
falls das nicht geht, neustarten, cd drinnen lassen und dann schauen, wenn er von cd startet, ok, dann wie oben beschrieben partitionen löschen, neu erstellen, formatiern.
falls nicht musst du ins boot menü, meist mit f12 und dort erst das cd bzw dvd laufwerk wählen.

Santi 19.12.2011 18:01
okay .. mach ich

Santi 19.12.2011 19:58
.. und hier bin ich :)

Markus ... tausend Dank an dich .. vor allem für deine Geduld mit mir

trotzdem noch eine Frage ... kann ich absolut sicher sein, dass sie nicht mehr auf meinen pc zugreifen kann .. oder sollte ich das nochmal testen .. bin ja schon fast traumatisiert ..

Santi 19.12.2011 19:59
jetzt muss ich wohl noch die anderen Schritte durchziehen, die du mir geschrieben hast .. werd ich schon hinbekommen .. wenn nicht, fall ich gnadenlos über dich her :))

markusg 19.12.2011 20:00
hi, du hast aber noch nicht meine sicherheitshinweise durchgearbeitet oder?
die sind in post 47 auf der vorherigen seite.

Santi 19.12.2011 20:03
ne .. sag ich ja grade .. wollte mich nur gleich mal melden, wenn ich wieder on bin .. das hat schon mal geklappt ..

und jetzt mach ich mal brav was du mir geschrieben hast ...

markusg 19.12.2011 20:19
hi, das hatte ich übersehen, o da bekomme ich angst wenn jemand über mich her fällt :-)
wie gesagt als av würde ich zu emsisoft raten, 10 € halte ich auch für erschwinglich, wenn dir das programm dann zusagt :-) link zum shop sende ich dir dann wenn gewünscht

Santi 19.12.2011 20:33
ja - schick mir den link .. gerne!

ausserdem musst du keine angst vor mir haben, wenn, fall ich eh nur ganz sanft über dich her .. bist ja so was wie mein retter - und bist jetzt lebenslänglich für mich verantwortlich .. also rein pc-technisch (keine angst^^) .. alte chinesische überlieferung

Markus, ich bin so erleichtert, kanns dir gar nicht sagen .. soll ich nicht wirklich nochmal testen - meinste, alles ist gut?

Santi 19.12.2011 20:38
na

nu soll ich eine sicherung des systems machen, damit das service-pack installiert werden kann .. na klasse, wie mach ich das denn

markusg 19.12.2011 20:42
instaliere dir erst mal emsisoft und gucke ob du damit zurecht kommst.
geb dir dann den link :-)
wir prüfen deine gesicherten daten am ende wenn das system abgesichert ist.
hmm ne sicherung machen, kann mich jetzt an die meldung nicht erinnern, ich glaub du musst einfach alle fenster schließen und dann auf ok klicken dann sollte es weiter gehen.

Santi 19.12.2011 20:46
na dann schliess ich mal die fensterläden und klicke auf ok

wenn ich mich nicht zurückmelde, gabs ein problem .. ^^

markusg 19.12.2011 20:47
hehe.
sorry ich hatte übrigens nen falschen link drinn, dies ist die anleitung zu sandboxie
Sandbox*Einstellungen |

Santi 19.12.2011 21:02
na so weit bin ich ja noch gar nicht .. aber danke für den neuen link

hat also geklappt, die systemsicherung hat das teil dann von sich aus gemacht

du sagst chrome ist gut ... findest du firefox nicht so prickelnd? .. war bisher immer mit firefox drin ..

markusg 19.12.2011 21:07
chrome sollte auf jeden fall sicherer sein und auf den meisten pcs auch schneller.
erweiterungen gibts dafür auch genug, musst also nciht verzichten.
falls er dir dann doch nicht zu sagt kann man ja den ff instalieren, aber mach erst mal in ruhe die updates etc.
http://www.update.microsoft.com
updates suchen, driver, wichtige und optionale updates instalieren, so lange bis es keine mehr gibt
ja ich hab gemerkt das ich leider seit n paar tagen nen falschen link in der anleitung hab und den ausgewechselt.

Santi 19.12.2011 21:12
hmmm
an der stelle noch eine winzige frage .... das servicepack 3 das du verlinkt hast, ist für IT-Profis und was weiss ich .. ich habs mal dir blind vertrauend geholt, stand dabei, dass es für "einzelne" computer ein anderes gibt .. na schaden wirds ja nicht .. ist mir nur grad so eingefallen

markusg 19.12.2011 21:29
ne das passt schon so.

Santi 19.12.2011 21:42
hm

habe gerade wieder so "störungen" gehabt, hab zonealarm installiert und wieder die gleiche meldung bekommen über eine netzwerk-ip

hab unhooker geholt .. das protokoll poste ich gleich ... ich bin im falschen film ........

Santi 19.12.2011 21:44
>SSDT State
NtConnectPort
Actual Address 0xBA2122F4
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtCreateFile
Actual Address 0xBA20C5CA
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtCreateKey
Actual Address 0xBA22B58A
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtCreatePort
Actual Address 0xBA212A80
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtCreateProcess
Actual Address 0xBA225E4E
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtCreateProcessEx
Actual Address 0xBA22623C
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtCreateSection
Actual Address 0xBA22F6F6
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtCreateWaitablePort
Actual Address 0xBA212BB6
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtDeleteFile
Actual Address 0xBA20D1E0
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtDeleteKey
Actual Address 0xBA22CE3C
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtDeleteValueKey
Actual Address 0xBA22C7B2
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtDuplicateObject
Actual Address 0xBA224D8A
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtLoadKey
Actual Address 0xBA22D794
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtLoadKey2
Actual Address 0xBA22D99C
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtOpenFile
Actual Address 0xBA20CDF2
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtOpenProcess
Actual Address 0xBA228160
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtOpenThread
Actual Address 0xBA227D8A
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtRenameKey
Actual Address 0xBA22E72A
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtReplaceKey
Actual Address 0xBA22E060
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtRequestWaitReplyPort
Actual Address 0xBA211EC4
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtRestoreKey
Actual Address 0xBA22F0FC
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtSecureConnectPort
Actual Address 0xBA21259C
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtSetInformationFile
Actual Address 0xBA20D5A4
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtSetSecurityObject
Actual Address 0xBA22EC6A
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtSetValueKey
Actual Address 0xBA22BF72
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtSystemDebugControl
Actual Address 0xBA226EA4
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtTerminateProcess
Actual Address 0xBA226C20
Hooked by: C:\WINDOWS\System32\vsdatant.sys

>Shadow
NtUserMessageCall
Actual Address 0xBA210D66
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtUserPostMessage
Actual Address 0xBA210EA8
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtUserPostThreadMessage
Actual Address 0xBA210FE0
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtUserRegisterRawInputDevices
Actual Address 0xBA20E97A
Hooked by: C:\WINDOWS\System32\vsdatant.sys

NtUserSendInput
Actual Address 0xBA2113D4
Hooked by: C:\WINDOWS\System32\vsdatant.sys

>Processes
>Drivers
>Stealth
>Files
>Hooks
tcpip.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification at address 0xBA2FD3A8 hook handler located in [vsdatant.sys]
tcpip.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification at address 0xBA2FD3D4 hook handler located in [vsdatant.sys]
tcpip.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification at address 0xBA2FD3E0 hook handler located in [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification at address 0xBAA3DB4C hook handler located in [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisDeregisterProtocol, Type: IAT modification at address 0xBAA3DB1C hook handler located in [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification at address 0xBAA3DB3C hook handler located in [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification at address 0xBAA3DB28 hook handler located in [vsdatant.sys]
[1028]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[1028]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[1028]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[1028]svchost.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[1028]svchost.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[1028]svchost.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[1028]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[1028]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[1056]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[1056]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[1056]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[1056]svchost.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[1056]svchost.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[1056]svchost.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[1056]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[1056]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[108]wscntfy.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[108]wscntfy.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[108]wscntfy.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[108]wscntfy.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[108]wscntfy.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[108]wscntfy.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[108]wscntfy.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[108]wscntfy.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[1256]wmiprvse.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[1256]wmiprvse.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[1256]wmiprvse.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[1256]wmiprvse.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[1256]wmiprvse.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[1256]wmiprvse.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[1256]wmiprvse.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[1256]wmiprvse.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[1300]explorer.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[1300]explorer.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[1300]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification at address 0x01001268 hook handler located in [shimeng.dll]
[1300]explorer.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[1300]explorer.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[1300]explorer.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[1300]explorer.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[1300]explorer.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[1300]explorer.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[140]ForceField.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[140]ForceField.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[140]ForceField.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[140]ForceField.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - RelativeJump at address 0x7C8449FD hook handler located in [ISWDMP.dll]
[140]ForceField.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[140]ForceField.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[140]ForceField.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[140]ForceField.exe-->user32.dll+0x000142A8, Type: Inline - RelativeJump at address 0x7E3742A8 hook handler located in [ISWSHEX.dll]
[1508]ISWSVC.exe-->kernel32.dll+0x00002C2C, Type: Inline - SEH at address 0x7C802C2C hook handler located in [unknown_code_page]
[1508]ISWSVC.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[1508]ISWSVC.exe-->user32.dll+0x000142A8, Type: Inline - RelativeJump at address 0x7E3742A8 hook handler located in [ISWSHEX.dll]
[1564]spoolsv.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[1564]spoolsv.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[1564]spoolsv.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[1564]spoolsv.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[1564]spoolsv.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[1564]spoolsv.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[1564]spoolsv.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[1564]spoolsv.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[1660]mscorsvw.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[1660]mscorsvw.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[1660]mscorsvw.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[1660]mscorsvw.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[1660]mscorsvw.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[1660]mscorsvw.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[1660]mscorsvw.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[1660]mscorsvw.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[1772]VmbService.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[1772]VmbService.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[1772]VmbService.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[1772]VmbService.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[1772]VmbService.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[1772]VmbService.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[1772]VmbService.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[1772]VmbService.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[240]alg.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[240]alg.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[240]alg.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[240]alg.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[240]alg.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[240]alg.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[240]alg.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[240]alg.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[2504]wuauclt.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[2504]wuauclt.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[2504]wuauclt.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[2504]wuauclt.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[2504]wuauclt.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[2504]wuauclt.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[2504]wuauclt.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[2504]wuauclt.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[3328]wpabaln.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[3328]wpabaln.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[3328]wpabaln.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[3328]wpabaln.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[3328]wpabaln.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[3328]wpabaln.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[3328]wpabaln.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[3328]wpabaln.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[440]MobileBroadband.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[440]MobileBroadband.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[440]MobileBroadband.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[440]MobileBroadband.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[440]MobileBroadband.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[440]MobileBroadband.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[440]MobileBroadband.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[440]MobileBroadband.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[524]ctfmon.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[524]ctfmon.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[524]ctfmon.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[524]ctfmon.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[524]ctfmon.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[524]ctfmon.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[524]ctfmon.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[524]ctfmon.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[596]winlogon.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[596]winlogon.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[596]winlogon.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[596]winlogon.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[596]winlogon.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[596]winlogon.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[596]winlogon.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[596]winlogon.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[640]services.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[640]services.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[640]services.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[640]services.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[640]services.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[640]services.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[640]services.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[640]services.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[652]lsass.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[652]lsass.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[652]lsass.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[652]lsass.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[652]lsass.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[652]lsass.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[652]lsass.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[812]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[812]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[812]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[812]svchost.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[812]svchost.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[812]svchost.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[812]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[812]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[900]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[900]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[900]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[900]svchost.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[900]svchost.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[900]svchost.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[900]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[900]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[940]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[940]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[940]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[940]svchost.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[940]svchost.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[940]svchost.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[940]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[940]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

markusg 19.12.2011 21:45
ich denke eher das ist ne fehlermeldung von zonealarm.
treten denn die andern probleme auf, endere mal alle passwörter und dann schauen obs noch erfolgreiche logins gibt von fremden.
ich persönlich würd auf zonealarm verzichten und die windows firewall nutzen
rootkit unhooker zeigt nur zonealarm driver und windows driver.

Santi 19.12.2011 21:45
RkUnhooker report generator v0.7
==============================================
Rootkit Unhooker kernel version: 3.7.300.501
==============================================
Windows Major Version: 5
Windows Minor Version: 1
Windows Build Number: 2600
==============================================
>SSDT State
NtConnectPort
Actual Address 0xBA2122F4
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtCreateFile
Actual Address 0xBA20C5CA
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtCreateKey
Actual Address 0xBA22B58A
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtCreatePort
Actual Address 0xBA212A80
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtCreateProcess
Actual Address 0xBA225E4E
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtCreateProcessEx
Actual Address 0xBA22623C
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtCreateSection
Actual Address 0xBA22F6F6
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtCreateWaitablePort
Actual Address 0xBA212BB6
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtDeleteFile
Actual Address 0xBA20D1E0
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtDeleteKey
Actual Address 0xBA22CE3C
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtDeleteValueKey
Actual Address 0xBA22C7B2
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtDuplicateObject
Actual Address 0xBA224D8A
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtLoadKey
Actual Address 0xBA22D794
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtLoadKey2
Actual Address 0xBA22D99C
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtOpenFile
Actual Address 0xBA20CDF2
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtOpenProcess
Actual Address 0xBA228160
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtOpenThread
Actual Address 0xBA227D8A
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtRenameKey
Actual Address 0xBA22E72A
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtReplaceKey
Actual Address 0xBA22E060
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtRequestWaitReplyPort
Actual Address 0xBA211EC4
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtRestoreKey
Actual Address 0xBA22F0FC
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtSecureConnectPort
Actual Address 0xBA21259C
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtSetInformationFile
Actual Address 0xBA20D5A4
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtSetSecurityObject
Actual Address 0xBA22EC6A
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtSetValueKey
Actual Address 0xBA22BF72
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtSystemDebugControl
Actual Address 0xBA226EA4
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtTerminateProcess
Actual Address 0xBA226C20
Hooked by: C:\WINDOWS\System32\vsdatant.sys
==============================================
>Shadow
NtUserMessageCall
Actual Address 0xBA210D66
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtUserPostMessage
Actual Address 0xBA210EA8
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtUserPostThreadMessage
Actual Address 0xBA210FE0
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtUserRegisterRawInputDevices
Actual Address 0xBA20E97A
Hooked by: C:\WINDOWS\System32\vsdatant.sys
NtUserSendInput
Actual Address 0xBA2113D4
Hooked by: C:\WINDOWS\System32\vsdatant.sys
==============================================
>Processes
Process: System
Process Id: 4
EPROCESS Address: 0x89A32BD0

Process: C:\WINDOWS\system32\wscntfy.exe
Process Id: 108
EPROCESS Address: 0x89167A20

Process: C:\Programme\CheckPoint\ZAForceField\ForceField.exe
Process Id: 140
EPROCESS Address: 0x896C6C08

Process: C:\WINDOWS\system32\alg.exe
Process Id: 240
EPROCESS Address: 0x89603870

Process: C:\WINDOWS\system32\smss.exe
Process Id: 356
EPROCESS Address: 0x897F6DA0

Process: C:\Programme\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
Process Id: 440
EPROCESS Address: 0x89133020

Process: C:\WINDOWS\system32\ctfmon.exe
Process Id: 524
EPROCESS Address: 0x89122730

Process: C:\WINDOWS\system32\csrss.exe
Process Id: 572
EPROCESS Address: 0x897EA158

Process: C:\WINDOWS\system32\winlogon.exe
Process Id: 596
EPROCESS Address: 0x89888910

Process: C:\WINDOWS\system32\services.exe
Process Id: 640
EPROCESS Address: 0x897C1580

Process: C:\WINDOWS\system32\lsass.exe
Process Id: 652
EPROCESS Address: 0x895C5858

Process: C:\WINDOWS\system32\svchost.exe
Process Id: 812
EPROCESS Address: 0x897B43B8

Process: C:\WINDOWS\system32\svchost.exe
Process Id: 900
EPROCESS Address: 0x89805860

Process: C:\WINDOWS\system32\svchost.exe
Process Id: 940
EPROCESS Address: 0x89896868

Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1028
EPROCESS Address: 0x897B63C8

Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1056
EPROCESS Address: 0x89641860

Process: C:\WINDOWS\system32\wbem\wmiprvse.exe
Process Id: 1256
EPROCESS Address: 0x890FEBE0

Process: C:\WINDOWS\explorer.exe
Process Id: 1300
EPROCESS Address: 0x89830BE0

Process: C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe
Process Id: 1508
EPROCESS Address: 0x8961E860

Process: C:\WINDOWS\system32\spoolsv.exe
Process Id: 1564
EPROCESS Address: 0x8961F5D0

Process: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Process Id: 1660
EPROCESS Address: 0x898CE8B0

Process: C:\Programme\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
Process Id: 1772
EPROCESS Address: 0x8961C6F0

Process: C:\Programme\Internet Explorer\iexplore.exe
Process Id: 2420
EPROCESS Address: 0x89631860

Process: C:\WINDOWS\system32\wuauclt.exe
Process Id: 2504
EPROCESS Address: 0x898B7020

Process: C:\WINDOWS\system32\wpabaln.exe
Process Id: 3328
EPROCESS Address: 0x8913F508

Process: C:\Programme\CheckPoint\ZoneAlarm\zatray.exe
Process Id: 452
EPROCESS Address: 0x891374E0

Process: C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe
Process Id: 1104
EPROCESS Address: 0x895C0AB8

Process: C:\Dokumente und Einstellungen\Rich\Desktop\RkUnhooker\ne2Jr8N2.exe
Process Id: 1844
EPROCESS Address: 0x88CC6B28

==============================================
>Drivers
Driver: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000
Size: 2154496 bytes

Driver: PnpManager
Address: 0x804D7000
Size: 2154496 bytes

Driver: RAW
Address: 0x804D7000
Size: 2154496 bytes

Driver: WMIxWDM
Address: 0x804D7000
Size: 2154496 bytes

Driver: Win32k
Address: 0xBF800000
Size: 1847296 bytes

Driver: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000
Size: 1847296 bytes

Driver: Ntfs.sys
Address: 0xBA65A000
Size: 577536 bytes

Driver: C:\WINDOWS\System32\vsdatant.sys
Address: 0xBA1F1000
Size: 520192 bytes

Driver: C:\WINDOWS\System32\Drivers\wdf01000.sys
Address: 0xBA470000
Size: 507904 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xBA10C000
Size: 458752 bytes

Driver: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xBA4FE000
Size: 385024 bytes

Driver: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xBA2BE000
Size: 364544 bytes

Driver: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xB9670000
Size: 335872 bytes

Driver: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xB93AF000
Size: 266240 bytes

Driver: ACPI.sys
Address: 0xBA778000
Size: 192512 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xB97DA000
Size: 184320 bytes

Driver: NDIS.sys
Address: 0xBA62D000
Size: 184320 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xBA17C000
Size: 176128 bytes

Driver: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xBA270000
Size: 163840 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xBA298000
Size: 155648 bytes

Driver: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xBA5A7000
Size: 147456 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xBA584000
Size: 143360 bytes

Driver: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xBA1A7000
Size: 139264 bytes

Driver: ACPI_HAL
Address: 0x806E5000
Size: 134400 bytes

Driver: C:\WINDOWS\system32\hal.dll
Address: 0x806E5000
Size: 134400 bytes

Driver: fltmgr.sys
Address: 0xBA710000
Size: 131072 bytes

Driver: ftdisk.sys
Address: 0xBA748000
Size: 126976 bytes

Driver: Mup.sys
Address: 0xBA613000
Size: 106496 bytes

Driver: atapi.sys
Address: 0xBA730000
Size: 98304 bytes

Driver: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xBA0DF000
Size: 98304 bytes

Driver: KSecDD.sys
Address: 0xBA6E7000
Size: 94208 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xBA56D000
Size: 94208 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ew_jucdcacm.sys
Address: 0xBA0F7000
Size: 86016 bytes

Driver: C:\WINDOWS\System32\drivers\VIDEOPRT.SYS
Address: 0xBA34A000
Size: 81920 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xBA317000
Size: 77824 bytes

Driver: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C3000
Size: 73728 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
Address: 0xBA4EC000
Size: 73728 bytes

Driver: sr.sys
Address: 0xBA6FE000
Size: 73728 bytes

Driver: pci.sys
Address: 0xBA767000
Size: 69632 bytes

Driver: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xBA55C000
Size: 69632 bytes

Driver: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xBAA88000
Size: 65536 bytes

Driver: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xBA998000
Size: 65536 bytes

Driver: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xBA9A8000
Size: 61440 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xBAA28000
Size: 61440 bytes

Driver: VolSnap.sys
Address: 0xBA8C8000
Size: 57344 bytes

Driver: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xBA8E8000
Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ew_jucdcecm.sys
Address: 0xBAA98000
Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xBA978000
Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xBA9B8000
Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS
Address: 0xBAA08000
Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xBA9D8000
Size: 49152 bytes

Driver: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xBAA58000
Size: 45056 bytes

Driver: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xBA988000
Size: 45056 bytes

Driver: MountMgr.sys
Address: 0xBA8B8000
Size: 45056 bytes

Driver: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xBA9C8000
Size: 45056 bytes

Driver: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xBA968000
Size: 40960 bytes

Driver: isapnp.sys
Address: 0xBA8A8000
Size: 40960 bytes

Driver: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xBAA18000
Size: 40960 bytes

Driver: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xBA9F8000
Size: 40960 bytes

Driver: disk.sys
Address: 0xBA8D8000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xBA9E8000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xBAA48000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xBAA38000
Size: 36864 bytes

Driver: C:\Programme\CheckPoint\ZAForceField\ISWKL.sys
Address: 0xBAC10000
Size: 32768 bytes

Driver: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xBAC20000
Size: 32768 bytes

Driver: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xBABF0000
Size: 32768 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xBAC00000
Size: 32768 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xBAB98000
Size: 32768 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ew_juextctrl.sys
Address: 0xBAC28000
Size: 28672 bytes

Driver: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xBABA0000
Size: 28672 bytes

Driver: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xBAB28000
Size: 28672 bytes

Driver: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xBAC08000
Size: 28672 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xBABA8000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\Drivers\rkhdrv40.SYS
Address: 0xBAC60000
Size: 24576 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xBAB90000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xBABE0000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xBABE8000
Size: 20480 bytes

Driver: PartMgr.sys
Address: 0xBAB30000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xBABB8000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xBABC0000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xBABB0000
Size: 20480 bytes

Driver: C:\WINDOWS\System32\watchdog.sys
Address: 0xBAC30000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xBAD48000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xB9BBF000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xBACB8000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xBA5D3000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ew_usbenumfilter.sys
Address: 0xBAD88000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\framebuf.dll
Address: 0xBFF70000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xBAD40000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xBAD74000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xBADB6000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBADBC000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xBADB4000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xBADA8000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xBADB8000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xBADBA000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xBADB0000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xBADB2000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xBADAA000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xBAECA000
Size: 4096 bytes

Driver: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xBAEFF000
Size: 4096 bytes

Driver: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xBAF3D000
Size: 4096 bytes

Driver: pciide.sys
Address: 0xBAE70000
Size: 4096 bytes

==============================================
>Stealth
==============================================
>Files
==============================================
>Hooks

tcpip.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification at address 0xBA2FD3A8 hook handler located in [vsdatant.sys]
tcpip.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification at address 0xBA2FD3D4 hook handler located in [vsdatant.sys]
tcpip.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification at address 0xBA2FD3E0 hook handler located in [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification at address 0xBAA3DB4C hook handler located in [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisDeregisterProtocol, Type: IAT modification at address 0xBAA3DB1C hook handler located in [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification at address 0xBAA3DB3C hook handler located in [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification at address 0xBAA3DB28 hook handler located in [vsdatant.sys]
[1028]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[1028]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[1028]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[1028]svchost.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[1028]svchost.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[1028]svchost.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[1028]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[1028]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[1056]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[1056]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[1056]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[1056]svchost.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[1056]svchost.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[1056]svchost.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[1056]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[1056]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[108]wscntfy.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[108]wscntfy.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[108]wscntfy.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[108]wscntfy.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[108]wscntfy.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[108]wscntfy.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[108]wscntfy.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[108]wscntfy.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[1256]wmiprvse.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[1256]wmiprvse.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[1256]wmiprvse.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[1256]wmiprvse.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[1256]wmiprvse.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[1256]wmiprvse.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[1256]wmiprvse.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[1256]wmiprvse.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[1300]explorer.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[1300]explorer.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[1300]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification at address 0x01001268 hook handler located in [shimeng.dll]
[1300]explorer.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[1300]explorer.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[1300]explorer.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[1300]explorer.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[1300]explorer.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[1300]explorer.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[140]ForceField.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[140]ForceField.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[140]ForceField.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[140]ForceField.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - RelativeJump at address 0x7C8449FD hook handler located in [ISWDMP.dll]
[140]ForceField.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[140]ForceField.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[140]ForceField.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[140]ForceField.exe-->user32.dll+0x000142A8, Type: Inline - RelativeJump at address 0x7E3742A8 hook handler located in [ISWSHEX.dll]
[1508]ISWSVC.exe-->kernel32.dll+0x00002C2C, Type: Inline - SEH at address 0x7C802C2C hook handler located in [unknown_code_page]
[1508]ISWSVC.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[1508]ISWSVC.exe-->user32.dll+0x000142A8, Type: Inline - RelativeJump at address 0x7E3742A8 hook handler located in [ISWSHEX.dll]
[1564]spoolsv.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[1564]spoolsv.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[1564]spoolsv.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[1564]spoolsv.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[1564]spoolsv.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[1564]spoolsv.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[1564]spoolsv.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[1564]spoolsv.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[1660]mscorsvw.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[1660]mscorsvw.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[1660]mscorsvw.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[1660]mscorsvw.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[1660]mscorsvw.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[1660]mscorsvw.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[1660]mscorsvw.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[1660]mscorsvw.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[1772]VmbService.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[1772]VmbService.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[1772]VmbService.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[1772]VmbService.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[1772]VmbService.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[1772]VmbService.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[1772]VmbService.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[1772]VmbService.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[240]alg.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[240]alg.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[240]alg.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[240]alg.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[240]alg.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[240]alg.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[240]alg.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[240]alg.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[2504]wuauclt.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[2504]wuauclt.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[2504]wuauclt.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[2504]wuauclt.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[2504]wuauclt.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[2504]wuauclt.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[2504]wuauclt.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[2504]wuauclt.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[3328]wpabaln.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[3328]wpabaln.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[3328]wpabaln.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[3328]wpabaln.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[3328]wpabaln.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[3328]wpabaln.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[3328]wpabaln.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[3328]wpabaln.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[440]MobileBroadband.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[440]MobileBroadband.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[440]MobileBroadband.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[440]MobileBroadband.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[440]MobileBroadband.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[440]MobileBroadband.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[440]MobileBroadband.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[440]MobileBroadband.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[524]ctfmon.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[524]ctfmon.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[524]ctfmon.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[524]ctfmon.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[524]ctfmon.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[524]ctfmon.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[524]ctfmon.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[524]ctfmon.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[596]winlogon.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[596]winlogon.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[596]winlogon.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[596]winlogon.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[596]winlogon.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[596]winlogon.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[596]winlogon.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[596]winlogon.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[640]services.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[640]services.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[640]services.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[640]services.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[640]services.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[640]services.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[640]services.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[640]services.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[652]lsass.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[652]lsass.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[652]lsass.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[652]lsass.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[652]lsass.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[652]lsass.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[652]lsass.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[812]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[812]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[812]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[812]svchost.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[812]svchost.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[812]svchost.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[812]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[812]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[900]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[900]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[900]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[900]svchost.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[900]svchost.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[900]svchost.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[900]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[900]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]
[940]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump at address 0x77DA7416 hook handler located in [ISWSHEX.dll]
[940]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump at address 0x77DAF183 hook handler located in [ISWSHEX.dll]
[940]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump at address 0x7C8309D1 hook handler located in [ISWSHEX.dll]
[940]svchost.exe-->ntdll.dll-->NtAccessCheckAndAuditAlarm, Type: Inline - RelativeJump at address 0x7C91CE70 hook handler located in [ISWSHEX.dll]
[940]svchost.exe-->ntdll.dll-->NtImpersonateAnonymousToken, Type: Inline - RelativeJump at address 0x7C91D3E0 hook handler located in [ISWSHEX.dll]
[940]svchost.exe-->ntdll.dll-->NtSetInformationObject, Type: Inline - RelativeJump at address 0x7C91DC80 hook handler located in [ISWSHEX.dll]
[940]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump at address 0x7E3782E1 hook handler located in [ISWSHEX.dll]
[940]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump at address 0x7E37C9C3 hook handler located in [ISWSHEX.dll]

Santi 19.12.2011 21:48
das kann doch aber nicht sein ...
ich schmeiss den pc weg und kauf mir nen neuen .. kann es sein, dass die sich so tief reingesetzt hat, dass es nicht mal mit neuaufsetzen klappt, sie rauszuwerfen? .. sag

markusg 20.12.2011 12:50
warum denn wer soll "sie" denn sein, das meiste sind funktion die von deiner firewall verwendet werden
vsdatant.sys
ist teil deiner firewall.
wie lautet denn die genaue meldung gibts ne ip dazu?
die logs sind alle sauber dein pc ist formatiert und damit ebenfalls ok oder sind noch auffälligkeiten festzustellen...
bitte weiter mit der absicherung

Santi 20.12.2011 15:12
na toll ..
"sie" ist die person, die zugang zu meinem rechner hatte

wenn sie sich im master boot record eingenistet hat, ist sie mit formatieren nicht draussen - warum sonst habe ich die gleichen meldungen wie vorher? warum meldet mir zonealarm ein netzwerk mit einer abweichenden ip von meiner?
warum hab ich immer noch die meldung von unhooker nach einem scan, dass "rootkit activity possible" ist und als warnung angegeben wird mit 27 ausrufezeichen?

die HD komplett formatieren und mit eine Special- Tool die MBR über ein Fly-on system restaurieren ... das wäre eine möglichkeit, die ich aber allein nicht durchziehen kann .. mist ist na klar, dass sie freien zugang zu meinem pc hatte und theoretisch auch alles mögliche in der hardware veranstaltet hat .. kann ich das irgendwie rauskriegen?


und ja - es gibt jedesmal eine ip .. wie gesagt, minimal abweichend von meiner, es handelt sich jeweils um die letzten zwei oder drei ziffern
ich werde dann noch nachsehen, ob wieder eine fb-meldung vorliegt, dass sich jemand eingeloggt hat in meiner abwesenheit - ansonsten .. ich hatte noch nie! vorher diese netzwerkmeldungen von zonealarm und ich arbeite schon immer mit zonealarm
wenn ich es ignoriere, hängt alles und nichts geht mehr .. ich habe zwei optionen.... die eine sagt (ich sags jetzt mal aus dem kopf, hab ja den text nicht original grad vor mir) ... ich kann gemeinsame ressourcen zulassen oder aber unabhängig und für andere aus dem netzwerk nicht sichtbar sein .. klar klicke ich immer das letztere an - sonst kann ich gar nichts mehr machen am pc .. das andere gefällt mir schon mal gar nicht

gestern hatte ich zonealarm installiert .. heute wars nicht mehr in der startleiste .. habe die exe nochmal gestartet und bekam eine meldung, dass sich möglicherweise schädliche software auf meinem pc befindet, die eine installation von zonealarm verhindern möchte - ich habe dann zugestimmt, diese software deinstallieren zu lassen (aber was heisst das schon) und somit ist es wieder da ... im moment wenigstens

Santi 20.12.2011 15:19
nein - fb-meldungen habe ich heute nicht, aber vielleicht hält sie ja auch nur die füsse still im moment

Markus ... habe ich eine möglichkeit, festzustellen, ob alles nur "komische" meldungen sind oder wirklich noch ein problem da ist... wie kann ich das testen?

markusg 20.12.2011 15:28
der mbr ist sauber den haben wir ja geprüft aber von mir aus können wir noch mal formatieren mit mbr bereinigung.
nimm die windows cd, lege sie ein starte neu.
am anfang drücke die taste r um in die reperatur konsole zu kommen, dort wähle die windows instalation, meistens ist das mit drücken der taste 1 möglich.
falls du ein passwort eingeben sollst, überspringe das mit enter.
dann schreibe:
fixmbr
enter
y bzw j zum bestätigen.
danach:
fixboot
enter
y bzw j drücken zum bestätigen
dann:
format c:
enter j bzw y zum bestätigen.
abwarten dann exit neustarten und windows neu instalieren dann gleich mit den updates los legen und emsisoft instalieren, noch keine der gesicherten daten auf den pc kopieren.
wenn emsisoft drauf ist weiter mit dem rest der anleitung.


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:53 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58